Dismissing vulnerability via modal on pipeline page don't update until the page is refreshed
Summary
Tested on GitLab 15.3.1
If a pipeline contains new vulnerabilities and the user attempts to dismiss a vulnerability via the modal, the vulnerability is still visible even if "hide dismissed" is enabled (it is flagged as "DISMISSED" however).
Once the page is refreshed, the vulnerabilities that were dismissed are hidden from the page.
Furthermore, the toast message that pops up after dismissing the finding should have an "undo" action inside if "hide dismissed" is enabled. The current message only lets the user know that the dismissal was successful.
Steps to reproduce
-
Create a new project with the Rails template.
-
Replace the
.gitlab-ci.yml
file with:include: - template: Security/Secret-Detection.gitlab-ci.yml
-
Add some secrets to be detected and commit to a new branch, then create an MR.
# app/controllers/application_controller.rb class ApplicationController < ActionController::Base def test host = "https://username:password11@example.com/path/to/repo" host = "https://username:password12@example.com/path/to/repo" host = "https://username:password13@example.com/path/to/repo" host = "https://username:password14@example.com/path/to/repo" end end
-
Once the pipeline is complete, view the Security tab.
-
Click on one of the vulnerabilities to open the details modal and click on the "Dismiss vulnerability" button.
Example Project
N/A
What is the current bug behavior?
When dismissing a vulnerability, is still visible on the page even when "hide dismissed" is enabled.
What is the expected correct behavior?
The dismissed vulnerability should not be visible any longer.
Relevant logs and/or screenshots
Screen_Recording_2022-12-16_at_2.29.22_pm
Expected toast message after dismissal (with "hide dismissed" enabled) |
---|
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
This is related to #372099 (closed) (here is the fix that addresses the bug: !106747 (merged)).
Within ee/app/assets/javascripts/security_dashboard/store/modules/vulnerabilities/actions.js
we handle the dismissVulnerability
action, which checks a VueX rootState
for filter.hideDismissed
- if that is true then the report is refetched and a toast message is displayed.
The hideDismissed
property no longer exists within the filters state, but is now using filter.scope
, which can either be all
or dismissed
.
The fix is to update the check so it uses the scope
instewad of hideDismissed
.