Use diff patch for Vulnerability Resolution code changes
What does this MR do and why?
This MR modifies vulnerability prompt so it returns particular structure of answer. That allows us to apply changes more broadly, not only to the vulnerable code.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Evaluation results for this prompt change are described here: https://gitlab.com/gitlab-org/gitlab/-/issues/473252#note_2020415420
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Set up instance runner on gdk: Please see instructions here: https://gitlab.com/gitlab-com/govern-sub-department/-/issues/256#setup-runner. Start the runner.
- Create the repository with vulnerabilities, I was testing on https://gitlab.com/gitlab-org/security-products/oxeye/dogfooding/generic/oxeye-rulez/. To do that, you need to download the repo linked here, unpack it and push it to your gdk. Repo needs to be in the project within the group with AI enabled.
- Run pipeline in the project.
- Go to Secure>Vulnerability Report section.
- Pick Vulnerability with multi-line vulnerable code, like the one with title: "Use of a broken or risky cryptographic algorithm" on the file
lgpl/rules/javascript/node/crypto/javascript-node-crypto-jwt-none-alg-atomic.js:138-144
. You can use this query to find the id of it:Vulnerabilities::Finding.where("vulnerability_occurrences.location@> ?", {file: 'lgpl/rules/javascript/node/crypto/javascript-node-crypto-jwt-none-alg-atomic.js', start_line: 138}.to_json).last.vulnerability_id
- Click "resolve vulnerability with Merge request"
- Observe MR that is the result of this operation.
resolves https://gitlab.com/gitlab-org/gitlab/-/issues/473252
Edited by Jessie Young