Skip to content

Add `includeSourceCode` to `ExplainVulnerability` cache key

What does this MR do and why?

While working on the frontend of the "Explain This Vulnerability" feature, it was discovered that the cached AI response does not differentiate between the includeSourceCode: true and includeSourceCode: false versions of a request.

It will return whichever one it has in its cache, even if the user changes the checkbox selection.

We need to address this because it would be alarming for a user if they unchecked the checkbox, yet they receive a response that was clearly passed the source code.

This is because the cache key was not factoring in any request options

This change includes the include_source_code option as part of the cache key

Rather than splatting the entire options hash into the key, I have opted to be explicit in the options I check for

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. follow this guide to set up local vertex access
  2. clone this project into your local instance
  3. use the explain this vulnerability feature, make sure the "include source code" option is checked
  4. you should see some source code in the response
  5. un-check the "include source code" check box, make another request
  6. you should see a different response, source code should not be included in the response

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #419236 (closed)

Edited by Michael Becker

Merge request reports

Loading