Remove sorting vulnerabilities by state
What does this MR do and why?
Remove the ability to sort Vulnerabilities by state_asc, state_desc.
Deprecation:
- Notice: !86377 (merged)
- Notice update (we were supposed to remove this in %15.2, so the notice was updated to %15.3): !92822 (merged)
- Reason for removing before %16.0 (TL;DR: performance impact): #360516 (comment 1032582683)
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
- Ensure your instance has an Ultimate license applied.
- Generate test vulnerabilities by using either:
- https://docs.gitlab.com/ee/user/application_security/generate_test_vulnerabilities/; OR
- Clone https://gitlab.com/gitlab-examples/security/security-reports/ into a local project and run a pipeline.
- Visit the vulnerability report page (i.e.
<project_path>/-/security/vulnerability_report) - Observe the order of the results in the report.
- Change the Status filter to "All statuses".
- Change the status of one vulnerability each to confirmed, resolved, dismissed.
- Click
Status. The page won't reload, and the order won't change.
- Do steps 1-2 above
-
Run the GraphQL queries below:
- Should work and return 5 items:
QUERY='{ project(fullPath:\"<project_path>\") { vulnerabilities(first: 5, sort: state_desc) { nodes { id state } pageInfo { endCursor } } } } ' - Should fail:
QUERY='{ project(fullPath:\"<project_path>\") { vulnerabilities(first: 5) { nodes { id state } pageInfo { endCursor } } } } '- Error message:
"Argument 'sort' on Field 'vulnerabilities' has an invalid value (state_desc). Expected type 'VulnerabilitySort'.
- Error message:
- Should work and return 5 items:
Script
GRAPHQL_TOKEN=<personal access token with api access here>
#QUERY='query {currentUser {name}}'
#QUERY='{ project(fullPath:\"root/security-reports\") { vulnerabilities(first: 5, sort: state_desc) { nodes { id state } pageInfo { endCursor } } } } '
QUERY='{ project(fullPath:\"root/security-reports\") { vulnerabilities(first: 5) { nodes { id state } pageInfo { endCursor } } } } '
curl "http://localhost:3000/api/graphql" --header "Authorization: Bearer $GRAPHQL_TOKEN" \
--header "Content-Type: application/json" --request POST \
--data "{\"query\": \"$QUERY\"}"
Success
{
"data": {
"project": {
"vulnerabilities": {
"nodes": [
{
"id": "gid://gitlab/Vulnerability/248",
"state": "CONFIRMED"
},
{
"id": "gid://gitlab/Vulnerability/247",
"state": "CONFIRMED"
},
{
"id": "gid://gitlab/Vulnerability/246",
"state": "RESOLVED"
},
{
"id": "gid://gitlab/Vulnerability/243",
"state": "RESOLVED"
},
{
"id": "gid://gitlab/Vulnerability/239",
"state": "DISMISSED"
}
],
"pageInfo": {
"endCursor": "eyJzZXZlcml0eSI6ImNyaXRpY2FsIiwidnVsbmVyYWJpbGl0eV9pZCI6IjIzOSJ9"
}
}
}
}
}Failure
{
"errors": [
{
"message": "Argument 'sort' on Field 'vulnerabilities' has an invalid value (state_desc). Expected type 'VulnerabilitySort'.",
"locations": [
{
"line": 1,
"column": 47
}
],
"path": [
"query",
"project",
"vulnerabilities",
"sort"
],
"extensions": {
"code": "argumentLiteralsIncompatible",
"typeName": "Field",
"argumentName": "sort"
}
}
]
}MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #360516 (closed) /cc @matt_wilson
Edited by Thiago Figueiró