Skip to content

Fix pipeline of vulnerability location link

Baodong请求将fix-pipeline-vulnerability合并到main-jh

What does this MR do and why?

Failed job: https://jihulab.com/gitlab-cn/gitlab/-/jobs/10889294

ee/spec/services/vulnerability_exports/export_service_spec.rb:133

1) VulnerabilityExports::ExportService#export when the vulnerability_export is in `created` state when the export format is csv when the exportable object is a group finds all vulnerabilities for the group
     Failure/Error: yield relation
     
     TypeError:
       no implicit conversion of nil into String
     # ./ee/app/models/ee/vulnerability.rb:225:in `join'
     # ./ee/app/models/ee/vulnerability.rb:225:in `blob_path'
     # ./jh/app/services/jh/vulnerability_exports/exporters/csv_service.rb:15:in `block in <module:CsvService>'

Root cause

# https://jihulab.com/gitlab-cn/gitlab/blob/eb588e271b513e374188b70b1e3de7cd2e1915df/ee/app/models/ee/vulnerability.rb#L225

::Gitlab::Routing.url_helpers.project_blob_path(project, File.join(finding.sha, finding_file))
# https://jihulab.com/gitlab-cn/gitlab/blob/c76a6740e01ae2b437c4bed6c7f6cf49ff6e8cd7/ee/app/models/vulnerabilities/finding.rb#L148

    commit_sha = @sha || pipeline_branch

# https://jihulab.com/gitlab-cn/gitlab/blob/c76a6740e01ae2b437c4bed6c7f6cf49ff6e8cd7/ee/app/models/vulnerabilities/finding.rb#L409
    def pipeline_branch
      last_finding_pipeline&.sha || project.default_branch
    end
# https://jihulab.com/gitlab-cn/gitlab/blob/814b91be037d9f95c5a3b119be4cb673550a3b73/app/models/concerns/has_repository.rb#L74

  def default_branch
    @default_branch ||= repository.empty? ? default_branch_from_preferences : repository.root_ref
  end

Test project is an empty project, and test env have no default branch settings, so, finding.sha returns nil, breaks the join.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

合并请求报告