Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-01-31 15:17:41 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-01-31 15:17:41 +0300
commit: 8bdb37de3a85f3e6b02963bcc938a3a830109e45 (patch)
tree: bfd5447a1adab314a6f9ce99155ef285a2de4935 /spec/migrations
parent: 1edfc04d9f768d6cfa9256eaa54f382112be7497 (diff)
4 files changed, 549 insertions, 0 deletions
diff --git a/spec/migrations/20220106111958_add_insert_or_update_vulnerability_reads_trigger_spec.rb b/spec/migrations/20220106111958_add_insert_or_update_vulnerability_reads_trigger_spec.rb
new file mode 100644
index 00000000000..3e450546315
--- /dev/null
+++ b/spec/migrations/20220106111958_add_insert_or_update_vulnerability_reads_trigger_spec.rb
@@ -0,0 +1,151 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+require_migration!
+
+RSpec.describe AddInsertOrUpdateVulnerabilityReadsTrigger do
+  let(:migration) { described_class.new }
+  let(:vulnerabilities) { table(:vulnerabilities) }
+  let(:vulnerability_reads) { table(:vulnerability_reads) }
+  let(:vulnerabilities_findings) { table(:vulnerability_occurrences) }
+  let(:namespace) { table(:namespaces).create!(name: 'user', path: 'user') }
+  let(:user) { table(:users).create!(id: 13, email: 'author@example.com', username: 'author', projects_limit: 10) }
+  let(:project) { table(:projects).create!(id: 123, namespace_id: namespace.id) }
+  let(:scanner) { table(:vulnerability_scanners).create!(project_id: project.id, external_id: 'test 1', name: 'test scanner 1') }
+
+  let(:vulnerability) do
+    create_vulnerability!(
+      project_id: project.id,
+      author_id: user.id
+    )
+  end
+
+  let(:vulnerability2) do
+    create_vulnerability!(
+      project_id: project.id,
+      author_id: user.id
+    )
+  end
+
+  let(:identifier) do
+    table(:vulnerability_identifiers).create!(
+      project_id: project.id,
+      external_type: 'uuid-v5',
+      external_id: 'uuid-v5',
+      fingerprint: '7e394d1b1eb461a7406d7b1e08f057a1cf11287a',
+      name: 'Identifier for UUIDv5')
+  end
+
+  let(:finding) do
+    create_finding!(
+      project_id: project.id,
+      scanner_id: scanner.id,
+      primary_identifier_id: identifier.id
+    )
+  end
+
+  describe '#up' do
+    before do
+      migrate!
+    end
+
+    describe 'UPDATE trigger' do
+      context 'when vulnerability_id is updated' do
+        it 'creates a new vulnerability_reads row' do
+          expect do
+            finding.update!(vulnerability_id: vulnerability.id)
+          end.to change { vulnerability_reads.count }.from(0).to(1)
+        end
+      end
+
+      context 'when vulnerability_id is not updated' do
+        it 'does not create a new vulnerability_reads row' do
+          finding.update!(vulnerability_id: nil)
+
+          expect do
+            finding.update!(location: '')
+          end.not_to change { vulnerability_reads.count }
+        end
+      end
+    end
+
+    describe 'INSERT trigger' do
+      context 'when vulnerability_id is set' do
+        it 'creates a new vulnerability_reads row' do
+          expect do
+            create_finding!(
+              vulnerability_id: vulnerability2.id,
+              project_id: project.id,
+              scanner_id: scanner.id,
+              primary_identifier_id: identifier.id
+            )
+          end.to change { vulnerability_reads.count }.from(0).to(1)
+        end
+      end
+
+      context 'when vulnerability_id is not set' do
+        it 'does not create a new vulnerability_reads row' do
+          expect do
+            create_finding!(
