Do not fail report ingestion if there is an invalid finding

Changelog: fixed EE: true

Do not fail report ingestion if there is an invalid finding
Changelog: fixed EE: true
c752c229 · Mehmet Emin INAC · 28e677e6 · c752c229 · c752c229
Commit c752c229 authored Jan 05, 2022 by Mehmet Emin INAC
Showing with 14 additions and 8 deletions

ee/app/services/security/store_report_service.rb ee/app/services/security/store_report_service.rb +6 -0

ee/spec/services/security/store_report_service_spec.rb ee/spec/services/security/store_report_service_spec.rb +8 -8

No files found.
--- a/ee/app/services/security/store_report_service.rb
+++ b/ee/app/services/security/store_report_service.rb
@@ -94,6 +94,8 @@ module Security
      vulnerability_finding = vulnerability_findings_by_uuid[finding.uuid] ||
        find_or_create_vulnerability_finding(finding, vulnerability_params.merge(entity_params))

+      return unless vulnerability_finding
+
      vulnerability_finding_to_finding_map[vulnerability_finding] = finding

      update_vulnerability_finding(vulnerability_finding, vulnerability_params.merge(location: entity_params[:location], location_fingerprint: finding.location.fingerprint))
@@ -136,6 +138,10 @@ module Security
        return vulnerability_finding if vulnerability_finding

        Gitlab::ErrorTracking.track_and_raise_exception(e, find_params: find_params, uuid: finding.uuid)
+      rescue ActiveRecord::RecordInvalid => e
+        Gitlab::ErrorTracking.track_exception(e, create_params: create_params&.dig(:raw_metadata))
+
+        nil
      rescue ActiveRecord::ActiveRecordError => e
        Gitlab::ErrorTracking.track_and_raise_exception(e, create_params: create_params&.dig(:raw_metadata))
      end

--- a/ee/spec/services/security/store_report_service_spec.rb
+++ b/ee/spec/services/security/store_report_service_spec.rb
@@ -13,7 +13,7 @@ RSpec.describe Security::StoreReportService, '#execute', :snowplow do
  let(:pipeline) { artifact.job.pipeline }
  let(:report) { pipeline.security_reports.get_report(report_type.to_s, artifact) }

-  subject { described_class.new(pipeline, report).execute }
+  subject(:store_report) { described_class.new(pipeline, report).execute }

  where(:vulnerability_finding_signatures) do
    [true, false]
@@ -265,19 +265,19 @@ RSpec.describe Security::StoreReportService, '#execute', :snowplow do
        let(:report) { Gitlab::Ci::Reports::Security::Report.new('container_scanning', nil, nil) }

        before do
-          allow(Gitlab::ErrorTracking).to receive(:track_and_raise_exception).and_call_original
+          allow(Gitlab::ErrorTracking).to receive(:track_exception).and_call_original
          report.add_finding(finding_without_name)
        end

-        it 'raises invalid record error' do
-          expect { subject.execute }.to raise_error(ActiveRecord::RecordInvalid)
+        it 'does not raise any exception' do
+          expect { store_report }.not_to raise_error
        end

-        it 'reports the error correctly' do
+        it 'reports the error to sentry' do
+          store_report
+
          expected_params = finding_without_name.to_hash.dig(:raw_metadata)
-          expect { subject.execute }.to raise_error { |error|
-            expect(Gitlab::ErrorTracking).to have_received(:track_and_raise_exception).with(error, create_params: expected_params)
-          }
+          expect(Gitlab::ErrorTracking).to have_received(:track_exception).with(an_instance_of(ActiveRecord::RecordInvalid), create_params: expected_params)
        end
      end
    end