Include `blob_path` for security findings graphql types
What does this MR do and why?
The VulnerabilityLocationType graphql type is supposed to contain a blob_path(docs), however this field is always nil because we do not pass that data to location in the resolver.
This MR starts passing in that data
The REST api was also returning a nil blob_path. This was because
the presenter operated on string keys, and the REST entity passes in
symbol keys. This issue was solved by making location have
indifferent access in the presenter
Screenshots or screen recordings
| Before | After |
|---|---|
| Screencast_from_12-13-2023_12_35_58_PM | Screencast_from_12-13-2023_01_24_21_PM |
 |
 |
 |
 |
How to set up and validate locally
prerequisites
- You will need an EE enabled local instance
- you will need the ci runner working to run a pipeline
to test pipeline tab
- import this repo: https://gitlab.com/gitlab-examples/security/security-reports/-/pipelines/1078659009/security
- run a pipeline on the main branch
- once completed, on that pipeline click on the security tab
- click a finding result to load the modal
- Notice the file path isn't linked
- checkout the MR branch
- notice the file path is now linked
to test graphql widget
- enable the modal FF:
Feature.enable(:standalone_finding_modal_merge_request_widget) - create an MR
- once pipeline has completed, on that pipeline click on the security tab
- click a finding result to load the modal
- Notice the file path isn't linked
- checkout the MR branch
- notice the file path is now linked
- notice
blobPathis populated in graphql response
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #434358 (closed)
Edited by Michael Becker