+              project_id: project.id,
+              scanner_id: scanner.id,
+              primary_identifier_id: identifier.id
+            )
+          end.not_to change { vulnerability_reads.count }
+        end
+      end
+    end
+  end
+
+  describe '#down' do
+    before do
+      migration.up
+      migration.down
+    end
+
+    it 'drops the trigger' do
+      expect do
+        finding.update!(vulnerability_id: vulnerability.id)
+      end.not_to change { vulnerability_reads.count }
+    end
+  end
+
+  private
+
+  def create_vulnerability!(project_id:, author_id:, title: 'test', severity: 7, confidence: 7, report_type: 0)
+    vulnerabilities.create!(
+      project_id: project_id,
+      author_id: author_id,
+      title: title,
+      severity: severity,
+      confidence: confidence,
+      report_type: report_type
+    )
+  end
+
+  # rubocop:disable Metrics/ParameterLists
+  def create_finding!(
+    vulnerability_id: nil, project_id:, scanner_id:, primary_identifier_id:,
+    name: "test", severity: 7, confidence: 7, report_type: 0,
+    project_fingerprint: '123qweasdzxc', location: { "image" => "alpine:3.4" }, location_fingerprint: 'test',
+    metadata_version: 'test', raw_metadata: 'test', uuid: SecureRandom.uuid)
+    vulnerabilities_findings.create!(
+      vulnerability_id: vulnerability_id,
+      project_id: project_id,
+      name: name,
+      severity: severity,
+      confidence: confidence,
+      report_type: report_type,
+      project_fingerprint: project_fingerprint,
+      scanner_id: scanner_id,
+      primary_identifier_id: primary_identifier_id,
+      location: location,
+      location_fingerprint: location_fingerprint,
+      metadata_version: metadata_version,
+      raw_metadata: raw_metadata,
+      uuid: uuid
+    )
+  end
+  # rubocop:enable Metrics/ParameterLists
+end
diff --git a/spec/migrations/20220106112043_add_update_vulnerability_reads_trigger_spec.rb b/spec/migrations/20220106112043_add_update_vulnerability_reads_trigger_spec.rb
new file mode 100644
index 00000000000..d988b1e42b9
--- /dev/null
+++ b/spec/migrations/20220106112043_add_update_vulnerability_reads_trigger_spec.rb
@@ -0,0 +1,128 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+require_migration!
+
+RSpec.describe AddUpdateVulnerabilityReadsTrigger do
+  let(:migration) { described_class.new }
+  let(:vulnerability_reads) { table(:vulnerability_reads) }
+  let(:issue_links) { table(:vulnerability_issue_links) }
+  let(:vulnerabilities) { table(:vulnerabilities) }
+  let(:vulnerabilities_findings) { table(:vulnerability_occurrences) }
+
+  let(:namespace) { table(:namespaces).create!(name: 'user', path: 'user') }
+  let(:user) { table(:users).create!(id: 13, email: 'author@example.com', username: 'author', projects_limit: 10) }
+  let(:project) { table(:projects).create!(id: 123, namespace_id: namespace.id) }
+  let(:issue) { table(:issues).create!(description: '1234', state_id: 1, project_id: project.id) }
+  let(:scanner) { table(:vulnerability_scanners).create!(project_id: project.id, external_id: 'test 1', name: 'test scanner 1') }
+
+  let(:vulnerability) do
+    create_vulnerability!(
+      project_id: project.id,
+      report_type: 7,
+      author_id: user.id
+    )
+  end
+
+  let(:identifier) do
+    table(:vulnerability_identifiers).create!(
+      project_id: project.id,
+      external_type: 'uuid-v5',
+      external_id: 'uuid-v5',
+      fingerprint: '7e394d1b1eb461a7406d7b1e08f057a1cf11287a',
+      name: 'Identifier for UUIDv5')
+  end
+
+  describe '#up' do
+    before do
+      migrate!
