Fix pending status when SecureFlag has no content (!120538) · Merge requests · GitLab.org / GitLab

Brian Williams requested to merge bwill/fix-secure-flag-no-content into master May 11, 2023

What does this MR do and why?

Describe in detail what your merge request does and why.

When SecureFlag does not have training available for a vulnerability, it returns a 404 response with an empty body. For this case, the reactive cache should be returning { url: nil } as this indicates that there's no training content and the request should not be retried.

This MR fixes erroneous behavior where, if the server returns 404, then UrlFinder returns a pending response which results in requests for the training URLs retrying indefinitely.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Go to <instance_url>/-/graphql-explorer.

Enable the SecureFlag training provider:

mutation {
  securityTrainingUpdate(input: {
    clientMutationId: "thing",
    projectPath: "<YOUR_PROJECT>",
    providerId: "gid://gitlab/Security::TrainingProvider/3",
    isEnabled: true,
    isPrimary: true
  }) {
    errors
  }
}

Repeatedly send this graphql request. Eventually, it should return an empty list instead of a pending status. Before this change, it would be stuck in a pending status forever.

{
  project(fullPath: "<YOUR_PROJECT>") {
    securityTrainingUrls(identifierExternalIds: "[cwe]-[42]-[cwe-42]") {
      identifier
      name
      status
      url
    }
  }
}

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited May 11, 2023 by Brian Williams

Fix pending status when SecureFlag has no content

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports