lib/gitlab/background_migration/migrate_evidences_for_vulnerability_findings.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

# frozen_string_literal: true

module Gitlab
  module BackgroundMigration
    # The class to migrate the evidence data into their own records from the json attribute
    class MigrateEvidencesForVulnerabilityFindings < BatchedMigrationJob
      feature_category :vulnerability_management
      operation_name :migrate_evidences_for_vulnerability_findings

      # The class is mimicking Vulnerabilites::Finding
      class Finding < ApplicationRecord
        self.table_name = 'vulnerability_occurrences'

        validates :details, json_schema: { filename: 'vulnerability_finding_details', draft: 7 }, if: false
      end

      # The class is mimicking Vulnerabilites::Finding::Evidence
      class Evidence < ApplicationRecord
        self.table_name = 'vulnerability_finding_evidences'

        # This data has been already validated when parsed into vulnerability_occurrences.raw_metadata
        # Having this validation is a requerment from:
        # https://gitlab.com/gitlab-org/gitlab/-/blob/dc3262f850cbd0ac14171d3c389b1258b4749cda/spec/db/schema_spec.rb#L253-265
        validates :data, json_schema: { filename: "filename" }, if: false
      end

      def perform
        each_sub_batch do |sub_batch|
          migrate_evidences(sub_batch)
        end
      end

      private

      def migrate_evidences(sub_batch)
        attrs = sub_batch.filter_map do |finding|
          evidence = extract_evidence(finding.raw_metadata)

          next unless evidence

          build_evidence(finding, evidence)
        end.compact

        create_evidences(attrs) if attrs.present?
      end

      def build_evidence(finding, evidence)
        current_time = Time.current
        {
          vulnerability_occurrence_id: finding.id,
          data: evidence,
          created_at: current_time,
          updated_at: current_time
        }
      end

      def create_evidences(evidences)
        Evidence.upsert_all(evidences, returning: false, unique_by: %i[vulnerability_occurrence_id])
      end

      def extract_evidence(metadata)
        parsed_metadata = Gitlab::Json.parse(metadata)

        parsed_metadata['evidence']
      rescue JSON::ParserError
        nil
      end
    end
  end
end