Support has_merge_request filter in vulnerability reads finder
What does this MR do and why?
Related to Backend: Add hasMergeRequest filter to Vulnerab... (#371313 - closed) and it is MR-5 to add has_merge_request
filter to the finder.
Database
Finder performance with its consumer project vulnerabilities report page for gitlab-org/gitlab
: https://gitlab.com/gitlab-org/gitlab/-/security/vulnerability_report
SELECT "vulnerability_reads".* FROM "vulnerability_reads" WHERE "vulnerability_reads"."project_id" = 278964 AND "vulnerability_reads"."report_type" IN (6, 2, 5, 3, 1, 0, 4, 99) AND "vulnerability_reads"."state" IN (4, 1) AND "vulnerability_reads"."has_merge_request" = TRUE ORDER BY "vulnerability_reads"."severity" DESC, "vulnerability_reads"."vulnerability_id" DESC LIMIT 21
Time: 23.586 ms
- planning: 3.969 ms
- execution: 19.617 ms
- I/O read: 17.036 ms
- I/O write: 0.000 ms
Shared buffers:
- hits: 93 (~744.00 KiB) from the buffer pool
- reads: 220 (~1.70 MiB) from the OS file cache, including disk I/O
- dirtied: 34 (~272.00 KiB)
- writes: 0
https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/22175/commands/71695
How to set up and validate locally
In Rails console we can validate that the finder and the model are returning same values.
> vulnerable = ::Vulnerabilities::Read.last.project
> params = { has_merge_request: true }
> ::Security::VulnerabilityReadsFinder.new(vulnerable, params).execute.as_vulnerabilities.pluck(:vulnerability_id) == vulnerable.vulnerability_reads.with_merge_request.pluck(:vulnerability_id)
=> true
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #371313 (closed)
Edited by Bala Kumar