Description of Vulnerability is empty in GraphQL

Summary

When using the GitLab GraphQL API, vulnerabilities have an empty description.

Steps to reproduce

Go to https://gitlab.com/-/graphql-explorer
Use this query:

{
  project(fullPath: "gitlab-org/security-products/demos/imports") {
    name
    vulnerabilities {
      nodes {
        id
        description
      }
    }
  }
}

Example Project

Tested with https://gitlab.com/gitlab-org/security-products/demos/imports but also other projects with recent findings, description was empty.

What is the current bug behavior?

Description field is empty

What is the expected correct behavior?

Description of the vulnerability available

Relevant logs and/or screenshots

N/A

Output of checks

This bug happens on GitLab.co

Results of GitLab environment info

Expand for output related to GitLab environment info


(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check

(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)
(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)
(we will only investigate if the tests are passing)

Possible fixes

backend Similar to #284473 (closed), this should be resolved by pulling the finding description if one does not exist for the vulnerability

/cc @matt_wilson @lkerr @thiagocsf for prioritization

Edited Jan 26, 2021 by Jonathan Schafer