Skip to content

Fix rendering of file location when blob-path and line numbers are empty

David Pisek requested to merge dpisek-fix-file-rendering-for-standalone-sec-finding-modal into master

What does this MR do and why?

The standalone security finding modal currently renders a link to a file-location, even if there is no link to the file (blobPath field is used for the link) coming from the GraphQL API. It also renders undefined as line number markers.

This MR fixes the behavior and only renders the link (and line numbers) when they contain values.

Screenshots or screen recordings

before after
Screenshot_2023-05-03_at_10.32.08_am Screenshot_2023-05-03_at_10.32.21_am

How to set up and validate locally

Setup

  1. Have the related FF enabled: echo "Feature.enable(:standalone_finding_modal)" | rails c
  2. You'll need an EE License
  3. You'll need to have runners enabled (See $2408961 for setting up a runner)
  4. Import https://gitlab.com/gitlab-examples/security/security-reports
  5. Run a pipeline on master

Validation

  1. Go to the pipeline's security report tab
  2. Set Filter: Tool -> SAST
  3. Click on a finding
  4. Verify that Location -> File does not render a broken link or undefined as a line number

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by David Pisek

Merge request reports