Clicking a vulnerability in the merge request widget results in an error

Summary

Clicking on a vulnerability in the MR widget results in an error. There's a 500 on the backend GraphQL request.

Steps to reproduce

Open MR with results in MR widget, click vulnerability

Example Project

gitlab-pages!1041 (merged)

What is the current bug behavior?

See screenshot above

What is the expected correct behavior?

No error

Relevant logs and/or screenshots

From the logs in Elastic

undefined method `cwe?' for {:url=>nil, :name=>"gosec.G302-1", :external_id=>"gosec.G302-1", :fingerprint=>"11ecf6b820c366b5fc9cf0c204ae34abc732ae15", :external_type=>"semgrep_id"}:Hash

      "exception.backtrace": [
        "ee/app/models/security/finding.rb:248:in `each'",
        "ee/app/models/security/finding.rb:248:in `find'",
        "ee/app/models/security/finding.rb:248:in `cwe_value'",
        "ee/app/models/security/finding.rb:257:in `ai_resolution_enabled?'",
        "lib/gitlab/graphql/present/field_extension.rb:18:in `resolve'",
        "lib/gitlab/graphql/tracers/instrumentation_tracer.rb:19:in `execute_multiplex'",
        "app/graphql/gitlab_schema.rb:44:in `multiplex'",
        "app/controllers/graphql_controller.rb:223:in `execute_query'",
        "app/controllers/graphql_controller.rb:67:in `execute'",
        "lib/gitlab/ip_address_state.rb:11:in `with'",
        "ee/app/controllers/ee/application_controller.rb:45:in `set_current_ip_address'",
        "app/controllers/application_controller.rb:484:in `set_current_admin'",
        "lib/gitlab/session.rb:11:in `with_session'",
        "app/controllers/application_controller.rb:475:in `set_session_storage'",
        "lib/gitlab/i18n.rb:114:in `with_locale'",
        "lib/gitlab/i18n.rb:120:in `with_user_locale'",
        "app/controllers/application_controller.rb:466:in `set_locale'",
        "app/controllers/application_controller.rb:459:in `set_current_context'",
        "lib/gitlab/middleware/action_controller_static_context.rb:23:in `call'",
        "ee/lib/omni_auth/strategies/group_saml.rb:41:in `other_phase'",
        "lib/gitlab/metrics/elasticsearch_rack_middleware.rb:16:in `call'",
        "lib/gitlab/middleware/sidekiq_shard_awareness_validation.rb:20:in `block in call'",
        "lib/gitlab/sidekiq_sharding/validator.rb:42:in `enabled'",
        "lib/gitlab/middleware/sidekiq_shard_awareness_validation.rb:20:in `call'",
        "lib/gitlab/middleware/memory_report.rb:13:in `call'",
        "lib/gitlab/middleware/speedscope.rb:13:in `call'",
        "lib/gitlab/database/load_balancing/rack_middleware.rb:23:in `call'",
        "lib/gitlab/middleware/rails_queue_duration.rb:33:in `call'",
        "lib/gitlab/etag_caching/middleware.rb:21:in `call'",
        "lib/gitlab/metrics/rack_middleware.rb:16:in `block in call'",
        "lib/gitlab/metrics/web_transaction.rb:46:in `run'",
        "lib/gitlab/metrics/rack_middleware.rb:16:in `call'",
        "lib/gitlab/middleware/go.rb:21:in `call'",
        "lib/gitlab/middleware/query_analyzer.rb:11:in `block in call'",
        "lib/gitlab/database/query_analyzer.rb:83:in `within'",
        "lib/gitlab/middleware/query_analyzer.rb:11:in `call'",
        "lib/ci/job_token/middleware.rb:11:in `call'",
        "lib/gitlab/middleware/multipart.rb:173:in `call'",
        "lib/gitlab/middleware/read_only/controller.rb:50:in `call'",
        "lib/gitlab/middleware/read_only.rb:18:in `call'",
        "lib/gitlab/middleware/unauthenticated_session_expiry.rb:18:in `call'",
        "lib/gitlab/middleware/strip_cookies.rb:29:in `call'",
        "lib/gitlab/middleware/same_site_cookies.rb:27:in `call'",
        "lib/gitlab/middleware/path_traversal_check.rb:40:in `call'",
        "lib/gitlab/middleware/handle_malformed_strings.rb:21:in `call'",
        "lib/gitlab/middleware/basic_health_check.rb:25:in `call'",
        "lib/gitlab/middleware/handle_ip_spoof_attack_error.rb:25:in `call'",
        "lib/gitlab/middleware/request_context.rb:15:in `call'",
        "lib/gitlab/middleware/webhook_recursion_detection.rb:15:in `call'",
        "config/initializers/fix_local_cache_middleware.rb:11:in `call'",
        "lib/gitlab/middleware/compressed_json.rb:44:in `call'",
        "lib/gitlab/middleware/rack_multipart_tempfile_factory.rb:19:in `call'",
        "lib/gitlab/middleware/sidekiq_web_static.rb:20:in `call'",
        "lib/gitlab/metrics/requests_rack_middleware.rb:79:in `call'",
        "lib/gitlab/middleware/release_env.rb:13:in `call'"
      ],

Output of checks

This bug happens on GitLab.com

Results of GitLab environment info

Expand for output related to GitLab environment info


(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check

(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)
(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)
(we will only investigate if the tests are passing)

Possible fixes

See !168658 (merged)

Edited Oct 09, 2024 by Lucas Charles