Fix Explain This Vulnerability Disregarding `include_source_code` (!130875) · Merge requests · GitLab.org / GitLab

Gregory Havenga requested to merge 424157-fix-explain-this-vulnerability-disregarding-include_source_code into master Sep 04, 2023

What does this MR do and why?

This MR modifies the Explain This Vulnerability completions class to properly pass the include_source_code parameter to template class when requesting an AI response, ensuring that user code is not sent to the LLM against the user directive.

How to set up and validate locally

Gitlab::Llm::Templates::ExplainVulnerability.new(Vulnerability.dast.last).to_prompt(include_source_code: true)

Executing the above should return nil as DAST vulnerabilities are not applicable for Explain This Vulnerability. If you follow the verification steps directed here for our null prompt handling, you should receive a null prompt error instead of a AI response.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #424157 (closed)

Edited Sep 05, 2023 by Gregory Havenga

Fix Explain This Vulnerability Disregarding `include_source_code`

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports