Dismissal Types(BE): Add dismissal type reason to status-comment
Summary
ee/app/services/system_notes/vulnerabilities_service.rb
needs to be modified so that the noteable body that is saved includes the dismissal reason.
Currently the output merely presents the state in a format of:
"changed vulnerability status to dismissed".
In order to resolve this issue, we need to provide the reason for the state change as an addendum to the state as follows to include the reason for the change:
"changed vulnerability status to Dismissed: False Positive".
This may prove challenging as the current implementation merely relies on the fact that there been a state change and intuits the logic of the message based on current state of vulnerability and the other possible states. We will need to modify use of ee/app/services/ee/system_note_service.rb
across GitLab to provide the state transition context to the SystemNotes::VulnerabilitiesService
so that the appropriate message can be generated. The files that call this service are:
- ee/app/services/vulnerabilities/base_service.rb
- ee/app/services/security/token_revocation_service.rb
- ee/app/workers/vulnerabilities/mark_dropped_as_resolved_worker.rb
Original context from @lorenzvanherwaarden:
There are 2 parts to this issue: displaying the dismissal reason in the head and displaying the dismissal reason in comments (see screenshot).
The comment component history_entry.vue
just displays the body of the comment, which comes from the backend.
At first glance, I think changes will have to be made to ee/app/services/system_notes/vulnerabilities_service.rb
.
head
comment
Implementation Plan
-
Modify ee/app/services/ee/system_note_service.rb
to expect aVulnerabilities::StateTransition
and use it to write the appropriately formatted message. -
Update the following files to pass the state transition. This may be variable in difficulty due to the origin of the associated information. -
ee/app/services/vulnerabilities/base_service.rb
-
ee/app/services/security/token_revocation_service.rb
-
ee/app/workers/vulnerabilities/mark_dropped_as_resolved_worker.rb
-