Skip to content

Do not store invalid security findings

Mehmet Emin INAC requested to merge store_only_valid_security_findings into master

What does this MR do?

This MR introduces a logic to prevent creating security finding records without UUID values. The UUID value can be missing if the location_fingerprint or the primary_identifier of the finding is missing which are required attributes of findings.

Note: We will introduce the NOT NULL constraint and model layer presence validation once we remove all the finding records with missing UUID values.

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team

Merge request reports

Loading