Commit bd862761 authored by Alan (Maciej) Paruszewski's avatar Alan (Maciej) Paruszewski Committed by Rémy Coutable

Add details column to vulnerability findings table

This change adds new column to vulnerability findings table that is
needed to store Generic Security Report details.
parent bc94b1ff
{
"type": "object",
"description": "The schema for vulnerability finding details",
"additionalProperties": false
}
---
title: Add details column to vulnerability findings table
merge_request: 49005
author:
type: added
# frozen_string_literal: true
class AddDetailsToVulnerabilityFindings < ActiveRecord::Migration[6.0]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
def up
with_lock_retries do
add_column :vulnerability_occurrences, :details, :jsonb, default: {}, null: false
end
end
def down
with_lock_retries do
remove_column :vulnerability_occurrences, :details
end
end
end
af9d8c7cda142e2a96a289ebd7afef73367bd544a60794c9e0414c7b82bef8a2
\ No newline at end of file
...@@ -17504,7 +17504,8 @@ CREATE TABLE vulnerability_occurrences ( ...@@ -17504,7 +17504,8 @@ CREATE TABLE vulnerability_occurrences (
name character varying NOT NULL, name character varying NOT NULL,
metadata_version character varying NOT NULL, metadata_version character varying NOT NULL,
raw_metadata text NOT NULL, raw_metadata text NOT NULL,
vulnerability_id bigint vulnerability_id bigint,
details jsonb DEFAULT '{}'::jsonb NOT NULL
); );
CREATE SEQUENCE vulnerability_occurrences_id_seq CREATE SEQUENCE vulnerability_occurrences_id_seq
......
...@@ -34,6 +34,8 @@ module Vulnerabilities ...@@ -34,6 +34,8 @@ module Vulnerabilities
has_many :finding_pipelines, class_name: 'Vulnerabilities::FindingPipeline', inverse_of: :finding, foreign_key: 'occurrence_id' has_many :finding_pipelines, class_name: 'Vulnerabilities::FindingPipeline', inverse_of: :finding, foreign_key: 'occurrence_id'
has_many :pipelines, through: :finding_pipelines, class_name: 'Ci::Pipeline' has_many :pipelines, through: :finding_pipelines, class_name: 'Ci::Pipeline'
serialize :config_options, Serializers::JSON # rubocop:disable Cop/ActiveRecordSerialize
attr_writer :sha attr_writer :sha
attr_accessor :scan attr_accessor :scan
...@@ -90,6 +92,7 @@ module Vulnerabilities ...@@ -90,6 +92,7 @@ module Vulnerabilities
validates :metadata_version, presence: true validates :metadata_version, presence: true
validates :raw_metadata, presence: true validates :raw_metadata, presence: true
validates :details, json_schema: { filename: 'vulnerability_finding_details' }
delegate :name, :external_id, to: :scanner, prefix: true, allow_nil: true delegate :name, :external_id, to: :scanner, prefix: true, allow_nil: true
......
...@@ -36,6 +36,23 @@ RSpec.describe Vulnerabilities::Finding do ...@@ -36,6 +36,23 @@ RSpec.describe Vulnerabilities::Finding do
it { is_expected.to validate_presence_of(:raw_metadata) } it { is_expected.to validate_presence_of(:raw_metadata) }
it { is_expected.to validate_presence_of(:severity) } it { is_expected.to validate_presence_of(:severity) }
it { is_expected.to validate_presence_of(:confidence) } it { is_expected.to validate_presence_of(:confidence) }
context 'when value for details field is valid' do
it 'is valid' do
finding.details = {}
expect(finding).to be_valid
end
end
context 'when value for details field is invalid' do
it 'returns errors' do
finding.details = { invalid: 'data' }
expect(finding).to be_invalid
expect(finding.errors.full_messages).to eq(["Details must be a valid json schema"])
end
end
end end
context 'database uniqueness' do context 'database uniqueness' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment