Activity filter on Vulnerability Report throws error on group level dashboard
Summary
Applying the with issues filter on the gitlab.org group-level vulnerability report results in an error.
Steps to reproduce
- Go to https://gitlab.com/groups/gitlab-org/-/security/vulnerabilities/?activity=WITH_ISSUES
- Select
with issuesfrom the Activity filter - Observe error: Error fetching the vulnerability list. Please check your network connection and try again.
- Note that this does not happen when selecting the
no longer detected filter - Once the error is encountered, you cannot select a different filter to see the list again, you have to reload the page
Example Project
https://gitlab.com/groups/gitlab-org/-/security/vulnerabilities/?activity=NO_LONGER_DETECTED
This does not happen on smaller reports (such as the project level vuln report for gitlab-org or other group level reports with less results)
What is the current bug behavior?
An error message is displayed when selecting with issues from the Activity filter
What is the expected correct behavior?
An list of vulnerabilities that only have issues associated with them should be displayed when selecting with issues from the Activity filter
Relevant logs and/or screenshots
Console errors
Observable.js:63 Uncaught TypeError: Cannot read property 'vulnerabilities' of undefined
at a.update (first_class_group_security_dashboard_vulnerabilities.vue:47)
at t.value (vue-apollo.esm.js:887)
at t.value (vue-apollo.esm.js:913)
at m (Observable.js:134)
at O (Observable.js:165)
at e.value (Observable.js:224)
at bundle.esm.js:435
at Array.forEach ()
at g (bundle.esm.js:435)
at Object.o [as error] (bundle.esm.js:386)
update @ first_class_group_security_dashboard_vulnerabilities.vue:47
...
bundle.esm.js:63 Uncaught (in promise) Error: GraphQL error: Cannot return null for non-nullable field VulnerabilityIssueLink.issue
GraphQL error: Cannot return null for non-nullable field VulnerabilityIssueLink.issue
GraphQL error: Cannot return null for non-nullable field VulnerabilityIssueLink.issue
GraphQL error: Cannot return null for non-nullable field VulnerabilityIssueLink.issue
GraphQL error: Cannot return null for non-nullable field VulnerabilityIssueLink.issue
GraphQL error: Cannot return null for non-nullable field VulnerabilityIssueLink.issue
GraphQL error: Cannot return null for non-nullable field VulnerabilityIssueLink.issue
GraphQL error: Cannot return null for non-nullable field VulnerabilityIssueLink.issue
GraphQL error: Cannot return null for non-nullable field VulnerabilityIssueLink.issue
...
Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)(we will only investigate if the tests are passing)
Possible fixes
-
backend Modify VulnerabilitiesResolverto only return issue links and issues whenhas_issuesparameter is included. https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/app/graphql/resolvers/vulnerabilities_resolver.rb#L47