Move Secret Detection SHA logic to Finding
What does this MR do and why?
Move Secret Detection SHA logic to Finding
This is a more appropriate place to determine the correct SHA. The Finding model is shared by the Vulnerability model as well as the ::Vulnerabilities::FindingPresenter class.
This fixes an issue where the incorrect blob path was being shown for Secret Detection findings within the MR Security Widget. This is because the Widget uses an API driven by Projects::MergeRequestsController which makes use of ::Vulnerabilities::FindingPresenter to render each Secret Detection finding JSON object.
Hopefully this change ensures that the SHA is correctly computed regardless of who is sourcing the finding.
Screenshots or screen recordings
Previously, the link to the blob path would take you to the most recent commit of the MR you're looking at. If you happened to have deleted a file in the MR, this link would no longer be valid.
Following this change, the blob path is computed based on the commit SHA embedded into the Secret Detection finding (if one exists). The SHA could refer to a commit that includes a file that has since been deleted.
| Before | After |
|---|---|
 |
 |
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.