Skip to content

Include `blob_path` for security findings graphql types

What does this MR do and why?

The VulnerabilityLocationType graphql type is supposed to contain a blob_path(docs), however this field is always nil because we do not pass that data to location in the resolver.

This MR starts passing in that data

The REST api was also returning a nil blob_path. This was because the presenter operated on string keys, and the REST entity passes in symbol keys. This issue was solved by making location have indifferent access in the presenter

Screenshots or screen recordings

Before After
Screencast_from_12-13-2023_12_35_58_PM Screencast_from_12-13-2023_01_24_21_PM
image image
image image

How to set up and validate locally

prerequisites

  1. You will need an EE enabled local instance
  2. you will need the ci runner working to run a pipeline

to test pipeline tab

  1. import this repo: https://gitlab.com/gitlab-examples/security/security-reports/-/pipelines/1078659009/security
  2. run a pipeline on the main branch
  3. once completed, on that pipeline click on the security tab image
  4. click a finding result to load the modal
  5. Notice the file path isn't linked
  6. checkout the MR branch
  7. notice the file path is now linked image

to test graphql widget

  1. enable the modal FF:
    Feature.enable(:standalone_finding_modal_merge_request_widget)
  2. create an MR
  3. once pipeline has completed, on that pipeline click on the security tab
  4. click a finding result to load the modal
  5. Notice the file path isn't linked
  6. checkout the MR branch
  7. notice the file path is now linked
  8. notice blobPath is populated in graphql response

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #434358 (closed)

Edited by Michael Becker

Merge request reports

Loading