spec/migrations/schedule_recalculate_vulnerability_finding_signatures_for_findings_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

# frozen_string_literal: true

require 'spec_helper'
require_migration!

RSpec.describe ScheduleRecalculateVulnerabilityFindingSignaturesForFindings, :migration do
  before do
    allow(Gitlab).to receive(:ee?).and_return(ee?)
    stub_const("#{described_class.name}::BATCH_SIZE", 2)
  end

  context 'when the Gitlab instance is FOSS' do
    let(:ee?) { false }

    it 'does not run the migration' do
      expect { migrate! }.not_to change { BackgroundMigrationWorker.jobs.size }
    end
  end

  context 'when the Gitlab instance is EE' do
    let(:ee?) { true }

    let_it_be(:namespaces) { table(:namespaces) }
    let_it_be(:projects) { table(:projects) }
    let_it_be(:findings) { table(:vulnerability_occurrences) }
    let_it_be(:scanners) { table(:vulnerability_scanners) }
    let_it_be(:identifiers) { table(:vulnerability_identifiers) }
    let_it_be(:vulnerability_finding_signatures) { table(:vulnerability_finding_signatures) }

    let_it_be(:namespace) { namespaces.create!(name: 'test', path: 'test') }
    let_it_be(:project) { projects.create!(namespace_id: namespace.id, name: 'gitlab', path: 'gitlab') }

    let_it_be(:scanner) do
      scanners.create!(project_id: project.id, external_id: 'trivy', name: 'Security Scanner')
    end

    let_it_be(:identifier) do
      identifiers.create!(project_id: project.id,
                          fingerprint: 'd432c2ad2953e8bd587a3a43b3ce309b5b0154c123',
                          external_type: 'SECURITY_ID',
                          external_id: 'SECURITY_0',
                          name: 'SECURITY_IDENTIFIER 0')
    end

    let_it_be(:finding1) { findings.create!(finding_params) }
    let_it_be(:signature1) { vulnerability_finding_signatures.create!(finding_id: finding1.id, algorithm_type: 0, signature_sha: ::Digest::SHA1.digest(SecureRandom.hex(50))) }

    let_it_be(:finding2) { findings.create!(finding_params) }
    let_it_be(:signature2) { vulnerability_finding_signatures.create!(finding_id: finding2.id, algorithm_type: 0, signature_sha: ::Digest::SHA1.digest(SecureRandom.hex(50))) }

    let_it_be(:finding3) { findings.create!(finding_params) }
    let_it_be(:signature3) { vulnerability_finding_signatures.create!(finding_id: finding3.id, algorithm_type: 0, signature_sha: ::Digest::SHA1.digest(SecureRandom.hex(50))) }

    # this migration is now a no-op
    it 'does not schedule the background jobs', :aggregate_failure do
      Sidekiq::Testing.fake! do
        freeze_time do
          migrate!

          expect(BackgroundMigrationWorker.jobs.size).to eq(0)
          expect(described_class::MIGRATION)
            .not_to be_scheduled_migration_with_multiple_args(signature1.id, signature2.id)
          expect(described_class::MIGRATION)
            .not_to be_scheduled_migration_with_multiple_args(signature3.id, signature3.id)
        end
      end
    end

    def finding_params
      uuid = SecureRandom.uuid

      {
        severity: 0,
        confidence: 5,
        report_type: 2,
        project_id: project.id,
        scanner_id: scanner.id,
        primary_identifier_id: identifier.id,
        location: nil,
        project_fingerprint: SecureRandom.hex(20),
        location_fingerprint: Digest::SHA1.hexdigest(SecureRandom.hex(10)),
        uuid: uuid,
        name: "Vulnerability Finding #{uuid}",
        metadata_version: '1.3',
        raw_metadata: '{}'
      }
    end
  end
end