analyzers/gosec Vulnerability Report fails to load - null for non-nullable field VulnerabilityIssueLink.issue

Summary

There is no exception log on Sentry because this is a GraphQL schema expectation error and the GraphQL does not raise exception for the schema errors.

[{message: "Cannot return null for non-nullable field VulnerabilityIssueLink.issue"}]

The issue of an issue_link is nil, so we have a data integrity problem here. Unclear how widespread this is

Steps to reproduce

Visit https://gitlab.com/gitlab-org/security-products/analyzers/gosec/-/security/vulnerability_report
Note error loading vulns

Example Project

https://gitlab.com/gitlab-org/security-products/analyzers/gosec/-/security/vulnerability_report

What is the current bug behavior?

Vulns do not display

What is the expected correct behavior?

Vulns should display

Relevant logs and/or screenshots

Output of checks

This bug happens on GitLab.com

Possible fixes

From @minac:

The easiest solution would be to add INNER JOIN to the issues table while loading the issue_links relation of vulnerabilities. But we should try to find why this happened

Edited May 24, 2021 by Matt Wilson