Error on bulk dismissing vulnerabilities
Summary
When multiple vulnerabilities are selected and dismissed on some occasions it shows an error. I tried today by dismissing 4 vulnerabilities and the error There was an error dismissing 4 vulnerabilities. Please try again later.
came up. This issue does not happen all the time.
Steps to reproduce
Select multiple vulnerabilities, Select a reason (I choose FP), then click on Dismiss Selected
.
Example Project
This issue is happening in the project https://gitlab.com/gitlab-org/gitlab. This was noticed during dashboard triage by appsec team members https://gitlab.com/gitlab-com/gl-security/appsec/appsec-team/-/issues/125#note_505620613
What is the current bug behavior?
Multiple vulnerabilities cannot be dismissed in bulk, at times.
What is the expected correct behavior?
Multiple vulnerabilities can be dismissed without erro.
Relevant logs and/or screenshots
Output of checks
This bug happens on GitLab.com
Possible fixes
-
backend Make sure that vulnerability id's are exposed on the Vulnerability Report view. -
backend Update Mutations::Vulnerabilities::Dismiss
(ee/app/graphql/mutations/vulnerabilities/dismiss.rb
) to accept an array of IDs. -
backend Update Vulnerabilities::DismissService
to perform one batch operation. -
backend Update Vulnerabilities::DismissService
to schedule background workers if over 100 vulnerabilities are selected (this can be skipped if you can only selected one page worth of Vulnerabilities). -
Confirm that performance of the batch size is enough to update 100 records, otherwise adjust the limits accordingly. -
frontend Update frontend to send one query to GraphQL mutation with all selected ids.
Verification
Dismiss multiple vulnerabilities:
mutation dismissVulnerabilities($ids: [VulnerabilityID!]!, $comment: String!) {
vulnerabilitiesDismiss(
input: {vulnerabilityIds: $ids, comment: $comment, dismissalReason: USED_IN_TESTS}
) {
vulnerabilities {
id
state
dismissedAt
dismissedBy {
name
}
stateTransitions {
nodes {
dismissalReason
fromState
toState
comment
author {
name
}
}
}
}
errors
}
}