Resolve "Add filename for security training GraphQL query"
What does this MR do and why?
Implement filename parameter on SecurityTrainingUrlsResolver
which takes a filename and rudimentarily resolves a language from it. That language is then used to filter security training urls so that the frontend needn't handle the parsing of filetypes to request the appropriate language.
The list of languages in the ::Security::TrainingUrlsFinder::EXTENSION_LANGUAGE_MAP
correlate to the documented supported languages for the Kontra
security training provider. These languages additionally work when used to query SecureCodeWarrior
as well.
Screenshots or screen recordings
How to set up and validate locally
- Configure local project.
- Navigate to
/-/security/configuration
on the respective project and enable the Kontra and SecureCodeWarrior training integrations for that project. - Navigate to your local GitLab
/-/graphql-explorer
- The following query will present a set of security training urls for your respective project
{
project(fullPath: "") {
securityTrainingUrls(identifierExternalIds: ["CWE-94", "91"]) {
name
url
status
identifier
}
}
}
- Applying the
filename
parameter with a recognised file extension will result in the appropriate language filtering. Unrecognised extensions are disregarded.
{
project(fullPath: "") {
securityTrainingUrls(identifierExternalIds: ["CWE-94", "91"], filename: "thing.rb") {
name
url
status
identifier
}
}
}
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #362697 (closed)
Edited by Gregory Havenga