Respond with error for `securityFindingDismiss` mutation if the report finding is not found
Summary
securityFindingDismiss GraphQL mutation responds without error even if the operation does not succeed which confuses the API users. This happens in the case where all the report artifacts containing the security finding are expired and removed from the system.
See https://gitlab.com/gitlab-com/sec-sub-department/section-sec-request-for-help/-/issues/236#note_1843927915 for more information.
Steps to reproduce
- Run a pipeline which introduces a new finding(use static reports template project for ease)
- Note the UUID of the vulnerability
- Remove the artifacts of the CI job from the system
- Run the
securityFindingDismissGraphQL mutation with the UUID of the finding
You will see no errors in the GraphQL mutation response.
Example Project
https://gitlab.com/gitlab-org/govern/demos/sandbox/minac/static-reports/with-expiring-artifacts
What is the current bug behavior?
securityFindingDismiss GraphQL query does not bubble up errors to the client
What is the expected correct behavior?
securityFindingDismiss GraphQL query has to bubble up errors to the client if the report finding is not found.
Output of checks
This bug happens on GitLab.com
Possible fixes
TBD