Commit c752c229 authored by Mehmet Emin INAC's avatar Mehmet Emin INAC

Do not fail report ingestion if there is an invalid finding

Changelog: fixed
EE: true
parent 28e677e6
...@@ -94,6 +94,8 @@ module Security ...@@ -94,6 +94,8 @@ module Security
vulnerability_finding = vulnerability_findings_by_uuid[finding.uuid] || vulnerability_finding = vulnerability_findings_by_uuid[finding.uuid] ||
find_or_create_vulnerability_finding(finding, vulnerability_params.merge(entity_params)) find_or_create_vulnerability_finding(finding, vulnerability_params.merge(entity_params))
return unless vulnerability_finding
vulnerability_finding_to_finding_map[vulnerability_finding] = finding vulnerability_finding_to_finding_map[vulnerability_finding] = finding
update_vulnerability_finding(vulnerability_finding, vulnerability_params.merge(location: entity_params[:location], location_fingerprint: finding.location.fingerprint)) update_vulnerability_finding(vulnerability_finding, vulnerability_params.merge(location: entity_params[:location], location_fingerprint: finding.location.fingerprint))
...@@ -136,6 +138,10 @@ module Security ...@@ -136,6 +138,10 @@ module Security
return vulnerability_finding if vulnerability_finding return vulnerability_finding if vulnerability_finding
Gitlab::ErrorTracking.track_and_raise_exception(e, find_params: find_params, uuid: finding.uuid) Gitlab::ErrorTracking.track_and_raise_exception(e, find_params: find_params, uuid: finding.uuid)
rescue ActiveRecord::RecordInvalid => e
Gitlab::ErrorTracking.track_exception(e, create_params: create_params&.dig(:raw_metadata))
nil
rescue ActiveRecord::ActiveRecordError => e rescue ActiveRecord::ActiveRecordError => e
Gitlab::ErrorTracking.track_and_raise_exception(e, create_params: create_params&.dig(:raw_metadata)) Gitlab::ErrorTracking.track_and_raise_exception(e, create_params: create_params&.dig(:raw_metadata))
end end
......
...@@ -13,7 +13,7 @@ RSpec.describe Security::StoreReportService, '#execute', :snowplow do ...@@ -13,7 +13,7 @@ RSpec.describe Security::StoreReportService, '#execute', :snowplow do
let(:pipeline) { artifact.job.pipeline } let(:pipeline) { artifact.job.pipeline }
let(:report) { pipeline.security_reports.get_report(report_type.to_s, artifact) } let(:report) { pipeline.security_reports.get_report(report_type.to_s, artifact) }
subject { described_class.new(pipeline, report).execute } subject(:store_report) { described_class.new(pipeline, report).execute }
where(:vulnerability_finding_signatures) do where(:vulnerability_finding_signatures) do
[true, false] [true, false]
...@@ -265,19 +265,19 @@ RSpec.describe Security::StoreReportService, '#execute', :snowplow do ...@@ -265,19 +265,19 @@ RSpec.describe Security::StoreReportService, '#execute', :snowplow do
let(:report) { Gitlab::Ci::Reports::Security::Report.new('container_scanning', nil, nil) } let(:report) { Gitlab::Ci::Reports::Security::Report.new('container_scanning', nil, nil) }
before do before do
allow(Gitlab::ErrorTracking).to receive(:track_and_raise_exception).and_call_original allow(Gitlab::ErrorTracking).to receive(:track_exception).and_call_original
report.add_finding(finding_without_name) report.add_finding(finding_without_name)
end end
it 'raises invalid record error' do it 'does not raise any exception' do
expect { subject.execute }.to raise_error(ActiveRecord::RecordInvalid) expect { store_report }.not_to raise_error
end end
it 'reports the error correctly' do it 'reports the error to sentry' do
store_report
expected_params = finding_without_name.to_hash.dig(:raw_metadata) expected_params = finding_without_name.to_hash.dig(:raw_metadata)
expect { subject.execute }.to raise_error { |error| expect(Gitlab::ErrorTracking).to have_received(:track_exception).with(an_instance_of(ActiveRecord::RecordInvalid), create_params: expected_params)
expect(Gitlab::ErrorTracking).to have_received(:track_and_raise_exception).with(error, create_params: expected_params)
}
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment