Inconsistent feedback responses on `merge_requests/${id}/${type}_reports` and `vulnerability_feedback` endpoints
Summary
API responses of merge_requests/${id}/${type}_reports
and vulnerability_feedback?report_type=${report_type}
endpoints are returning different feedback records.
This is happening because the vulnerability_feedback
endpoint is utilizing the only_valid_feedback
scope of Vulnerabilities::Feedback
model and the other one is not.
Steps to reproduce
TBD
Example Project
TBD
What is the current bug behavior?
Inconsistent data on 2 different endpoints.
What is the expected correct behavior?
Consistent data.
Relevant logs and/or screenshots
TBD
Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
All environments
Possible fixes
- TBD
-
Ensure the frontend still works after the backend change
Implementation plan
-
frontend set value of
dismissal_feedback
property tonull
inrevertDismissVulnerability
(!45954 (diffs)); we need to do it until we have #207489 (closed) resolved (the reason for that is that we have fallback defined in https://gitlab.com/gitlab-org/gitlab/blob/369d3ae038b81a75376d2a752a30b563e437fe42/ee/app/assets/javascripts/vue_shared/security_reports/components/modal.vue#L109, so even when we setdismissalFeedback
tonull
, it is still incorrectly rendered), -
backend add callbacks to
ee/app/models/vulnerabilities/feedback.rb
to touch the pipeline after save and after destroy: this will invalidate Redis cache fromMergeRequest#compare_reports
(https://gitlab.com/gitlab-org/gitlab/blob/ca279741b2d5160b3914dd9d15b127b8ae873447/app/models/merge_request.rb#L1442), -
backend add pipeline to
feedback_params
inee/app/services/vulnerabilities/dismiss_service.rb
as latest successful pipeline with security reports, -
backend add background migration to update
pipeline_id
for feedback missing id value
Edited by Alan (Maciej) Paruszewski