Fix `create_jira_issue_url` for unpersisted vulnerabilities(a.k.a. findings)
What does this MR do and why?
Explanation about the feature
We have 2 different channels that users can create JIRA issues for a security vulnerability. The first one is the "Pipeline Security Tab" and the second one is the "Vulnerability Detail" page which can be accessed by the "Vulnerability Reports".
The "Vulnerability Detail" and "Vulnerability Reports" views work with the Vulnerability
entity. Vulnerability
means, the security vulnerability is on the default branch and a real threat. On the other hand, the "Pipeline Security Tab" works with the Vulnerabilitis::Finding
entities, and the records in that list can be already existing on the default branch or not.
Here we have this if vulnerability.is_a?(Vulnerability)
check because we are giving a link back to GitLab and we can create URLs for only the records we have in our database. This means, if the security vulnerability hasn't been merged into the default branch, there is no way to create a URL because it doesn't have an ID.
We have similar checks to this in this file here and here.
What is changed with this MR
This MR changes the template file for the JIRA issue description for security vulnerabilities to do not try to generate backreference URLs. This is necessary as this template is used with both Vulnerability
and Vulnerability::Finding
records.
Related to #327480 (closed), https://sentry.gitlab.net/gitlab/gitlabcom/issues/2494517.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.