Skip to content
Snippets Groups Projects

Fix "Vulnerability report errors out when users select `Show 100 items` and switch tabs"

Merged Paul Gascou-Vaillancourt requested to merge 366951-vuln-report-query-complexity into master
All threads resolved!

What does this MR do and why?

This fixes a bug where the VulnerabilityList component would trigger an unnecessary GraphQL query when the user had selected a custom page size. In addition to hitting the API unnecessarily, the addition query could sometimes cause the backend to throw an error about the maximum query complexity being exceeded. That's likely because both queries were bundled in a single transaction thanks to VueApollo's magic.

The root cause of this is that the VulnerabilityList defines its own default page size (DEFAULT_PAGE_SIZE = 20) when it mounts, but then relies on the LocalStorageSync triggering an event to restore the user-selected size from the local storage. This MR fixes this by ensuring the local storage value is retrieved before VulnerabilityList even renders anything so that we don't have to wait on LocalStorageSync's event.

Screenshots or screen recordings

Before After
Screen_Shot_2022-07-07_at_2.17.47_PM Screen_Shot_2022-07-07_at_2.20.38_PM

How to set up and validate locally

  1. Navigate to a project's Security & Compliance > Vulnerability Report page.
  2. At the bottom of the page, select any value other than 20 in the page size dropdown.
  3. At the top of the page, activate the Operational vulnerabilities tab.
  4. In the Network development tab, inspect the latest graphql transaction.
    • Before those changes, you should see two queries in the same transaction.
    • After those changes, there should be only one query, with the first parameter corresponding to the page size you previously selected.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #366951 (closed)

Edited by Paul Gascou-Vaillancourt

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • changed milestone to %15.2

  • Paul Gascou-Vaillancourt changed title from Add a test for when page size is retrieved from local storage to {+Fix "Vulnerability report errors out when users select Show 100 items and switch tabs"+}

    changed title from Add a test for when page size is retrieved from local storage to {+Fix "Vulnerability report errors out when users select Show 100 items and switch tabs"+}

  • Suggested Reviewers (beta)

    The individuals below may be good candidates to participate in the review based on various factors.

    You can use slash commands in comments to quickly assign /assign_reviewer @user1.

    Suggested Reviewers
    @ntepluhina, @peterhegman, @sming-gitlab, @dpisek, @svedova

    If you do not believe these suggestions are useful, please apply the label Bad Suggested Reviewer. You can also provide feedback for this feature on this issue: https://gitlab.com/gitlab-org/gitlab/-/issues/357923.

    Automatically generated by Suggested Reviewers Bot - an experimental ML-based recommendation engine created by ~"group::applied ml".

  • Reviewer roulette

    Changes that require review have been detected!

    Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:

    Category Reviewer Maintainer
    frontend Payton Burdette (@pburdette) (UTC-4, same timezone as @pgascouvaillancourt) David O'Regan (@oregand) (UTC+1, 5 hours ahead of @pgascouvaillancourt)

    To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.

    To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.

    Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.

    If needed, you can retry the :repeat: danger-review job that generated this comment.

    Generated by :no_entry_sign: Danger

  • Bundle size analysis [beta]

    This compares changes in bundle size for entry points between the commits d75ed311 and 90ab0a39

    :sparkles: Special assets

    Entrypoint / Name Size before Size after Diff Diff in percent
    mainChunk 1.98 MB 1.96 MB -11.94 KB -0.6 %
    average 3.54 MB 3.53 MB -9.4 KB -0.3 %

    :fearful: Significant Growth: 17

    Expand
    Entrypoint / Name Size before Size after Diff Diff in percent
    pages.projects.work_items 974.25 KB 1.35 MB +403.54 KB 41.4 %
    pages.projects.merge_requests.show 5.39 MB 5.52 MB +139.25 KB 2.5 %
    pages.projects.releases.edit 1.56 MB 1.61 MB +55.16 KB 3.5 %
    pages.projects.releases.new 1.56 MB 1.61 MB +55.16 KB 3.5 %
    pages.admin.audit_logs 1.22 MB 1.25 MB +31.43 KB 2.5 %
    pages.groups.audit_events 1.22 MB 1.25 MB +29.59 KB 2.4 %
    pages.projects.audit_events 1.39 MB 1.42 MB +29.59 KB 2.1 %
    pages.operations.environments 339.03 KB 351.27 KB +12.24 KB 3.6 %
    pages.operations.index 467.45 KB 479.69 KB +12.24 KB 2.6 %
    pages.admin 18.64 KB 20.48 KB +1.84 KB 9.9 %

