Skip to content

Filtered vulnerability report does not get updated when a vulnerability gets mutated

Summary

When a vulnerability gets mutated directly via the vulnerability reports (e.g.: changing the status via the bulk update) and it's new status has been selected as a filter before, the update does not get reflected on the UI until a full page refresh.

Steps to reproduce

  1. Go to this verification project
  2. Set the "Status" filter to "Confirmed"
  3. Set the "Status" filter back to "All statuses"
  4. Chose a (or multiple) vulnerability that does not have the "confirmed" status and select it by clicking on the checkbox
  5. Change the status to "Confirmed"
  6. Set the "Status" filter to "Confirmed" again
  7. The vulnerabilities that had their status changed are not showing up
  8. Do a full page refresh - now they do show up

Example Project

https://gitlab.com/gitlab-org/govern/threat-insights-demos/verification-projects/verify-408366-allow-providing-dismissal-reason-and-comment-for-vulnerability-bulk-updates/-/security/vulnerability_report

What is the current bug behavior?

Updated vulnerabilities don't show up, once their status has been changed and if the report has been filtered by their updated status before.

What is the expected correct behavior?

They should show up when changing filters, without a refresh.

Relevant logs and/or screenshots

Screen_Recording_2023-05-12_at_3.46.05_pm

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info 

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check 
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)


(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)


(we will only investigate if the tests are passing)

Possible fixes

  1. Quick (non-ideal): Change Apollo's fetch policy to network only for the query that fetches the vulnerability list
  2. Ideal: Make sure that we keep Apollo's cache in sync whenever we mutate a vulnerability, so a refetch won't be necessary