Skip to content

Migrate generic report item to GraphQL: "FileLocation"

Intro

We want to render the "FileLocation" report type within the GraphQL version of the pipeline's security modal:

example screenshot
Screenshot_2022-12-21_at_2.40.24_pm_2

How to set this up locally

  1. Import this project https://gitlab.com/gitlab-examples/security/security-reports
  2. Run a pipeline on master
  3. Navigate to the pipeline's security tab
  4. Filter for "DAST" tool
  5. Click on the "X-Frame-Options Header Not Set" vulnerability; the generic report section is within the "Evidence" section

The GraphQL migration work is currently behind a feature flag, to enable it run:

echo "Feature.enable(:pipeline_security_dashboard_graphql)" | rails c

Once enabled, refreshing the report and clicking on the same finding mentioned above, will load the GraphQL version of the modal.

Implementation plan

  1. Add query for fetching VulnerabilityDetailFileLocation types to ee/app/assets/javascripts/security_dashboard/graphql/queries/security_report_finding.query.graphql - an example approach can be found here:!107574 (diffs)
  2. Make sure that the behavior is exactly the same as on the current modal
  3. Add specs
Edited by David Pisek