Skip to content

Fix Duplicate Keys in Vulnerability Details

Kev requested to merge KevSlashNull/gitlab:247045-Fix-Duplicate-Keys-in-Vulnerability-Details into master

What does this MR do?

On the vulnerability details page, if two identifiers have the same URL, it will log an error message in the console. That's because the unique key is set to the URL and won't be unique if two identical URLs are used. This MR fixes that behavior by computing the key using a combination of the index and URL.

Relates to #247045 (closed).

Screenshots

Before

image

After

image

Steps to test

To test the changes, you need a vulnerability with at least two identifiers that have the same URL. You can either create them through a pipeline or through the rails console. Alternatively, if you are lazy—like me—you can add this to the component definition 🙈

created() {
  this.vulnerability.identifiers = [
    {
      url: 'https://gitlab.com',
      name: 'CVE-2019-9169 (1st)',
    },
    {
      url: 'https://gitlab.com',
      name: 'CVE-2019-9169 (2nd)',
    },
    {
      url: 'https://about.gitlab.com',
      name: 'different URL',
    },
  ];
},

When you create the identifier, you could also use an actual URL but I replaced it for readability (and because it's caused by a specific URL): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Kev

Merge request reports