Dependency Scanning vulnerability reports a lot of duplicate links
Summary
A vulnerability page is reporting the same links multiple times.
Steps to reproduce
- https://gitlab.com/gitlab-org/gitlab/-/security/vulnerabilities/8928476
- https://gitlab.com/gitlab-org/gitlab/-/security/vulnerabilities/8928475
- https://gitlab.com/gitlab-org/gitlab/-/security/vulnerabilities/8928477
Example Project
See above
What is the current bug behavior?
Long list of duplicate links
What is the expected correct behavior?
Just two links
Relevant logs and/or screenshots
Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Implementation Plan
-
backend Put feature flag to block pulling from FindingLinks model -
backend Use the feature flag to disable the service worker from creating new links -
database Wipe the finding_links table with a background migration )!70729 (closed)) -
database Implement new unique indices. These will fix the call in StoreReportService to only update links instead of always adding new links (!67993 (merged)) -
occurence_id name url
-
occurence_id url
with a nullname
)
-
Subsequent issues (already created) will handle:
- Removal of feature flag
- Population of missing data (which needs to be updated to specify data to be populated)
Edited by Thiago Figueiró