Update data sent to vulnerabilities page to include less information and use the new data model
Summary
Per several discussions (MR27542, MR23553, NoteOn209896) on how much data and which data should be sent up, the data model for the the Vulnerability
object is being update to remove the dependence on the finding
object.
To decouple the dependency of the UI on this data model change, the UI work will continue forward utilizing the finding
object (if necessary) and this issue will serve as the clean up issue for the UI once the data model.
Improvements
Once the Vulnerability
data model is updated, it will have only the necessary data from the finding
object, making the payload to the UI smaller.
Payload
Suggested payload based on what the UI is using
vulnerability_data = {
category: vulnerability.report_type,
confidence: vulnerability.confidence,
create_issue_url: create_vulnerability_feedback_issue_path(vulnerability.finding.project),
create_mr_url: create_vulnerability_feedback_merge_request_path(vulnerability.finding.project),
description: vulnerability.finding.description,
discussion_url: discussions_project_security_vulnerability_path(vulnerability.project, vulnerability),
has_mr: !!vulnerability.finding.merge_request_feedback.try(:merge_request_iid),
id: vulnerability.id,
identifiers: vulnerability.finding.identifiers,
issue_feedback: vulnerability.finding.issue_feedback, // Ensure it has the issue_url as well
links: vulnerability.finding.links,
location: vulnerability.finding.location,
notes_url: project_security_vulnerability_notes_path(vulnerability.project, vulnerability),
pipeline_json: vulnerability_pipeline_data(pipeline).to_json,
project: vulnerability.finding.project
project_default_branch
project_fingerprint: vulnerability.finding.project_fingerprint,
remediations: vulnerability.finding.remediations,
resolved_on_default_branch
severity: vulnerability.severity,
solution: vulnerability.finding.solution,
state: vulnerability.state,
timestamp: Time.now.to_i
title: vulnerability.title,
vulnerability_feedback_help_path: help_page_path('user/application_security/index', anchor: 'interacting-with-the-vulnerabilities'),
${vulnerability.state}_by_id // dismissed, resolved, confirmed, and detected by id
${vulnerability.state}_at // dismissed, resolved, confirmed, and detected _at
}
Risks
None
Involved components
gitlab/ee/app/views/projects/security/vulnerabilities/show.html.haml
gitlab/ee/app/helpers/vulnerabilities_helper.rb
gitlab/ee/app/assets/javascripts/pages/projects/security/vulnerabilities/show/index.js
Relates to #209896 (closed)
Relates to #209994 (closed)