Provide vulnerability file language type
Why are we doing this work
Provide the file language of the vulnerability. This is currently what is provided:
The language is used to fetch the proper security training material from our vendors. This issue is part of this epic > &6176 (closed)
Why is this needed
To properly make the request to our training vendors and get the most accurate response, they require a language type as the parameter. For example java
or ruby
. A sample request looks like this curl -X GET 'https://application.security/api/.../search?cwe=81&language=java'
. More information can be found here > https://gitlab.com/gitlab-org/gitlab/-/issues/346069#note_742608425
Relevant links
Non-functional requirements
-
Documentation: Update GraphQL documentation -
Testing: Will need updated tests
Implementation plan
-
backend Add file/language
argument inSecurityTrainingUrlsResolver
-
backend Parse the file type. May not need to use an existing class, but can see lib/gitlab/file_detector.rb
orlib/gitlab/file_type_detection.rb
for examples. -
backend Use the parsed language type in url finder (https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/app/finders/security/training_providers/base_url_finder.rb) to extract training url
Testing
-
Create/update feature specs -
Counterpart SET to review changes
Edited by Gregory Havenga