Skip updating vulnerability statistics if there are no new records

Changelog: fixed EE: true

Skip updating vulnerability statistics if there are no new records
Changelog: fixed EE: true
e580999f · Mehmet Emin INAC · ba14ce92 · e580999f · e580999f
Commit e580999f authored Dec 17, 2021 by Mehmet Emin INAC
2 changed files
--- a/ee/app/services/security/ingestion/tasks/ingest_vulnerability_statistics.rb
+++ b/ee/app/services/security/ingestion/tasks/ingest_vulnerability_statistics.rb
@@ -24,6 +24,8 @@ module Security
        SQL

        def execute
+          return unless severity_counts.present?
+
          connection.execute(upsert_sql)
        end


--- a/ee/spec/services/security/ingestion/tasks/ingest_vulnerability_statistics_spec.rb
+++ b/ee/spec/services/security/ingestion/tasks/ingest_vulnerability_statistics_spec.rb
@@ -12,30 +12,55 @@ RSpec.describe Security::Ingestion::Tasks::IngestVulnerabilityStatistics do
    let_it_be(:finding_map_1) { create(:finding_map, :new_record, security_finding: security_finding_1) }
    let_it_be(:finding_map_2) { create(:finding_map, :new_record, security_finding: security_finding_2) }
    let_it_be(:finding_map_3) { create(:finding_map, :with_finding, security_finding: security_finding_3) }
-    let_it_be(:finding_maps) { [finding_map_1, finding_map_2, finding_map_3] }

    subject(:ingest_statistics) { described_class.new(pipeline, finding_maps).execute }

    context 'when there is no statistics record for the project' do
-      it 'creates a new Vulnerabilities::Statistic record' do
-        expect { ingest_statistics }.to change { Vulnerabilities::Statistic.where(project: project).count }.by(1)
+      context 'when there are no new vulnerabilities' do
+        let(:finding_maps) { [finding_map_3] }
+
+        it 'does not create a new Vulnerabilities::Statistic record' do
+          expect { ingest_statistics }.not_to change { Vulnerabilities::Statistic.where(project: project).count }
+        end
      end

-      it 'sets the correct attributes for the recently created record' do
-        ingest_statistics
+      context 'when there are new vulnerabilities' do
+        let(:finding_maps) { [finding_map_1, finding_map_2, finding_map_3] }
+
+        it 'creates a new Vulnerabilities::Statistic record' do
+          expect { ingest_statistics }.to change { Vulnerabilities::Statistic.where(project: project).count }.by(1)
+        end

-        expect(project.vulnerability_statistic).to have_attributes(critical: 1, high: 0, unknown: 0, medium: 1, low: 0, letter_grade: 'f')
+        it 'sets the correct attributes for the recently created record' do
+          ingest_statistics
+
+          expect(project.vulnerability_statistic).to have_attributes(critical: 1, high: 0, unknown: 0, medium: 1, low: 0, letter_grade: 'f')
+        end
      end
    end

    context 'when there is already a statistics record for the project' do
      let_it_be(:vulnerability_statistic) { create(:vulnerability_statistic, :grade_c, project: project) }

-      it 'does not create a new record and updates the existing one' do
-        expect { ingest_statistics }.to change { vulnerability_statistic.reload.letter_grade }.from('c').to('f')
-                                    .and change { vulnerability_statistic.reload.critical }.from(0).to(1)
-                                    .and change { vulnerability_statistic.reload.medium }.from(1).to(2)
-                                    .and not_change { Vulnerabilities::Statistic.count }
+      context 'when there are no new vulnerabilities' do
+        let(:finding_maps) { [finding_map_3] }
+
+        it 'does not create a new record and does not change the existing record' do
+          expect { ingest_statistics }.to not_change { vulnerability_statistic.reload.letter_grade }
+                                      .and not_change { vulnerability_statistic.reload.low }
+                                      .and not_change { Vulnerabilities::Statistic.count }
+        end
+      end
+
+      context 'when there are new vulnerabilities' do
+        let(:finding_maps) { [finding_map_1, finding_map_2, finding_map_3] }
+
+        it 'does not create a new record and updates the existing one' do
+          expect { ingest_statistics }.to change { vulnerability_statistic.reload.letter_grade }.from('c').to('f')
+                                      .and change { vulnerability_statistic.reload.critical }.from(0).to(1)
+                                      .and change { vulnerability_statistic.reload.medium }.from(1).to(2)
+                                      .and not_change { Vulnerabilities::Statistic.count }
+        end
      end
    end
  end