Reflect user comment on vulnerability state change system note
When a user modifies the state (typically dismissal) of a vulnerability, they are able to add a comment. The current designs express desire to reflect this comment in the system note.
#267582[design_1682361393951.png]
![#267582[design_1682361393951.png]](https://gitlab.com/gitlab-org/gitlab/-/issues/267582/designs/design_1682361393951.png){kind=link}
Due caution will be necessary however, that we carefully check the contents of this field before presenting it, as we will need to check for and appropriately handle:
- Empty comment
- Overlong comment
- Attempted code injection (x-site scripting) or other tampering.
- Other possible bad behaviour.
Implementation Plan
-
backend modify
SystemNotes::VulnerabilitiesService#state_change_bodyinee/app/services/system_notes/vulnerabilities_service.rbto include the user comment (if provided) in the system note generated.
Edited by Malcolm Locke