Extensible reference for vulnerabilities

Why are we doing this work

To implement the groupthreat insights reference for vulnerabilities using the recently agreed format for extensible references (see design issue below).

We're using this first implementation as a PoC to validate the design before committing time to implement the syntax for the remaining GitLab references.

Relevant links

• Design Issue. This is the "complete" implementation, for all GitLab references.
• Old Issue

Non-functional requirements

• Documentation: Update https://docs.gitlab.com/ee/user/markdown.html#special-gitlab-references
• Feature flag: vulnerability_special_references - default: true
• [-] Performance:
• Testing:
  • verify if cross-project reference is working,
  • verify if cross-namespace reference is working,
  • verify if same-project reference is working,
  • verify if Vulnerability autocomplete is working,

Implementation plan

POC: #217614 (comment 444930628)

• backend Create placeholder model in CE for Vulnerability, move logic from ee/models/vulnerability.rb to EE::Vulnerability module and prepend it in the model defined in CE. This is needed to reserve [vulnerability: as a special reference in GitLab,
• frontend Add entry for vulnerability to app/assets/javascripts/behaviors/markdown/gfm_auto_complete.js, app/assets/javascripts/gfm_auto_complete.js, app/assets/javascripts/shared/milestones/form.js, app/assets/javascripts/snippet/snippet_edit.js, app/assets/javascripts/vue_shared/components/markdown/field.vue and atwho callback on [vulnerability: to ee/app/assets/javascripts/gfm_auto_complete.js.
• backend Enable support for [vulnerability: and enable autocomplete for vulnerabilities:
  • app/helpers/notes_helper.rb: Add vulnerabilities entry to initial_notes_data in enableGFM,
  • app/models/concerns/mentionable/reference_regexes.rb: Add Vulnerability to link_patterns in default_pattern,
  • ee/app/controllers/ee/projects/autocomplete_sources_controller.rb, ee/app/controllers/groups/autocomplete_sources_controller.rb: Add method to load vulnerabilities for autocomplete widget,
  • ee/app/finders/security/vulnerabilities_finder.rb: Add ability to filter vulnerabilities that are visible for given user,
  • ee/app/helpers/ee/application_helper.rb: Extend autocomplete_data_sources with path for vulnerabilities,
  • ee/app/models/concerns/ee/mentionable/reference_regexes.rb: Add Vulnerability to other_patterns method,
  • ee/app/services/ee/projects/autocomplete_service.rb, ee/app/services/groups/autocomplete_service.rb: Add new method to load vulnerabilities,
  • ee/config/routes/group.rb, ee/config/routes/project.rb: Add routes to vulnerabilities in autocomplete_sources,
  • ee/lib/ee/banzai/filter/vulnerability_reference_filter.rb, lib/banzai/filter/vulnerability_reference_filter.rb: Add new reference filter for Vulnerability,
  • ee/lib/ee/banzai/reference_parser/vulnerability_parser.rb, lib/banzai/reference_parser/vulnerability_parser.rb: Add new reference parser for Vulnerability,
  • ee/lib/ee/banzai/issuable_extractor.rb: Extend reference_types and parsers with proper values for Vulnerability,
  • ee/lib/ee/banzai/pipeline/gfm_pipeline.rb, ee/lib/ee/banzai/pipeline/single_line_pipeline.rb: Extend reference_filters method with filter class name for Vulnerability,
  • lib/gitlab/reference_extractor.rb: Add vulnerability to REFERABLES