Add origin enum to Vulnerabilities
What does this MR do and why?
This MR adds origin
enum to Vulnerability
to allow us to distinguish between Vulnerabilities created by GitLab CI security scanning feature and Vulnerabilities created via our GraphQL mutation.
Related to #341263 (closed)
How to set up and validate locally
- Checkout this branch
bundle exec rails db:migrate
bundle exec rails runner 'Feature.enable(:create_vulnerabilities_via_api)'
- Go to http://localhost:3000/-/graphql-explorer
- Invoke the following mutation:
mutation vulnerabilityCreate($input: VulnerabilityCreateInput!) {
vulnerabilityCreate(input: $input) {
errors
clientMutationId
vulnerability: vulnerability {
id
vulnerabilityPath
project {
id
fullPath
}
}
}
}
with the following inputs
{
"input": {
"project": "gid://gitlab/Project/20",
"title": "A manual vulnerability number 2",
"description": "A descriptive description",
"scannerName": "Test",
"state": "CONFIRMED",
"identifiers": [
{
"name": "CVE-3",
"url": "http://localhost"
}
]
}
}
- Verify there are no errors
- Execute the following query
{
vulnerability(id: "gid://gitlab/Vulnerability/121") {
id
origin
}
}
- Verify the result is
{
"data": {
"vulnerability": {
"id": "gid://gitlab/Vulnerability/121",
"origin": "API"
}
}
}
bundle exec rails runner 'Feature.disable(:create_vulnerabilities_via_api)'
bundle exec rails db:rollback
Database review
gitlab on 341263-add-created_via_api-flag-to-vulnerabilities [!?] via ⬢ v14.15.4 via 💎 ruby ➜ bundle exec rails db:migrate
== 20210920140342 AddOriginToVulnerabilities: migrating =======================
-- add_column(:vulnerabilities, :origin, :integer, {:default=>1})
-> 0.0011s
== 20210920140342 AddOriginToVulnerabilities: migrated (0.0012s) ==============
gitlab on 341263-add-created_via_api-flag-to-vulnerabilities [!?] via ⬢ v14.15.4 via 💎 ruby ➜ bundle exec rails db:rollback
== 20210920140342 AddOriginToVulnerabilities: reverting =======================
-- remove_column(:vulnerabilities, :origin, :integer, {:default=>1})
-> 0.0009s
== 20210920140342 AddOriginToVulnerabilities: reverted (0.0018s) ==============
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Michał Zając