Skip to content

Fix missing canAdminVulnerability injection

Lorenz van Herwaarden requested to merge add-can-admin-vulnerability-mr-widget-data into master

What does this MR do and why?

Related #434360 (closed)

The canAdminVulnerability check was added in Hide vulnerability dismiss buttons for users wi... (!138867 - merged) • Daniel Tian • 17.0, but when the modal is used on the mr widget (this is the case when standalone_finding_modal_merge_request_widget feature flag is enabled), this injection is missing. With this MR, canAdminVulnerability is properly provided.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Prerequisites

  1. You need an EE license
  2. You need to have runners enabled (See $2408961 for setting up a runner)
  3. Import https://gitlab.com/gitlab-org/govern/demos/sandbox/minac/test-remediations
  4. Do not run a pipeline yet on master!

Validate

  1. Enable feature flag: echo "Feature.enable(:standalone_finding_modal_merge_request_widget)" | gdk rails c
  2. In the imported test-remediations project
    1. go to reports/sast.json and remove both entries in vulnerabilities, leaving effectively an empty array
    2. commit and push this to master
    3. now, in reports/sast.json, add the removed vulnerabilities back again, but commit and push to a new branch, and create a merge request.
  3. In the MR, expand the security scanning widget and click on any finding
  4. Validate that there is no console error about a missing injection
  5. Validate that the "Dismiss vulnerability" button is visible

Merge request reports