Generic Vulnerability Report: `file-location` component does not render on pipeline-security view
Summary
When looking at a vulnerability on the pipeline's security tab any generic report entry with the type file-location
fails to render.
Steps to reproduce
- Go to a pipeline containing a vulnerability with generic report data
- Select
DAST
from theScanner
dropdown - Click on
X-Frame-Options Header Not Set
Vulnerability - Scroll to the
Evidence
Section - the entry with typefile-location
has the name "a file location"
Example Project
https://gitlab.com/gitlab-examples/security/security-reports
What is the current bug behavior?
Any report entry with type file-location
does not render the actual data but only a colon.
What is the expected correct behavior?
It should render the given filename and line number.
Relevant logs and/or screenshots
current | expected |
---|---|
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
The same component works as expected on the Vulnerability Report page.
This is because within ee/app/assets/javascripts/vulnerabilities/vulnerabilities_init.js
we convert all properties on the response data from snake - to camel case.
All components responsible for rendering generic report types expect camel cased properties, in order to make sure they work on the pipeline view we should convert the vulnerability.details
property within ee/app/assets/javascripts/security_dashboard/store/modules/vulnerabilities/actions.js
(receiveVulnerabilitiesSuccess
action).