+    end
+
+    describe 'UPDATE trigger' do
+      before do
+        create_finding!(
+          vulnerability_id: vulnerability.id,
+          project_id: project.id,
+          scanner_id: scanner.id,
+          report_type: 7,
+          primary_identifier_id: identifier.id
+        )
+      end
+
+      context 'when vulnerability attributes are updated' do
+        it 'updates vulnerability attributes in vulnerability_reads' do
+          expect do
+            vulnerability.update!(severity: 6)
+          end.to change { vulnerability_reads.first.severity }.from(7).to(6)
+        end
+      end
+
+      context 'when vulnerability attributes are not updated' do
+        it 'does not update vulnerability attributes in vulnerability_reads' do
+          expect do
+            vulnerability.update!(title: "New vulnerability")
+          end.not_to change { vulnerability_reads.first }
+        end
+      end
+    end
+  end
+
+  describe '#down' do
+    before do
+      migration.up
+      migration.down
+      create_finding!(
+        vulnerability_id: vulnerability.id,
+        project_id: project.id,
+        scanner_id: scanner.id,
+        report_type: 7,
+        primary_identifier_id: identifier.id
+      )
+    end
+
+    it 'drops the trigger' do
+      expect do
+        vulnerability.update!(severity: 6)
+      end.not_to change { vulnerability_reads.first.severity }
+    end
+  end
+
+  private
+
+  def create_vulnerability!(project_id:, author_id:, title: 'test', severity: 7, confidence: 7, report_type: 0)
+    vulnerabilities.create!(
+      project_id: project_id,
+      author_id: author_id,
+      title: title,
+      severity: severity,
+      confidence: confidence,
+      report_type: report_type
+    )
+  end
+
+  # rubocop:disable Metrics/ParameterLists
+  def create_finding!(
+    vulnerability_id: nil, project_id:, scanner_id:, primary_identifier_id:,
+    name: "test", severity: 7, confidence: 7, report_type: 0,
+    project_fingerprint: '123qweasdzxc', location: { "image" => "alpine:3.4" }, location_fingerprint: 'test',
+    metadata_version: 'test', raw_metadata: 'test', uuid: SecureRandom.uuid)
+    vulnerabilities_findings.create!(
+      vulnerability_id: vulnerability_id,
+      project_id: project_id,
+      name: name,
+      severity: severity,
+      confidence: confidence,
+      report_type: report_type,
+      project_fingerprint: project_fingerprint,
+      scanner_id: scanner_id,
+      primary_identifier_id: primary_identifier_id,
+      location: location,
+      location_fingerprint: location_fingerprint,
+      metadata_version: metadata_version,
+      raw_metadata: raw_metadata,
+      uuid: uuid
+    )
+  end
+  # rubocop:enable Metrics/ParameterLists
+end
diff --git a/spec/migrations/20220106112085_add_update_vulnerability_reads_location_trigger_spec.rb b/spec/migrations/20220106112085_add_update_vulnerability_reads_location_trigger_spec.rb
new file mode 100644
index 00000000000..901f1cf6041
--- /dev/null
+++ b/spec/migrations/20220106112085_add_update_vulnerability_reads_location_trigger_spec.rb
@@ -0,0 +1,136 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+require_migration!
+
+RSpec.describe AddUpdateVulnerabilityReadsLocationTrigger do
+  let(:migration) { described_class.new }
+  let(:vulnerability_reads) { table(:vulnerability_reads) }
+  let(:issue_links) { table(:vulnerability_issue_links) }
+  let(:vulnerabilities) { table(:vulnerabilities) }
+  let(:vulnerabilities_findings) { table(:vulnerability_occurrences) }
+
+  let(:namespace) { table(:namespaces).create!(name: 'user', path: 'user') }
+  let(:user) { table(:users).create!(id: 13, email: 'author@example.com', username: 'author', projects_limit: 10) }
+  let(:project) { table(:projects).create!(id: 123, namespace_id: namespace.id) }
+  let(:issue) { table(:issues).create!(description: '1234', state_id: 1, project_id: project.id) }
+  let(:scanner) { table(:vulnerability_scanners).create!(project_id: project.id, external_id: 'test 1', name: 'test scanner 1') }
+
+  let(:vulnerability) do
+    create_vulnerability!(
+      project_id: project.id,
+      report_type: 7,
+      author_id: user.id
+    )
+  end
+
+  let(:identifier) do
+    table(:vulnerability_identifiers).create!(
+      project_id: project.id,
+      external_type: 'uuid-v5',
+      external_id: 'uuid-v5',
+      fingerprint: '7e394d1b1eb461a7406d7b1e08f057a1cf11287a',
+      name: 'Identifier for UUIDv5')
+  end
+
+  describe '#up' do
+    before do
+      migrate!
