Add dismissal data to SecurityReportFinding
What does this MR do and why?
This MR adds dismissal data to the PipelineSecurotyReportFindingType used by project.pipeline.securityReportFinding and project.pipeline.securityReportFindings.
Screenshots or screen recordings
Database
EXPLAIN SELECT "vulnerability_feedback".* FROM "vulnerability_feedback" WHERE
"vulnerability_feedback"."finding_uuid" IN (
'cb3c6229-3d3a-5245-b734-8b6b25d69337', 'a745cfcb-e813-5b61-87c3-5cd84c55cdcc',
'493cf94e-669a-53b8-82c5-44aa3019cd0d', '87e7e525-f406-5317-adb7-e042b65e4f9f',
'c9e40395-72cd-54f5-962f-e1d52c0dffab', 'b369de1c-f9e1-521f-ad7f-0586b6659369')
AND "vulnerability_feedback"."feedback_type" = 0 https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/14794/commands/51714
Time: 36.124 ms
- planning: 2.267 ms
- execution: 33.857 ms
- I/O read: 33.557 ms
- I/O write: 0.000 ms
Shared buffers:
- hits: 12 (~96.00 KiB) from the buffer pool
- reads: 18 (~144.00 KiB) from the OS file cache, including disk I/O
- dirtied: 0
- writes: 0 SELECT "users"."id",
"users"."email",
"users"."encrypted_password",
"users"."reset_password_token",
"users"."reset_password_sent_at",
"users"."remember_created_at",
"users"."sign_in_count",
"users"."current_sign_in_at",
"users"."last_sign_in_at",
"users"."current_sign_in_ip",
"users"."last_sign_in_ip",
"users"."created_at",
"users"."updated_at",
"users"."name",
"users"."admin",
"users"."projects_limit",
"users"."failed_attempts",
"users"."locked_at",
"users"."username",
"users"."can_create_group",
"users"."can_create_team",
"users"."state",
"users"."color_scheme_id",
"users"."password_expires_at",
"users"."created_by_id",
"users"."last_credential_check_at",
"users"."avatar",
"users"."confirmation_token",
"users"."confirmed_at",
"users"."confirmation_sent_at",
"users"."unconfirmed_email",
"users"."hide_no_ssh_key",
"users"."admin_email_unsubscribed_at",
"users"."notification_email",
"users"."hide_no_password",
"users"."password_automatically_set",
"users"."encrypted_otp_secret",
"users"."encrypted_otp_secret_iv",
"users"."encrypted_otp_secret_salt",
"users"."otp_required_for_login",
"users"."otp_backup_codes",
"users"."public_email",
"users"."dashboard",
"users"."project_view",
"users"."consumed_timestep",
"users"."layout",
"users"."hide_project_limit",
"users"."note",
"users"."unlock_token",
"users"."otp_grace_period_started_at",
"users"."external",
"users"."incoming_email_token",
"users"."auditor",
"users"."require_two_factor_authentication_from_group",
"users"."two_factor_grace_period",
"users"."last_activity_on",
"users"."notified_of_own_activity",
"users"."preferred_language",
"users"."email_opted_in",
"users"."email_opted_in_ip",
"users"."email_opted_in_source_id",
"users"."email_opted_in_at",
"users"."theme_id",
"users"."accepted_term_id",
"users"."feed_token",
"users"."private_profile",
"users"."roadmap_layout",
"users"."include_private_contributions",
"users"."commit_email",
"users"."group_view",
"users"."managing_group_id",
"users"."first_name",
"users"."last_name",
"users"."static_object_token",
"users"."role",
"users"."user_type",
"users"."static_object_token_encrypted",
"users"."otp_secret_expires_at",
"users"."onboarding_in_progress"
FROM "users"
WHERE "users"."id" = 4473655 https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/14794/commands/51720
Time: 30.446 ms
- planning: 5.789 ms
- execution: 24.657 ms
- I/O read: 24.339 ms
- I/O write: 0.000 ms
Shared buffers:
- hits: 0 from the buffer pool
- reads: 4 (~32.00 KiB) from the OS file cache, including disk I/O
- dirtied: 1 (~8.00 KiB)
- writes: 0 How to set up and validate locally
- Run a pipeline on a sample project (https://gitlab.com/gitlab-examples/security/security-reports).
- Dismiss one or more vulnerabilities
Test query on dismissed security findings and non-dismissed security findings:
query {
project(fullPath:"<project path>") {
pipeline(iid:"<pipeline iid>") {
securityReportFindings(state: [DISMISSED]) {
nodes {
uuid
dismissedAt
dismissedBy {
name
}
dismissalReason
stateComment
}
}
}
}
}Test query on non-dismissed security findings:
query {
project(fullPath:"<project path>") {
pipeline(iid:"<pipeline iid>") {
securityReportFindings(state: [DETECTED]) {
nodes {
uuid
dismissedAt
dismissedBy {
name
}
dismissalReason
stateComment
}
}
}
}
}Test query on a dismissed security finding and a non-dismissed security finding (use previous queries for examples):
query {
project(fullPath:"<project path>") {
pipeline(iid:"<pipeline iid>") {
securityReportFinding(uuid:"<uuid>") {
dismissedAt
dismissedBy {
name
}
dismissalReason
stateComment
}
}
}
}MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #387865 (closed)
Edited by Jonathan Schafer