Add identifier field to securityTrainingUrls GraphQL Query
In order to capture the metric identifier when the training link is clicked, the training link must contain the identifier. Here's the related frontend issue > #353322 (comment 897929840)
Could we please include this information in our securityTrainingUrls
GraphQL Query response:
{
project(fullPath: "sec-group/security-reports-ex") {
id
securityTrainingUrls(identifierExternalIds: ["81", "79"]) {
name
status
url
identifier // 👈 the name of the vulnerability
}
}
}
Looking at the response from both our vendors, Kontra and SCW, looks like they do provide this information; both under the name
field.
// Sample response from SCW
{
url: "https://portal.securecodewarrior.com/?utm_source=partner-integration:gitlab#/website-trial/web/injection/sql/java/spring",
name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", 👈
description: "..."
};
// Sample response from Kontra
{
name: "Reflected Cross Site Scripting", 👈
"cwe": [
81,
83,
87
],
"language": "java",
"link": "https://application.security/free-application-security-training/owasp-top-10-reflected-cross-site-scripting"
}
Implementation plan:
-
Add external identifier (got from initializer https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/app/finders/security/training_providers/base_url_finder.rb) in api response output https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/app/finders/security/training_providers/base_url_finder.rb#L19-25
Edited by Subashis Chakraborty