Skip to content

Fix `StoreReportService` by falling back to find by location approach

Mehmet Emin INAC requested to merge hot_fix_store_report_service into master

What does this MR do?

Related to https://sentry.gitlab.net/gitlab/gitlabcom/issues/2739025

For more information: #276498 (comment 643531295)

Why this change?

Previously we ran a background migration to re-populate the UUID values for vulnerability findings which calculated the wrong UUID values for all existing records. Therefore, whenever we try to find a vulnerability finding by UUID, we can't find it because the wrong UUID values are stored in the database. As we can't find the vulnerability findings, we try to create them and a compound unique constraint fails on the DB layer. This change is just a workaround to use the old-fashion find_params approach to find the existing vulnerability findings if we can't find any by using the UUIDs before we try to create a new one.

find_finding_by_uuid OR find_finding_by_signatures OR finding_finding_by_find_params OR create_new_finding

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Mehmet Emin INAC

Merge request reports

Loading