[go: up one dir, main page]

Update the Vulnerability Reads finder to enable filtering by ref

Perfect! Now I have enough context. Let me create a comprehensive refinement document:

Issue Refinement: Update the Vulnerability Reads Finder to Enable Filtering by Ref

This issue requires adding support for filtering vulnerabilities by security_project_ref_id in the VulnerabilityReadsFinder. This is part of a larger initiative to track vulnerabilities across multiple branches and tags, not just the default branch.

Files That Need to Be Changed

1. ee/app/finders/security/vulnerability_reads_finder.rb

  • Add a new filter method filter_by_security_project_ref_id to the execute method
  • Add documentation for the new security_project_ref_id parameter in the class docstring
  • Implement the filtering logic similar to existing filters like filter_by_projects

2. ee/app/models/vulnerabilities/read.rb

  • Add a new scope by_security_project_ref_id or with_security_project_ref_id to filter records by the security_project_ref_id column
  • This scope should handle both single values and arrays of ref IDs

3. ee/spec/finders/security/vulnerability_reads_finder_spec.rb

  • Add comprehensive test cases for the new ref filtering functionality
  • Test filtering by single ref ID
  • Test filtering by multiple ref IDs
  • Test filtering combined with other filters (e.g., severity + ref)
  • Test behavior when vulnerable is a Project vs. a Group
  • Test edge cases (nil values, empty arrays, etc.)

Detailed Changes Required

In vulnerability_reads_finder.rb:

  • Update the docstring to document the new security_project_ref_id parameter
  • Add filter_by_security_project_ref_id call in the execute method (after filter_by_projects)
  • Implement the filter method that checks if params[:security_project_ref_id] is present and applies the scope

In read.rb:

  • Add a scope like: scope :with_security_project_ref_id, ->(ref_ids) { where(security_project_ref_id: ref_ids) }
  • Ensure the scope handles both single values and arrays properly

In the spec file:

  • Create test data with different security_project_ref_id values
  • Test the finder with the new parameter
  • Verify filtering works correctly for both Project and Group contexts
  • Test interaction with existing filters

Dependencies

This work depends on:

  • Issue #555971 (closed) (Create security_project_refs table) - CLOSED
  • Issue #558135 (Backfill default security_project_ref_id) - OPEN (blocking)

The implementation should be straightforward once the backfill is complete, as it follows the same pattern as existing filters in the finder.

Edited by Michał Zając