Extract matched rules information in scanner results used by webhooks (#24482)

Author: willdurand

src/olympia/scanners/tasks.py

@@ -122,7 +122,10 @@ def call_webhooks(event_name, payload, upload=None, version=None):
                 },
             )
 
-            scanner_result.update(results=data)
+            scanner_result.results = data
+            # We don't pass `update_fields` because the `save()` method
+            # also updates other fields (e.g. has_matches, matched_rules).
+            scanner_result.save()
         except Exception as exc:
             log.exception('Error while calling webhook "%s".', event.webhook.name)
             raise exc

src/olympia/scanners/tests/test_tasks.py

@@ -2403,6 +2403,30 @@ def test_call_webhooks(self, _call_webhook_mock):
             ]
         )
 
+    @mock.patch('olympia.scanners.tasks._call_webhook')
+    def test_call_webhooks_extracts_matched_rules(self, _call_webhook_mock):
+        rule = ScannerRule.objects.create(
+            name='some-rule',
+            scanner=WEBHOOK,
+            is_active=True,
+        )
+        webhook = ScannerWebhook.objects.create(
+            name='some-scanner',
+            url='https://example.org/webhook',
+            api_key='some-api-key',
+            is_active=True,
+        )
+        ScannerWebhookEvent.objects.create(
+            event=WEBHOOK_DURING_VALIDATION, webhook=webhook
+        )
+        _call_webhook_mock.return_value = {'matchedRules': [rule.name]}
+
+        call_webhooks(WEBHOOK_DURING_VALIDATION, payload={})
+
+        result = ScannerResult.objects.get(scanner=WEBHOOK)
+        assert result.has_matches is True
+        assert list(result.matched_rules.all()) == [rule]
+
     @mock.patch('olympia.scanners.tasks._call_webhook')
     def test_call_webhooks_raises(self, _call_webhook_mock):
         assert len(ScannerResult.objects.all()) == 0

src/olympia/scanners/tests/test_views.py

@@ -28,6 +28,7 @@
 )
 from olympia.scanners.models import (
     ScannerResult,
+    ScannerRule,
     ScannerWebhook,
     ScannerWebhookEvent,
 )
@@ -513,6 +514,21 @@ def test_invalid_payload_empty(self):
 
         assert response.status_code == 400
 
+    def test_success_extracts_matched_rules(self):
+        rule = ScannerRule.objects.create(
+            name='some-rule',
+            scanner=WEBHOOK,
+            is_active=True,
+        )
+
+        results = {'version': '1.2.3', 'matchedRules': [rule.name]}
+        response = self.patch(self.url, data={'results': results})
+
+        assert response.status_code == 204
+        self.scanner_result.refresh_from_db()
+        assert self.scanner_result.has_matches is True
+        assert list(self.scanner_result.matched_rules.all()) == [rule]
+
     def test_invalid_group(self):
         self.webhook.service_account.groupuser_set.all().delete()
 

src/olympia/scanners/views.py

@@ -150,5 +150,9 @@ def patch_scanner_result(request, pk=None):
     # Return a 400 response if the data was invalid.
     serializer.is_valid(raise_exception=True)
 
-    scanner_result.update(results=serializer.validated_data['results'])
+    scanner_result.results = serializer.validated_data['results']
+    # We don't pass `update_fields` because the `save()` method
+    # also updates other fields (e.g. has_matches, matched_rules).
+    scanner_result.save()
+
     return Response(status=status.HTTP_204_NO_CONTENT)