Add error message if no code supplied for resolve vulnerability
From discussion: #432738 (comment 1663046077)
We could probably make it a little more transparent, but the AI has no ability to generate a patch if it's not supplied code, and we probably wouldn't be able to generate a proper git patch either
Let's supply an error message if no code was supplied:
Implementation Plan
-
backend ensure a suitable message propagates to the GraphQL subscription when the vulnerability fails 'preflight' content checks (no code, too many lines, or code contains secrets) -
backend ensure errors from the services invoked by Gitlab::Llm::Completions::ResolveVulnerability
are propagated into the GraphQL subscription response.
Verification step
- Visit https://gitlab.com/gitlab-org/govern/threat-insights-demos/verification-projects/verify-432776/-/security/vulnerabilities/107341256
- Click the 'Resolve with AI' button.
- The error
Unable to locate source code for vulnerability
should be displayed.
Edited by Malcolm Locke