+    end
+
+    describe 'UPDATE trigger' do
+      context 'when image is updated' do
+        it 'updates location_image in vulnerability_reads' do
+          finding = create_finding!(
+            vulnerability_id: vulnerability.id,
+            project_id: project.id,
+            scanner_id: scanner.id,
+            report_type: 7,
+            location: { "image" => "alpine:3.4" },
+            primary_identifier_id: identifier.id
+          )
+
+          expect do
+            finding.update!(location: { "image" => "alpine:4", "kubernetes_resource" => { "agent_id" => "1234" } })
+          end.to change { vulnerability_reads.first.location_image }.from("alpine:3.4").to("alpine:4")
+        end
+      end
+
+      context 'when image is not updated' do
+        it 'updates location_image in vulnerability_reads' do
+          finding = create_finding!(
+            vulnerability_id: vulnerability.id,
+            project_id: project.id,
+            scanner_id: scanner.id,
+            report_type: 7,
+            location: { "image" => "alpine:3.4", "kubernetes_resource" => { "agent_id" => "1234" } },
+            primary_identifier_id: identifier.id
+          )
+
+          expect do
+            finding.update!(project_fingerprint: "123qweasdzx")
+          end.not_to change { vulnerability_reads.first.location_image }
+        end
+      end
+    end
+  end
+
+  describe '#down' do
+    before do
+      migration.up
+      migration.down
+    end
+
+    it 'drops the trigger' do
+      finding = create_finding!(
+        vulnerability_id: vulnerability.id,
+        project_id: project.id,
+        scanner_id: scanner.id,
+        primary_identifier_id: identifier.id
+      )
+
+      expect do
+        finding.update!(location: '{"image":"alpine:4"}')
+      end.not_to change { vulnerability_reads.first.location_image }
+    end
+  end
+
+  private
+
+  def create_vulnerability!(project_id:, author_id:, title: 'test', severity: 7, confidence: 7, report_type: 0)
+    vulnerabilities.create!(
+      project_id: project_id,
+      author_id: author_id,
+      title: title,
+      severity: severity,
+      confidence: confidence,
+      report_type: report_type
+    )
+  end
+
+  # rubocop:disable Metrics/ParameterLists
+  def create_finding!(
+    vulnerability_id: nil, project_id:, scanner_id:, primary_identifier_id:,
+    name: "test", severity: 7, confidence: 7, report_type: 0,
+    project_fingerprint: '123qweasdzxc', location: { "image" => "alpine:3.4" }, location_fingerprint: 'test',
+    metadata_version: 'test', raw_metadata: 'test', uuid: SecureRandom.uuid)
+    vulnerabilities_findings.create!(
+      vulnerability_id: vulnerability_id,
+      project_id: project_id,
+      name: name,
+      severity: severity,
+      confidence: confidence,
+      report_type: report_type,
+      project_fingerprint: project_fingerprint,
+      scanner_id: scanner_id,
+      primary_identifier_id: primary_identifier_id,
+      location: location,
+      location_fingerprint: location_fingerprint,
+      metadata_version: metadata_version,
+      raw_metadata: raw_metadata,
+      uuid: uuid
+    )
+  end
+  # rubocop:enable Metrics/ParameterLists
+end
diff --git a/spec/migrations/20220106163326_add_has_issues_on_vulnerability_reads_trigger_spec.rb b/spec/migrations/20220106163326_add_has_issues_on_vulnerability_reads_trigger_spec.rb
new file mode 100644
index 00000000000..8e50b74eb9c
--- /dev/null
+++ b/spec/migrations/20220106163326_add_has_issues_on_vulnerability_reads_trigger_spec.rb
@@ -0,0 +1,134 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+require_migration!
+
+RSpec.describe AddHasIssuesOnVulnerabilityReadsTrigger do
+  let(:migration) { described_class.new }
+  let(:vulnerability_reads) { table(:vulnerability_reads) }
+  let(:issue_links) { table(:vulnerability_issue_links) }
+  let(:vulnerabilities) { table(:vulnerabilities) }
+  let(:vulnerabilities_findings) { table(:vulnerability_occurrences) }
+
+  let(:namespace) { table(:namespaces).create!(name: 'user', path: 'user') }
+  let(:user) { table(:users).create!(id: 13, email: 'author@example.com', username: 'author', projects_limit: 10) }
+  let(:project) { table(:projects).create!(id: 123, namespace_id: namespace.id) }
+  let(:issue) { table(:issues).create!(description: '1234', state_id: 1, project_id: project.id) }
+  let(:scanner) { table(:vulnerability_scanners).create!(project_id: project.id, external_id: 'test 1', name: 'test scanner 1') }
+
+  let(:vulnerability) do
+    create_vulnerability!(
+      project_id: project.id,
+      author_id: user.id
+    )
+  end
+
+  let(:identifier) do
+    table(:vulnerability_identifiers).create!(
+      project_id: project.id,
+      external_type: 'uuid-v5',
+      external_id: 'uuid-v5',
+      fingerprint: '7e394d1b1eb461a7406d7b1e08f057a1cf11287a',
+      name: 'Identifier for UUIDv5')
+  end
+
+  before do
+    create_finding!(
+      vulnerability_id: vulnerability.id,
+      project_id: project.id,
+      scanner_id: scanner.id,
+      primary_identifier_id: identifier.id
+    )
+
+    @vulnerability_read = vulnerability_reads.first
+  end
+
+  describe '#up' do
+    before do
+      migrate!
