Find or initialize Scanners using project_id
What does this MR do and why?
Add project_id
as argument to find_or_initialize_by
so the scanners are created in the correct project if they don't exist within that project already.
This prevents the following scenario:
- No scanner called
gitlab-manual-vulnerability-report
exists in any project. - Project A creates a vulnerability manually.
-
gitlab-manual-vulnerability-report
scanner gets created within project A. - Project B creates a vulnerability manually.
- Project B users don't see any scanner attached to the finding because it's actually attached to the scanner created in step 3 and they don't have access to that scanner.
Fixing this 100% will require a data migration which will be performed later on.
Related to #355802 (closed)
How to set up and validate locally
- Create a new project (assuming
project-a
) - Go to http://127.0.0.1:3000/root/project-a/-/security/vulnerabilities/new
- Create a new Vulnerability
- Create another project (assuming
project-b
) - Go to http://127.0.0.1:3000/root/project-b/-/security/vulnerabilities/new
- Create a new Vulnerability
- Go to
http://127.0.0.1:3000/-/graphql-explorer
- Issue the following query
query {
project(fullPath:"root/project-a") {
vulnerabilityScanners {
nodes {
id
name
reportType
}
}
vulnerabilities {
nodes {
id
scanner {
externalId
id
name
reportType
vendor
}
}
}
}
}
- Repeat for
project-b
- Make sure both queries have a non-empty
vulnerabilityScanners
andvulnerabilities.scanner.id
DO NOT match
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.