diff --git a/ee/app/finders/security/pure_findings_finder.rb b/ee/app/finders/security/pure_findings_finder.rb
index 4fad232031a9bb0b047c6523b904a02b724b90ae..604b34da2ac16d77b09e6029b733fe9422eea202 100644
--- a/ee/app/finders/security/pure_findings_finder.rb
+++ b/ee/app/finders/security/pure_findings_finder.rb
@@ -24,18 +24,13 @@ def execute
end
def available?
- pipeline.security_findings.allow_cross_joins_across_databases(
- url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/478405'
- ).exists?
+ pipeline.security_findings.exists?
end
private
def security_findings
- super.with_feedbacks
- .with_vulnerability.allow_cross_joins_across_databases(
- url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/478405'
- )
+ super.with_feedbacks.with_vulnerability
end
end
end
diff --git a/ee/app/graphql/resolvers/security_report/finding_resolver.rb b/ee/app/graphql/resolvers/security_report/finding_resolver.rb
index ff89502e9b81f14769f49c756d3cab92453ae0fc..91708b56de254b27214c736fd3555334b5817ee1 100644
--- a/ee/app/graphql/resolvers/security_report/finding_resolver.rb
+++ b/ee/app/graphql/resolvers/security_report/finding_resolver.rb
@@ -13,10 +13,7 @@ class FindingResolver < BaseResolver
def resolve(**args)
if Feature.enabled?(:finding_resolver_use_pure_finder, pipeline.project)
- Security::PureFindingsFinder.new(pipeline, params: { uuid: args[:uuid], scope: 'all' }).execute
- .allow_cross_joins_across_databases(
- url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/478406'
- )&.first
+ Security::PureFindingsFinder.new(pipeline, params: { uuid: args[:uuid], scope: 'all' }).execute&.first
else
Security::FindingsFinder.new(pipeline, params: { uuid: args[:uuid], scope: 'all' }).execute&.findings&.first
end
diff --git a/ee/app/models/ee/ci/pipeline.rb b/ee/app/models/ee/ci/pipeline.rb
index bbed1e42b68e993352cd894cd2009b235d37509f..4677e5b980124f7f5f4ad5e0073a9b1411eae6fa 100644
--- a/ee/app/models/ee/ci/pipeline.rb
+++ b/ee/app/models/ee/ci/pipeline.rb
@@ -16,9 +16,7 @@ module Pipeline
# Subscriptions to this pipeline
has_many :downstream_bridges, class_name: '::Ci::Bridge', foreign_key: :upstream_pipeline_id
has_many :security_scans, class_name: 'Security::Scan', inverse_of: :pipeline
- has_many :security_findings, -> {
- allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/478406')
- }, class_name: 'Security::Finding', through: :security_scans, source: :findings
+ has_many :security_findings, class_name: 'Security::Finding', through: :security_scans, source: :findings
has_one :dast_profiles_pipeline, class_name: 'Dast::ProfilesPipeline', foreign_key: :ci_pipeline_id
has_one :dast_profile, class_name: 'Dast::Profile', through: :dast_profiles_pipeline, disable_joins: true
@@ -239,15 +237,11 @@ def security_findings_partition_number
end
def has_security_findings?
- security_findings.allow_cross_joins_across_databases(
- url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/478406'
- ).exists?
+ security_findings.exists?
end
def has_security_findings_in_self_and_descendants?
- Security::Finding.by_project_id_and_pipeline_ids(project_id, self_and_project_descendants.pluck(:id)).allow_cross_joins_across_databases(
- url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/478406'
- ).exists?
+ Security::Finding.by_project_id_and_pipeline_ids(project_id, self_and_project_descendants.pluck(:id)).exists?
end
def triggered_for_ondemand_dast_scan?
