Skip to content

Add `Vulnerabilities::SecurityFinding::CreateIssue` Service

This Merge Request adds a new service called Vulnerabilities::SecurityFinding::CreateIssue as described here

This Merge Request is related to the issue #361948 (closed)

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Security::Vulnerability without Vulnerability

rails c
  1. Check the Vulnerability count
Vulnerability.count
   (0.7ms)  SELECT COUNT(*) FROM "vulnerabilities" /*application:console,db_config_name:main,line:(pry):22:in `__pry__'*/
=> 150
  1. Check the Issue count
Issue.count
   (0.8ms)  SELECT COUNT(*) FROM "issues" /*application:console,db_config_name:main,line:(pry):23:in `__pry__'*/
=> 497
  1. Check the Vulnerabilities::IssueLink.count
Vulnerabilities::IssueLink.count
   (0.3ms)  SELECT COUNT(*) FROM "vulnerability_issue_links" /*application:console,db_config_name:main,line:(pry):24:in `__pry__'*/
=> 51
  1. Create a new vulnerabilities_finding without vulnerability_id
vulnerabilities_finding = Vulnerabilities::Finding.last.dup
vulnerabilities_finding.vulnerability_id = nil
vulnerabilities_finding.uuid = "a3bbfe5d-2b5e-5cad-994b-19a1bd25d87c"
vulnerabilities_finding.save
vulnerabilities_finding.reload
  1. Call the Service
vulnerabilities_finding = Vulnerabilities::Finding.last
project = Project.find(vulnerabilities_finding.project_id)
user = project.users.last
params = { vulnerabilities_finding: vulnerabilities_finding }

Vulnerabilities::CreateFromFindingService.new(project: project, current_user: user, params: params).execute

#<ServiceResponse:0x00007f97c7f3f730 @http_status=:ok, @message=nil, @payload={:issue=>#<Issue id:498 flightjs/Flight#42>}, @status=:success>
  1. Check the Vulnerability count. It should have increased by one.
Vulnerability.count
(0.5ms)  SELECT COUNT(*) FROM "vulnerabilities" /*application:console,db_config_name:main,line:(pry):43:in `__pry__'*/
=> 151
  1. Check the Issue count. It should have increased by one.
Issue.count
  (1.7ms)  SELECT COUNT(*) FROM "issues" /*application:console,db_config_name:main,line:(pry):44:in `__pry__'*/
=> 498

  1. Check the new Issue details.
 Issue.last.as_json

=> {"id"=>498,
 "title"=>"Investigate vulnerability: Cipher with no integrity",
 "author_id"=>61,
 "project_id"=>6,
 "created_at"=>"2022-05-13T21:20:03.778Z",
 "updated_at"=>"2022-05-13T21:20:03.778Z",
 "description"=>"### Description:\n\nCipher with no integrity\n\n* Severity: low\n* Confidence: experimental",
 "milestone_id"=>nil,
 "iid"=>42,
 "updated_by_id"=>nil,
 "weight"=>nil,
 "confidential"=>true,
 "due_date"=>nil,
 "moved_to_id"=>nil,
 "lock_version"=>0,
 "time_estimate"=>0,
 "relative_position"=>nil,
 "service_desk_reply_to"=>nil,
 "last_edited_at"=>nil,
 "last_edited_by_id"=>nil,
 "discussion_locked"=>nil,
 "closed_at"=>nil,
 "closed_by_id"=>nil,
 "state_id"=>1,
 "duplicated_to_id"=>nil,
 "promoted_to_epic_id"=>nil,
 "health_status"=>nil,
 "external_key"=>nil,
 "sprint_id"=>nil,
 "issue_type"=>"issue",
 "blocking_issues_count"=>0,
 "upvotes_count"=>0,
 "work_item_type_id"=>1}
  1. Check the Vulnerabilities::IssueLink.count. It should have increased by 1.
Vulnerabilities::IssueLink.count

   (0.9ms)  SELECT COUNT(*) FROM "vulnerability_issue_links" /*application:console,db_config_name:main,line:(pry):46:in `__pry__'*/
=> 52
  1. Check the Vulnerabilities::IssueLink details
Vulnerabilities::IssueLink.last
=> #<Vulnerabilities::IssueLink:0x00007f9750600858
 id: 53,
 vulnerability_id: 151,
 issue_id: 498,
 link_type: "created",
 created_at: Fri, 13 May 2022 21:20:11.345169000 UTC +00:00,
 updated_at: Fri, 13 May 2022 21:20:11.345169000 UTC +00:00>
  1. Check if Vulnerabilities::IssueLink has the correct issue_id and vulnerability_id
Vulnerabilities::IssueLink.last.issue_id == Issue.last.id
=> true

