Add `VulnerabilityDetailNamedList` type to GraphQL schema
What does this MR do and why?
This change introduces a VulnerabilityDetailNamedListType to the GraphQL schema to be able to support a named-list for rendering data in the UI.
Screenshots or screen recordings
How to set up and validate locally
Example below:
- Clone
https://gitlab.com/gitlab-examples/security/security-reports.git - Run a pipeline on the default branch.
- Go to Secure -> Vulnerability Report and filter by Tool -> DAST
- Note down the ID of the vulnerability title CWE-16 in
- Determine the pipeline iid and finding uuid of the vulnerability in the rails console.
v = Vulnerability.find($vuln_id) puts v.findings.first.uuid puts v.findings.first.security_findings.first.pipeline.iid - Open
/-/graphql-explorer - Use the following query:
query getFinding($fullPath: ID!, $pipelineIid: ID!, $findingUuid: String!) {
project(fullPath: $fullPath) {
pipeline(iid: $pipelineIid) {
securityReportFinding(uuid: $findingUuid) {
uuid
title
details {
__typename
... on VulnerabilityDetailNamedList {
__typename
name
fieldName
description
items {
__typename
name
fieldName
description
value {
__typename
... on VulnerabilityDetailBoolean {
description
fieldName
name
value
}
... on VulnerabilityDetailCode {
fieldName
lang
name
value
}
... on VulnerabilityDetailCommit {
description
fieldName
name
value
}
... on VulnerabilityDetailDiff {
after
before
description
fieldName
name
}
... on VulnerabilityDetailFileLocation {
description
fieldName
fileName
lineEnd
lineStart
name
}
... on VulnerabilityDetailInt {
description
fieldName
name
value
}
... on VulnerabilityDetailMarkdown {
description
fieldName
name
value
}
... on VulnerabilityDetailModuleLocation {
description
fieldName
moduleName
name
offset
}
... on VulnerabilityDetailText {
description
fieldName
name
value
}
... on VulnerabilityDetailUrl {
description
fieldName
href
name
text
}
}
}
}
}
}
}
}
}- Specify the appropriate GraphQL query variables:
{ "fullPath": "full/path/to/security-reports", "pipelineIid": "$pipeline_iid", "findingUuid": "$finding_uuid" } - Check the results for something that looks similar to:
[ { "details": [ { "__typename": "VulnerabilityDetailNamedList", "name": "A Named List", "fieldName": "named_list", "description": null, "items": [ { "__typename": "VulnerabilityDetailNamedListItem", "name": "Field 1", "fieldName": "field1", "description": "The description for field 1", "value": { "__typename": "VulnerabilityDetailText", "description": "The description for field 1", "fieldName": null, "name": "Field 1", "value": "Text" } }, { "__typename": "VulnerabilityDetailNamedListItem", "name": "Field 2", "fieldName": "field2", "description": "The description for field 2", "value": { "__typename": "VulnerabilityDetailText", "description": "The description for field 2", "fieldName": null, "name": "Field 2", "value": "Text" } }, { "__typename": "VulnerabilityDetailNamedListItem", "name": "Nested Ints", "fieldName": "nested_ints", "description": null, "value": { "__typename": "VulnerabilityDetailList" } } ] } ] } ]
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by mo khan