Duplicated vulnerabilities in API results
Summary
The security dashboard endpoints are returning duplicate vulnerabilities in their data.
I noticed it happening locally and thought it might be an issue with the way I seeded the database, but it seems this issue has made its way to staging now.
https://staging.gitlab.com/groups/secure-team-test/-/security/dashboard/?page=1&days=90
Steps to reproduce
I'm unsure how to reproduce it locally but visiting the Secure team test group dashboard on staging shows this issue.
Example Project
https://staging.gitlab.com/groups/secure-team-test/-/security/dashboard/?page=1&days=90
What is the current bug behavior?
- All three of the vulnerabilities in the
secure-team-test / security-reports
project are duplicated 13 times invulnerabilities
andcount
endpoint results. - The only vulnerability in the
secure-team-test / sast
project is not duplicated. - The
history
endpoint seems to display the correct data. - Because of the duplicated vulnerabilities, Vue cannot assign unique keys to the vulnerabilities in the vulnerability list and Vue crashes causing the page to render unpredictably and visibly broken.
What is the expected correct behavior?
- The endpoints should only return one result per vulnerability. (It sounds obvious, I'm just following the template)
Relevant logs and/or screenshots
These are the same as above:
Output of checks
This bug happens on https://staging.gitlab.com during testing for gitlab-org/release/tasks#778 (closed). I encountered it locally previous to this. I haven't encountered it on gitlab.com.