Vulnerabilities::IssueLink.last.vulnerability_id == vulnerabilities_finding.reload.vulnerability_id
=> true

Security::Vulnerability with Vulnerability

rails c
  1. Check the Vulnerability count
Vulnerability.count
(9.4ms)  SELECT COUNT(*) FROM "vulnerabilities" /*application:console,db_config_name:main,line:(pry):53:in `__pry__'*/
=> 150
  1. Check the Issue count
Issue.count
(11.4ms)  SELECT COUNT(*) FROM "issues" /*application:console,db_config_name:main,line:(pry):55:in `__pry__'*/
=> 494
  1. Check the Vulnerabilities::IssueLink.count
Vulnerabilities::IssueLink.count
   (0.6ms)  SELECT COUNT(*) FROM "vulnerability_issue_links" /*application:console,db_config_name:main,line:(pry):13:in `__pry__'*/
=> 50
  1. Call the Service
vulnerabilities_finding = Vulnerabilities::Finding.last
project = Project.find(vulnerabilities_finding.project_id)
user = project.users.last
params = { vulnerabilities_finding: vulnerabilities_finding }

Vulnerabilities::CreateFromFindingService.new(project: project, current_user: user, params: params).execute

=> #<ServiceResponse:0x00007feea2735030 @http_status=:ok, @message=nil, @payload={:issue=>#<Issue id:495 flightjs/Flight#39>}, @status=:success>
  1. Check the Vulnerability count. it should be the same
Vulnerability.count
(0.7ms)  SELECT COUNT(*) FROM "vulnerabilities" /*application:console,db_config_name:main,line:(pry):69:in `__pry__'*/
=> 150
  1. Check the Issue count. It should have increased by one.
Issue.count
   (0.6ms)  SELECT COUNT(*) FROM "issues" /*application:console,db_config_name:main,line:(pry):70:in `__pry__'*/
=> 495
  1. Check the new Issue details.
 Issue.last.as_json

=> {"id"=>497,
 "title"=>"Investigate vulnerability: Cypher with no integrity",
 "author_id"=>61,
 "project_id"=>6,
 "created_at"=>"2022-05-13T19:32:06.283Z",
 "updated_at"=>"2022-05-13T19:32:06.283Z",
 "description"=>"### Description:\n\nCypher with no integrity\n\n* Severity: critical\n* Confidence: low",
 "milestone_id"=>nil,
 "iid"=>41,
 "updated_by_id"=>nil,
 "weight"=>nil,
 "confidential"=>true,
 "due_date"=>nil,
 "moved_to_id"=>nil,
 "lock_version"=>0,
 "time_estimate"=>0,
 "relative_position"=>nil,
 "service_desk_reply_to"=>nil,
 "last_edited_at"=>nil,
 "last_edited_by_id"=>nil,
 "discussion_locked"=>nil,
 "closed_at"=>nil,
 "closed_by_id"=>nil,
 "state_id"=>1,
 "duplicated_to_id"=>nil,
 "promoted_to_epic_id"=>nil,
 "health_status"=>nil,
 "external_key"=>nil,
 "sprint_id"=>nil,
 "issue_type"=>"issue",
 "blocking_issues_count"=>0,
 "upvotes_count"=>0,
 "work_item_type_id"=>1}
  1. Check the Vulnerabilities::IssueLink.count. It should have increased by 1.
Vulnerabilities::IssueLink.count

   (0.5ms)  SELECT COUNT(*) FROM "vulnerability_issue_links" /*application:console,db_config_name:main,line:(pry):15:in `__pry__'*/
=> 51
  1. Check the Vulnerabilities::IssueLink details
Vulnerabilities::IssueLink.last
#<Vulnerabilities::IssueLink:0x00007f97307d2f20
 id: 52,
 vulnerability_id: 150,
 issue_id: 497,
 link_type: "created",
 created_at: Fri, 13 May 2022 19:32:11.586035000 UTC +00:00,
 updated_at: Fri, 13 May 2022 19:32:11.586035000 UTC +00:00>
  1. Check if Vulnerabilities::IssueLink has the correct issue_id and vulnerability_id
Vulnerabilities::IssueLink.last.issue_id == Issue.last.id
=> true

Vulnerabilities::IssueLink.last.vulnerability_id == vulnerabilities_finding.vulnerability_id
=> true
Edited by Marcos Rocha

Merge request reports

Loading