1 files changed, 66 insertions, 0 deletions

diff --git a/spec/lib/gitlab/background_migration/remove_vulnerability_finding_links_spec.rb b/spec/lib/gitlab/background_migration/remove_vulnerability_finding_links_spec.rb
new file mode 100644
index 00000000000..fadee64886f
--- /dev/null
+++ b/spec/lib/gitlab/background_migration/remove_vulnerability_finding_links_spec.rb
@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::BackgroundMigration::RemoveVulnerabilityFindingLinks, :migration, schema: 20211104165220 do
+  let(:vulnerability_findings) { table(:vulnerability_occurrences) }
+  let(:finding_links) { table(:vulnerability_finding_links) }
+
+  let(:namespace) { table(:namespaces).create!(name: 'user', path: 'user', type: Namespaces::UserNamespace.sti_name) }
+  let(:project) { table(:projects).create!(namespace_id: namespace.id) }
+  let(:scanner) { table(:vulnerability_scanners).create!(project_id: project.id, external_id: 'scanner', name: 'scanner') }
+  let(:vulnerability_identifier) do
+    table(:vulnerability_identifiers).create!(
+      project_id: project.id,
+      external_type: 'vulnerability-identifier',
+      external_id: 'vulnerability-identifier',
+      fingerprint: '7e394d1b1eb461a7406d7b1e08f057a1cf11287a',
+      name: 'vulnerability identifier')
+  end
+
+  # vulnerability findings
+  let!(:findings) do
+    Array.new(2) do |id|
+      vulnerability_findings.create!(
+        project_id: project.id,
+        name: 'Vulnerability Name',
+        severity: 7,
+        confidence: 7,
+        report_type: 0,
+        project_fingerprint: '123qweasdzxc',
+        scanner_id: scanner.id,
+        primary_identifier_id: vulnerability_identifier.id,
+        location_fingerprint: "location_fingerprint_#{id}",
+        metadata_version: 'metadata_version',
+        raw_metadata: 'raw_metadata',
+        uuid: "uuid_#{id}"
+      )
+    end
+  end
+
+  # vulnerability finding links
+  let!(:links) do
+    {
+      findings.first => Array.new(5) { |id| finding_links.create!(vulnerability_occurrence_id: findings.first.id, name: "Link Name 1", url: "link_url1.example") },
+      findings.second => Array.new(5) { |id| finding_links.create!(vulnerability_occurrence_id: findings.second.id, name: "Link Name 2", url: "link_url2.example") }
+    }
+  end
+
+  it 'removes vulnerability links' do
+    expect do
+      subject.perform(links[findings.first].first.id, links[findings.second].last.id)
+    end.to change { finding_links.count }.from(10).to(0)
+
+    expect(finding_links.all).to be_empty
+  end
+
+  it 'only deletes vulnerability links for the current batch' do
+    expected_links = [finding_links.where(vulnerability_occurrence_id: findings.second.id)].flatten
+
+    expect do
+      subject.perform(links[findings.first].first.id, links[findings.first].last.id)
+    end.to change { finding_links.count }.from(10).to(5)
+
+    expect(finding_links.all).to match_array(expected_links)
+  end
+end