Create `Mutations::SecurityFinding::CreateIssue`
Why are we doing this work?
We want to be able to create Issue
objects directly from Security::Findings
. At the same time we want to deprecate Vulnerabilities::Feedback
objects.
To do this easily, we want to introduce Mutations::SecurityFinding::CreateIssue
GraphQL mutation and Vulnerabilities::SecurityFinding::CreateIssue
service object.
Implementation plan
-
backend Create
Vulnerabilities::SecurityFinding::CreateIssue
-
backend Create
Mutations::SecurityFinding::CreateIssue
Vulnerabilities::SecurityFindings::CreateIssue
High level overview:
- Look for given
Security::Finding
- "Promote" -
Security::Finding
toVulnerabilities::Finding
- Create a
Vulnerability
for a givenVulnerabilities::Finding
if it doesn't exist - Create an
Issue
for thatVulnerability
- Create an
Vulnerabilities::IssueLink
for that(vulnerability_id, issue_id)
pair
We should use state of deprecate_vulnerabilities_feedback
feature flag to determine the correct way to do this. The differences are outlined below.
deprecate_vulnerabilities_feedback is enabled
In this branch we would skip creating Vulnerabilities::Feedback objects
- See if the
Vulnerabilities::Finding
has avulnerability_id
- It not then create it using
Vulnerabilities::CreateService
(ee/app/services/vulnerabilities/create_service.rb
) - Use the
vulnerability_id
to create an Issue viaIssues::CreateFromVulnerabilityDataService
(ee/app/services/issues/create_from_vulnerability_data_service.rb) - Make sure to create
Vulnerabilities::IssueLink
object with thevulnerability_id
andissue_id
I think steps 2 - 4 could be wrapped in a Vulnerabilites::CreateFromFindingService
which we could reuse later on.
deprecate_vulnerabilities_feedback is disabled
In this branch we would just:
- Use
VulnerabilityFeedback::CreateService
to create aVulnerabilities::Feedback
object andIssue
for it. SeeVulnerabilities::Feedback#create_issue
method
Finding is not found
This shouldn't happen, but in this case we should just error out
Mutations::SecurityFindings::CreateIssue
- Accepts
security_finding_id
- Calls
Vulnerabilities::SecurityFinding::CreateIssue
- Returns the created
Issue