Update Mutations::Vulnerabilities::Create to accept a Vulnerability location

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Why are we doing this work?

When working on changes required for #10272 (closed) the merge request grew very quickly and I had to "stub" out Types::VulnerabilityLocation::GenericType which is going to return an empty description for all Vulnerabilities created via Mutations::Vulnerabiliites::Create.

Currently we have the following location types in our GraphQL API:

• VulnerabilityLocation::ContainerScanningType,
• VulnerabilityLocation::DependencyScanningType,
• VulnerabilityLocation::DastType,
• VulnerabilityLocation::SastType,
• VulnerabilityLocation::SecretDetectionType,
• VulnerabilityLocation::CoverageFuzzingType,
• VulnerabilityLocation::GenericType

We should update the mutation to allow users to provide different location types for Vulnerabilities they create via their APIs

Problems

GraphQL still has no InputUnion type

• RFC: https://github.com/graphql/graphql-wg/blob/main/rfcs/InputUnion.md
• Possible solution: https://github.com/graphql/graphql-spec/pull/733
• Another possible solution: https://github.com/graphql/graphql-spec/pull/825

Implementation plan

• backend Implement VulnerabilityLocationInputType
• backend Extend Mutations::Vulnerabiliites::Create to accept a `VulnerabilityLocationInputType
• backend Extend Vulnerabilities::ManuallyCreateService to store the location in Findings raw_metadata and associated Evidence models