MR allows dismissing already dismissed vulnerabilities, incorrectly updates original dismisser
Summary
Some findings that appear in the MR security widget are already dismissed yet they allow you to dismiss them again. When you do this, the name of the original dismisser is replaced with your own.
Behavior in action:
Steps to reproduce
- From the MR security widget, open a finding that has already been dismissed. The option to
Dismiss
still appears. - Dismiss it again, close the finding model, and then view the finding again.
- Observe that the name of whoever originally dismissed it has been replaced with your own, even though the timestamp of the original dismissal remains.
Example Project
What is the current bug behavior?
Findings that were previously dismissed should not allow dismissing again. Correcting this may resolve the secondary problem of incorrectly updating the original dismisser's name.
What is the expected correct behavior?
The option to Dismiss does not appear for already dismissed findings. This is likely related to #231003 (closed) where dismissed findings are not properly displaying with a strikethrough in the MR security widget.
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)