diff --git a/ee/app/models/security/finding.rb b/ee/app/models/security/finding.rb
index 8d23d399dcbb2164ca3251e00273062277a9922e..a4c3e451f16e9742ffe6702cf44901867a4789c7 100644
--- a/ee/app/models/security/finding.rb
+++ b/ee/app/models/security/finding.rb
@@ -61,23 +61,17 @@ class Finding < ::Gitlab::Database::SecApplicationRecord
scope :by_uuid, ->(uuids) { where(uuid: uuids) }
scope :by_build_ids, ->(build_ids) {
- joins(:scan).allow_cross_joins_across_databases(
- url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/478408'
- ).merge(Security::Scan.by_build_ids(build_ids))
+ joins(:scan).merge(Security::Scan.by_build_ids(build_ids))
}
scope :by_severity_levels, ->(severity_levels) { where(severity: severity_levels) }
scope :by_report_types, ->(report_types) {
- joins(:scan).allow_cross_joins_across_databases(
- url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/478408'
- ).merge(Scan.by_scan_types(report_types))
+ joins(:scan).merge(Scan.by_scan_types(report_types))
}
scope :by_scan, ->(scans) { where(scan: scans) }
scope :by_scanners, ->(scanners) { where(scanner: scanners) }
scope :by_partition_number, ->(partition_number) { where(partition_number: partition_number) }
scope :by_project_id_and_pipeline_ids, ->(project_id, pipeline_ids) do
- joins(:scan).allow_cross_joins_across_databases(
- url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/478408'
- ).merge(Security::Scan.succeeded.by_project(project_id).by_pipeline_ids(pipeline_ids))
+ joins(:scan).merge(Security::Scan.succeeded.by_project(project_id).by_pipeline_ids(pipeline_ids))
end
scope :by_state, ->(states) do
states = Array(states).map(&:to_s)
@@ -161,9 +155,7 @@ class Finding < ::Gitlab::Database::SecApplicationRecord
class << self
def count_by_scan_type
- grouped_by_scan_type.allow_cross_joins_across_databases(
- url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/478408'
- ).count
+ grouped_by_scan_type.count
end
def latest_by_uuid(uuid)
diff --git a/ee/app/services/security/scan_result_policies/update_approvals_service.rb b/ee/app/services/security/scan_result_policies/update_approvals_service.rb
index 7d013f564bafbbda7e96c11deaff0f309a4526e5..a6321f0a0947e11f17f33c858d0e08e957812a93 100644
--- a/ee/app/services/security/scan_result_policies/update_approvals_service.rb
+++ b/ee/app/services/security/scan_result_policies/update_approvals_service.rb
@@ -228,14 +228,10 @@ def findings_uuids(pipeline, approval_rule, pipeline_ids, check_dismissed = fals
finder_params[:related_pipeline_ids] = pipeline_ids if pipeline_ids.present?
- ::Gitlab::Database.allow_cross_joins_across_databases(
- url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/478419'
- ) do
- Security::ScanResultPolicies::FindingsFinder
- .new(project, pipeline, finder_params)
- .execute
- .distinct_uuids
- end
+ Security::ScanResultPolicies::FindingsFinder
+ .new(project, pipeline, finder_params)
+ .execute
+ .distinct_uuids
end
def vulnerabilities_count_for_uuids(uuids, approval_rule)
diff --git a/ee/lib/security/scan_result_policies/policy_violation_details.rb b/ee/lib/security/scan_result_policies/policy_violation_details.rb
index 23e89520eeee6760e21ad2f7f43c419c99491356..bded4277d20c428cfb0464f0eb7be41131373bc9 100644
--- a/ee/lib/security/scan_result_policies/policy_violation_details.rb
+++ b/ee/lib/security/scan_result_policies/policy_violation_details.rb
@@ -165,10 +165,7 @@ def newly_detected_violations(uuids, related_pipeline_ids)
return [] if uuids.blank?
Security::ScanResultPolicies::FindingsFinder.new(project, pipeline,
- { related_pipeline_ids: related_pipeline_ids, uuids: uuids.first(uuids_limit) }
- ).execute.allow_cross_joins_across_databases(
- url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/478419'
- )
+ { related_pipeline_ids: related_pipeline_ids, uuids: uuids.first(uuids_limit) }).execute
.uniq(&:uuid).map do |finding|
ScanFindingViolation.new(
report_type: finding.report_type,
diff --git a/ee/spec/finders/security/findings_finder_spec.rb b/ee/spec/finders/security/findings_finder_spec.rb
index e77095fd8dfea4e27ff9b5cef1fd1542316678ea..2a3ba9704ab3b67d690e003bb150b4f31619341e 100644
--- a/ee/spec/finders/security/findings_finder_spec.rb
+++ b/ee/spec/finders/security/findings_finder_spec.rb
@@ -10,12 +10,7 @@
describe '#findings' do
context 'when the `security_findings` records have `overridden_uuid`s' do
- let(:security_findings) do
- Security::Finding.by_build_ids(build_1).allow_cross_joins_across_databases(
