Dismissal Type (BE): Permit Non-Transitive State Transitions for Dismissal Reason Change
Per #285470 (comment 1301703138), it has been determined that we would like to enable Vulnerability::StateTransitions
to reflect a modification in dismissal reason without modifying the state itself. In order to facilitate this, the validations will need to be modified slightly.
Implementation Plan
-
Modify the Vulnerability::StateTransition
validations to permit to_state and from_state to match, only if thedismissal_reason
differs from the prior state transition for the respective vulnerability.
Verification steps
- Use this test project and vulnerability (
gid://gitlab/Vulnerability/78477784
) through graphql explorer. - Use the following query to check the presence of stateTransitions including the
VulnerabilityStateTransitionType
.
query {
vulnerability(id: "gid://gitlab/Vulnerability/78477784") {
stateTransitions{
nodes{
dismissalReason
createdAt
fromState
toState
}
}
}
}
- Use the following mutation to update
dismissalReason
while returning thestateTransitions
.
mutation {
vulnerabilityDismiss(input: {id: "gid://gitlab/Vulnerability/78477784", dismissalReason: ACCEPTABLE_RISK} ){
vulnerability{
id
stateTransitions{
nodes{
dismissalReason
createdAt
fromState
toState
}
}
}
}
}
Example of Expected Response
{
"data": {
"vulnerabilityDismiss": {
"vulnerability": {
"id": "gid://gitlab/Vulnerability/78477784",
"stateTransitions": {
"nodes": [
{
"dismissalReason": "ACCEPTABLE_RISK",
"createdAt": "2023-03-22T09:52:10Z",
"fromState": "DETECTED",
"toState": "DISMISSED"
},
{
"dismissalReason": null,
"createdAt": "2023-03-22T09:48:34Z",
"fromState": "DISMISSED",
"toState": "DETECTED"
},
{
"dismissalReason": null,
"createdAt": "2023-03-22T09:47:51Z",
"fromState": "DETECTED",
"toState": "DISMISSED"
}
]
}
}
}
}
}
- Once again, use the following mutation to update
dismissalReason
with a differentdismissalReason
while returning thestateTransitions
.
mutation {
vulnerabilityDismiss(input: {id: "gid://gitlab/Vulnerability/78477784", dismissalReason: FALSE_POSITIVE} ){
vulnerability{
id
stateTransitions{
nodes{
dismissalReason
createdAt
fromState
toState
}
}
}
}
}
Example of Expected Response
{
"data": {
"vulnerabilityDismiss": {
"vulnerability": {
"id": "gid://gitlab/Vulnerability/78477784",
"stateTransitions": {
"nodes": [
{
"dismissalReason": "FALSE_POSITIVE",
"createdAt": "2023-03-30T08:55:56Z",
"fromState": "DISMISSED",
"toState": "DISMISSED"
},
{
"dismissalReason": "ACCEPTABLE_RISK",
"createdAt": "2023-03-22T09:52:10Z",
"fromState": "DETECTED",
"toState": "DISMISSED"
},
{
"dismissalReason": null,
"createdAt": "2023-03-22T09:48:34Z",
"fromState": "DISMISSED",
"toState": "DETECTED"
},
{
"dismissalReason": null,
"createdAt": "2023-03-22T09:47:51Z",
"fromState": "DETECTED",
"toState": "DISMISSED"
}
]
}
}
}
}
}
Edited by Zamir Martins