Skip to content

Allow re-dismissing vulnerabilities

mo khan requested to merge mokhax/418825/re-dismiss into master

What does this MR do and why?

This change allows re-dismissing vulnerabilities that have already been dismissed. It reverts a recommended change as per UX guidance.

explain SELECT
  "vulnerabilities"."id",
  "vulnerabilities"."state",
  "vulnerabilities"."project_id"
FROM
  "vulnerabilities"
WHERE
  "vulnerabilities"."id" IN (4326, 4327, 4328, 4329, 4330, 4331, 4332, 4333, 4334, 4335, 4336, 4337, 4338, 4339, 4340, 4341, 4342, 4343, 4344, 4345, 4346, 4347, 4348, 4349, 4350, 4351, 4352, 4353, 4354, 4355, 4356, 4357, 4358, 4359, 4360, 4361, 4362, 4363, 4364, 4365, 4366, 4367, 4368, 4369, 4370, 4371, 4372, 4373, 4374, 4375, 4376, 4377, 4378, 4379, 4380, 4381, 4382, 4383, 4384, 4385, 4386, 4387, 4388, 4389, 4390, 4391, 4392, 4393, 4394, 4395, 4396, 4397, 4398, 4399, 4400, 4401, 4402, 4403, 4404, 4405, 4406, 4407, 4408, 4409, 4410, 4411, 4412, 4413, 4414, 4415, 4416, 4417, 4418, 4419, 4420, 4421, 4422, 4423, 4424, 4425);

https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/21017/commands/68719

#418825 (closed)

How to set up and validate locally

  1. Visit the graphql explorer http://gdk.test:3000/-/graphql-explorer
  2. Execute the mutation 
    mutation dismissVulnerabilities($ids: [VulnerabilityID!]!, $comment: String!) {
  vulnerabilitiesDismiss(
    input: {vulnerabilityIds: $ids, comment: $comment, dismissalReason: USED_IN_TESTS}
  ) {
    vulnerabilities {
      id
      state
      dismissedAt
      dismissedBy {
        name
      }
      stateTransitions {
        nodes {
          dismissalReason
          fromState
          toState
          comment
          author {
            name
          }
        }
      }
    }
    errors
  }
}
    {
  "ids": [
    "gid://gitlab/Vulnerability/100",
    "gid://gitlab/Vulnerability/101",
    "gid://gitlab/Vulnerability/102"
  ],
  "comment": "A comment"
}
  3. Verify the results by checking that the state is DISMISSED and that the stateTransitions includes a transition with a toState of DISMISSED.
  4. Re-run the same mutation with a different dismissal reason.
  5. Verify that the new dismissal reason is returned in the results.

image image

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by mo khan

Merge request reports