Commit 9c102655 authored by Mehmet Emin INAC's avatar Mehmet Emin INAC

Do not propagate the security report parsing error to the clients

parent ef6ded68
...@@ -26,6 +26,9 @@ module API ...@@ -26,6 +26,9 @@ module API
end end
end end
# We are using this fallback to provide an early response to the users
# until the `security_findings` are stored.
# We will remove this fallback by https://gitlab.com/gitlab-org/gitlab/-/issues/334488
def with_vulnerabilities_finder def with_vulnerabilities_finder
aggregated_report = Security::PipelineVulnerabilitiesFinder.new(pipeline: pipeline, params: declared_params).execute aggregated_report = Security::PipelineVulnerabilitiesFinder.new(pipeline: pipeline, params: declared_params).execute
...@@ -35,6 +38,8 @@ module API ...@@ -35,6 +38,8 @@ module API
# See https://gitlab.com/gitlab-org/gitlab/issues/33588#note_291849433 # See https://gitlab.com/gitlab-org/gitlab/issues/33588#note_291849433
# for discussion # for discussion
paginate(Kaminari.paginate_array(aggregated_report.findings)) paginate(Kaminari.paginate_array(aggregated_report.findings))
rescue Security::PipelineVulnerabilitiesFinder::ParseError
paginate(Kaminari.paginate_array([]))
end end
def with_adaptive_finder def with_adaptive_finder
......
...@@ -100,6 +100,20 @@ RSpec.describe API::VulnerabilityFindings do ...@@ -100,6 +100,20 @@ RSpec.describe API::VulnerabilityFindings do
expect(Security::PipelineVulnerabilitiesFinder).to have_received(:new) expect(Security::PipelineVulnerabilitiesFinder).to have_received(:new)
end end
context 'when the `Security::PipelineVulnerabilitiesFinder` raises exception' do
before do
allow_next_instance_of(Security::PipelineVulnerabilitiesFinder) do |finder|
allow(finder).to receive(:execute).and_raise(Security::PipelineVulnerabilitiesFinder::ParseError.new('failed'))
end
end
it 'does not propagate the error to the client' do
get api(project_vulnerability_findings_path, user), params: pagination
expect(response).to have_gitlab_http_status(:ok)
end
end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment