Update RTV and ETV to use subscription ID
What does this MR do and why?
Update "Resolve this vulnerability" (RTV) and "Explain this vulnerability" (ETV) to use a subscription ID. This ensures each AI feature subscribes and outputs the correct corresponding response.
It fixes a potential bug whereby the "Explain this vulnerability" will display the "Resolve this vulnerability" output of the MR link.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Bug (Before) | Solution (After) |
---|---|
etv-does-not-display-ai-mr-link |
From the video, you can see that the drawer does not display the AI-generated MR link. The "Resolve with AI" request did make it through as evidenced by the increased MR count (43 to 44). This is what is expected
How to set up and validate locally
- Have the related FF enabled:
echo "Feature.enable(:resolve_vulnerability_ai)" | rails c
- In order to run a pipeline to generate a Vulnerability report, you'll need an EE license.
- Fork https://gitlab.com/gitlab-org/security-products/tests/webgoat.net
- Run a pipeline against the default branch. It will generate vulnerabilities.
- Go to the project vulnerability report page
- Click on the "Explain this vulnerability", and immediately close the drawer
- Click on the "Resolve with AI", and immediately click on the "Explain this vulnerability"
- The drawer should not display the AI generated MR link from the "Resolve with AI" action
Note: this bug is quite tricky to reproduce. So apply this patch:
What this patch is doing:
- Based on my local condition, it takes on average 7-8 seconds to generate the AI MR.
- So I added a
setTimeout
to defer the "Explain this vulnerability response" by 20 seconds. - If the bug still exists, the ETV drawer will display the RTV response.
- If the bug is successfully fixed, the ETV drawer will display the loading status until its own AI response (markdown) is ready.
Related to #435526 (closed)