Skip to content

Fix finding details headers

Jonathan Schafer requested to merge 389916-vulnerabilitydetailtable-does-not-return-data-for-header-field into master

What does this MR do and why?

This MR adds a header field to the Types::VulnerabilityDetails::TableType. The type currently has a headers field, but that does not match the name of the data field being processed. It also does not return any data because the field names do not match. The headers field will be deprecated in favor of the new header field. Until deprecation, it will use the header field as its source. This also fixes the spec file to expect correct data. Also refactored to clean up the spec file.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Screenshot_2023-02-08_at_5.07.10_PM

How to set up and validate locally

  1. Clone the security reports project locally.
  2. Run the pipeline.
  3. Run the following query:
{
  project(fullPath: "root/security-reports") {
    id
    pipeline(iid: "1") {
      securityReportFindings(reportType: ["dast"]) {
        nodes {
          uuid
          title
        }
      }
    }
  }
}
  1. Using the uuid for the finding with "title": "X-Frame-Options Header Not Set", make the following query
{
  project(fullPath: "root/security-reports") {
    id
    pipeline(iid: "1") {
      securityReportFinding(uuid: "<uuid>") {
        uuid
        title
        details {
          ... on VulnerabilityDetailTable {
            fieldName
            header {
              ... on VulnerabilityDetailText {
                __typename
                description
                fieldName
                name
                value
              }
            }
            headers {
              ... on VulnerabilityDetailText {
                __typename
                description
                fieldName
                name
                value
              }
            }
          }
        }
      }
    }
  }
}
  1. The response should include (with headers == header:
{
  "fieldName": "table",
  "header": [
    {
      "__typename": "VulnerabilityDetailText",
      "description": null,
      "fieldName": null,
      "name": null,
      "value": "Number"
    },
    {
      "__typename": "VulnerabilityDetailText",
      "description": null,
      "fieldName": null,
      "name": null,
      "value": "Address"
    }
  ],
  "headers": [
    {
      "__typename": "VulnerabilityDetailText",
      "description": null,
      "fieldName": null,
      "name": null,
      "value": "Number"
    },
    {
      "__typename": "VulnerabilityDetailText",
      "description": null,
      "fieldName": null,
      "name": null,
      "value": "Address"
    }
  ]
},

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #389916 (closed)

Edited by Jonathan Schafer

Merge request reports