- url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/478420'
- )
- end
-
+ let(:security_findings) { Security::Finding.by_build_ids(build_1) }
let(:security_finding_uuids) { Security::Finding.pluck(:uuid) }
let(:nondeduplicated_security_finding_uuid) { Security::Finding.second[:uuid] }
let(:expected_uuids) do
diff --git a/ee/spec/graphql/types/ci/pipeline_type_spec.rb b/ee/spec/graphql/types/ci/pipeline_type_spec.rb
index 724fb2bf17eecfb24c9c7fc42fcd831b6b876963..5933224ad130a2d3b65481b27b75f7891a5dea8a 100644
--- a/ee/spec/graphql/types/ci/pipeline_type_spec.rb
+++ b/ee/spec/graphql/types/ci/pipeline_type_spec.rb
@@ -54,9 +54,7 @@
it 'returns null' do
security_finding = subject.dig('data', 'project', 'pipeline', 'securityReportFinding')
- expect(pipeline.security_findings.allow_cross_joins_across_databases(
- url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/478420'
- ).count).to be_zero
+ expect(pipeline.security_findings.count).to be_zero
expect(security_finding).to be_nil
end
end
@@ -76,9 +74,7 @@
it 'returns null' do
security_finding = subject.dig('data', 'project', 'pipeline', 'securityReportFinding')
- expect(pipeline.security_findings.allow_cross_joins_across_databases(
- url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/478420'
- )).not_to be_empty
+ expect(pipeline.security_findings).not_to be_empty
expect(security_finding).to be_nil
end
end
diff --git a/ee/spec/migrations/20240209153920_queue_purge_security_scans_with_empty_finding_data_spec.rb b/ee/spec/migrations/20240209153920_queue_purge_security_scans_with_empty_finding_data_spec.rb
index ab529fdc6b72097232de7a1703471dc4d6975fd7..8025a444e564aa8b602465321191a9e770e33b94 100644
--- a/ee/spec/migrations/20240209153920_queue_purge_security_scans_with_empty_finding_data_spec.rb
+++ b/ee/spec/migrations/20240209153920_queue_purge_security_scans_with_empty_finding_data_spec.rb
@@ -75,20 +75,16 @@
migration.before -> {
expect(batched_migration).not_to have_scheduled_batched_migration
}
- ::Gitlab::Database.allow_cross_joins_across_databases(
- url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/478422'
- ) do
- migration.after -> {
- expect(batched_migration).to have_scheduled_batched_migration(
- gitlab_schema: :gitlab_sec,
- table_name: :security_scans,
- column_name: :id,
- interval: described_class::DELAY_INTERVAL,
- batch_size: described_class::BATCH_SIZE,
- sub_batch_size: described_class::SUB_BATCH_SIZE
- )
- }
- end
+ migration.after -> {
+ expect(batched_migration).to have_scheduled_batched_migration(
+ gitlab_schema: :gitlab_sec,
+ table_name: :security_scans,
+ column_name: :id,
+ interval: described_class::DELAY_INTERVAL,
+ batch_size: described_class::BATCH_SIZE,
+ sub_batch_size: described_class::SUB_BATCH_SIZE
+ )
+ }
end
end
end
@@ -146,20 +142,16 @@
expect(batched_migration).not_to have_scheduled_batched_migration
}
- ::Gitlab::Database.allow_cross_joins_across_databases(
- url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/478422'
- ) do
- migration.after -> {
- expect(batched_migration).to have_scheduled_batched_migration(
- gitlab_schema: :gitlab_sec,
- table_name: :security_scans,
- column_name: :id,
- interval: described_class::DELAY_INTERVAL,
- batch_size: described_class::BATCH_SIZE,
- sub_batch_size: described_class::SUB_BATCH_SIZE
- )
- }
- end
+ migration.after -> {
+ expect(batched_migration).to have_scheduled_batched_migration(
+ gitlab_schema: :gitlab_sec,
+ table_name: :security_scans,
+ column_name: :id,
+ interval: described_class::DELAY_INTERVAL,
+ batch_size: described_class::BATCH_SIZE,
+ sub_batch_size: described_class::SUB_BATCH_SIZE
+ )
+ }
end
end
end
@@ -203,20 +195,16 @@
expect(batched_migration).not_to have_scheduled_batched_migration
}
- ::Gitlab::Database.allow_cross_joins_across_databases(
- url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/478422'
- ) do
- migration.after -> {
- expect(batched_migration).to have_scheduled_batched_migration(
- gitlab_schema: :gitlab_sec,
- table_name: :security_scans,
- column_name: :id,
- interval: described_class::DELAY_INTERVAL,
- batch_size: described_class::BATCH_SIZE,
- sub_batch_size: described_class::SUB_BATCH_SIZE
- )
- }
- end
+ migration.after -> {
+ expect(batched_migration).to have_scheduled_batched_migration(
+ gitlab_schema: :gitlab_sec,
+ table_name: :security_scans,
+ column_name: :id,
+ interval: described_class::DELAY_INTERVAL,
+ batch_size: described_class::BATCH_SIZE,
+ sub_batch_size: described_class::SUB_BATCH_SIZE
+ )
+ }
end
end
end