+    end
+
+    describe 'INSERT trigger' do
+      it 'updates has_issues in vulnerability_reads' do
+        expect do
+          issue_links.create!(vulnerability_id: vulnerability.id, issue_id: issue.id)
+        end.to change { @vulnerability_read.reload.has_issues }.from(false).to(true)
+      end
+    end
+
+    describe 'DELETE trigger' do
+      let(:issue2) { table(:issues).create!(description: '1234', state_id: 1, project_id: project.id) }
+
+      it 'does not change has_issues when there exists another issue' do
+        issue_link1 = issue_links.create!(vulnerability_id: vulnerability.id, issue_id: issue.id)
+        issue_links.create!(vulnerability_id: vulnerability.id, issue_id: issue2.id)
+
+        expect do
+          issue_link1.delete
+        end.not_to change { @vulnerability_read.reload.has_issues }
+      end
+
+      it 'unsets has_issues when all issues are deleted' do
+        issue_link1 = issue_links.create!(vulnerability_id: vulnerability.id, issue_id: issue.id)
+        issue_link2 = issue_links.create!(vulnerability_id: vulnerability.id, issue_id: issue2.id)
+
+        expect do
+          issue_link1.delete
+          issue_link2.delete
+        end.to change { @vulnerability_read.reload.has_issues }.from(true).to(false)
+      end
+    end
+  end
+
+  describe '#down' do
+    before do
+      migration.up
+      migration.down
+    end
+
+    it 'drops the trigger' do
+      expect do
+        issue_links.create!(vulnerability_id: vulnerability.id, issue_id: issue.id)
+      end.not_to change { @vulnerability_read.has_issues }
+    end
+  end
+
+  private
+
+  def create_vulnerability!(project_id:, author_id:, title: 'test', severity: 7, confidence: 7, report_type: 0)
+    vulnerabilities.create!(
+      project_id: project_id,
+      author_id: author_id,
+      title: title,
+      severity: severity,
+      confidence: confidence,
+      report_type: report_type
+    )
+  end
+
+  # rubocop:disable Metrics/ParameterLists
+  def create_finding!(
+    vulnerability_id: nil, project_id:, scanner_id:, primary_identifier_id:,
+    name: "test", severity: 7, confidence: 7, report_type: 0,
+    project_fingerprint: '123qweasdzxc', location: { "image" => "alpine:3.4" }, location_fingerprint: 'test',
+    metadata_version: 'test', raw_metadata: 'test', uuid: SecureRandom.uuid)
+    vulnerabilities_findings.create!(
+      vulnerability_id: vulnerability_id,
+      project_id: project_id,
+      name: name,
+      severity: severity,
+      confidence: confidence,
+      report_type: report_type,
+      project_fingerprint: project_fingerprint,
+      scanner_id: scanner_id,
+      primary_identifier_id: primary_identifier_id,
+      location: location,
+      location_fingerprint: location_fingerprint,
+      metadata_version: metadata_version,
+      raw_metadata: raw_metadata,
+      uuid: uuid
+    )
+  end
+  # rubocop:enable Metrics/ParameterLists
+end
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-01-31 15:17:41 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-01-31 15:17:41 +0300
commit	8bdb37de3a85f3e6b02963bcc938a3a830109e45 (patch)
tree	bfd5447a1adab314a6f9ce99155ef285a2de4935 /spec/migrations
parent	1edfc04d9f768d6cfa9256eaa54f382112be7497 (diff)