Fix missing canAdminVulnerability injection
What does this MR do and why?
Related #434360 (closed)
The canAdminVulnerability
check was added in Hide vulnerability dismiss buttons for users wi... (!138867 - merged) • Daniel Tian • 17.0, but when the modal is used on the mr widget (this is the case when standalone_finding_modal_merge_request_widget
feature flag is enabled), this injection is missing. With this MR, canAdminVulnerability
is properly provided.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
Prerequisites
- You need an EE license
- You need to have runners enabled (See $2408961 for setting up a runner)
- Import https://gitlab.com/gitlab-org/govern/demos/sandbox/minac/test-remediations
- Do not run a pipeline yet on master!
Validate
- Enable feature flag:
echo "Feature.enable(:standalone_finding_modal_merge_request_widget)" | gdk rails c
- In the imported test-remediations project
- go to
reports/sast.json
and remove both entries invulnerabilities
, leaving effectively an empty array - commit and push this to master
- now, in
reports/sast.json
, add the removed vulnerabilities back again, but commit and push to a new branch, and create a merge request.
- go to
- In the MR, expand the security scanning widget and click on any finding
- Validate that there is no console error about a missing injection
- Validate that the "Dismiss vulnerability" button is visible