Skip to content

Title and description missing from issues created from vulnerabilities in the group security dashboard

Summary

When an issue is created from a vulnerability on the group security dashboard, the resulting issue doesn't have a title (and no description too when vulnerability description is empty as it falls back to title in this case).

Steps to reproduce

  1. Go to a group security dashboard, like https://gitlab.com/groups/gitlab-org/-/security/dashboard
  2. Select a vulnerability, and open the corresponding modal (click on the vulnerability text)
  3. Select "Create an Issue"

What is the current bug behavior?

The issue title is "Investigate vulnerability:"

What is the expected correct behavior?

The issue title is "Investigate vulnerability: Possible SQL injection"

Relevant logs and/or screenshots

See https://gitlab.com/groups/gitlab-org/-/security/dashboard And a created issue: https://gitlab.com/gitlab-org/gitlab-ee/issues/8473

Possible fixes

Change title in ee/lib/gitlab/vulnerabilities/standard_vulnerability.rb so that it falls back to the name property which is present in the parameters. Exemple of parameters:

vulnerability_feedback:
  feedback_type: issue
  category: sast
  project_fingerprint: 8fac98c156431a8bdb7a69a935cc564c314ab776
  vulnerability_data:
    id: 56
    report_type: sast
    name: Use of insecure MD2,  MD4,  or MD5 hash function.
    severity: medium
    confidence: high
    scanner:
      external_id: bandit
      name: Bandit
    identifiers:
    - external_type: bandit_test_id
      external_id: B303
      name: Bandit Test ID B303
      url: 
    project_fingerprint: 8fac98c156431a8bdb7a69a935cc564c314ab776
    vulnerability_feedback_url: http://gitlab.dev.issarlk.net:3001/gitlab-org/test/vulnerability_feedback
    project:
      id: 14
      name: test
      full_path: "/gitlab-org/test"
      full_name: Gitlab Org / test
    dismissal_feedback: 
    issue_feedback: 
    description: 
    solution: 
    location:
      file: python/imports/imports-aliases.py
      start_line: 13
      end_line: 13
    links: []
    hasIssue: false
    isDismissed: false
    category: sast

And make the description also falling back to that property.

Or fix whatever is generating these parameters.

/cc @bikebilly

Edited by Olivier Gonzalez