Skip to content

Resolve "Add filename for security training GraphQL query"

What does this MR do and why?

Implement filename parameter on SecurityTrainingUrlsResolver which takes a filename and rudimentarily resolves a language from it. That language is then used to filter security training urls so that the frontend needn't handle the parsing of filetypes to request the appropriate language.

The list of languages in the ::Security::TrainingUrlsFinder::EXTENSION_LANGUAGE_MAP correlate to the documented supported languages for the Kontra security training provider. These languages additionally work when used to query SecureCodeWarrior as well.

Screenshots or screen recordings

Screenshot_from_2022-05-30_22-45-40 Screenshot_from_2022-05-30_22-45-20

How to set up and validate locally

  1. Configure local project.
  2. Navigate to /-/security/configuration on the respective project and enable the Kontra and SecureCodeWarrior training integrations for that project.
  3. Navigate to your local GitLab /-/graphql-explorer
  4. The following query will present a set of security training urls for your respective project
{
  project(fullPath: "") {
    securityTrainingUrls(identifierExternalIds: ["CWE-94", "91"]) {
      name
      url
      status
      identifier
    }
  }
}
  1. Applying the filename parameter with a recognised file extension will result in the appropriate language filtering. Unrecognised extensions are disregarded.
{
  project(fullPath: "") {
    securityTrainingUrls(identifierExternalIds: ["CWE-94", "91"], filename: "thing.rb") {
      name
      url
      status
      identifier
    }
  }
}

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #362697 (closed)

Edited by Gregory Havenga

Merge request reports

Loading