    The table above is limited to 10 entries. Please look at the full report for more details

    :new: New entry points: 2

    Expand
    Entrypoint / Name Size before Size after Diff Diff in percent
    pages.groups.runners.index 0 Bytes 1.39 MB +1.39 MB 100.0 %
    pages.groups.runners.show 0 Bytes 1013.91 KB +1013.91 KB 100.0 %

    Your MR has at least one entrypoint growing significantly (more > 1 KB or 2%). If you write new or extend existing features, this is expected and there is nothing to worry about.

    Please consider pinging someone from the FE Foundations (@dmishunov, @justin_ho, @mikegreiling or @nmezzopera) for review, if you are unsure about the size increase.

    Note: We do not have exact data for d75ed311. So we have used data from: 7af59d4f.
    The target commit was too new, so we used the latest commit from master we have info on.
    It might help to rerun the bundle-size-review job
    This might mean that you have a few false positives in this report. If something unrelated to your code changes is reported, you can check this comparison in order to see if they caused this change.

    Please look at the full report for more details


    Read more about how this report works.

    Generated by :no_entry_sign: Danger

  • added 2 commits

    • bd8ad01e - Add a test for when page size is retrieved from local storage
    • 18ae4ff0 - Retrieve pageSize from local storage as soon as possible

    Compare with previous version

  • requested review from @dpisek

  • Allure report

    allure-report-publisher generated test report!

    review-qa-blocking: :exclamation: test report for 90ab0a39

    expand test summary
    +---------------------------------------------------------------------------+
    |                              suites summary                               |
    +----------------------+--------+--------+---------+-------+-------+--------+
    |                      | passed | failed | skipped | flaky | total | result |
    +----------------------+--------+--------+---------+-------+-------+--------+
    | Create               | 23     | 0      | 2       | 23    | 25    | ❗     |
    | Verify               | 12     | 0      | 1       | 12    | 13    | ❗     |
    | Manage               | 37     | 0      | 2       | 39    | 39    | ❗     |
    | Plan                 | 47     | 0      | 1       | 47    | 48    | ❗     |
    | Secure               | 2      | 0      | 0       | 2     | 2     | ❗     |
    | Package              | 0      | 0      | 1       | 0     | 1     | ➖     |
    | Protect              | 2      | 0      | 0       | 2     | 2     | ❗     |
    | Version sanity check | 0      | 0      | 1       | 0     | 1     | ➖     |
    | Configure            | 0      | 0      | 1       | 0     | 1     | ➖     |
    +----------------------+--------+--------+---------+-------+-------+--------+
    | Total                | 123    | 0      | 9       | 125   | 132   | ❗     |
    +----------------------+--------+--------+---------+-------+-------+--------+
  • added 1 commit

    • ffcfdaf7 - Retrieve pageSize from local storage as soon as possible

    Compare with previous version

  • David Pisek
  • David Pisek
  • David Pisek approved this merge request

    approved this merge request

  • David Pisek removed review request for @dpisek

    removed review request for @dpisek

  • :wave: @dpisek, thanks for approving this merge request.

    This is the first time the merge request is approved. To ensure full test coverage, a new pipeline has been started.

    For more info, please refer to the following links:

  • added 114 commits

    • ffcfdaf7...d75ed311 - 111 commits from branch master
    • d8884a87 - Add a test for when page size is retrieved from local storage
    • 60c3b7da - Retrieve pageSize from local storage as soon as possible
    • 7650f89a - fixup! Add a test for when page size is retrieved from local storage

    Compare with previous version

  • Paul Gascou-Vaillancourt marked this merge request as draft from 7650f89a

    marked this merge request as draft from 7650f89a

  • requested review from @svedova

  • Paul Gascou-Vaillancourt changed the description

    changed the description

  • added 2 commits

    • b6ad909b - Add a test for when page size is retrieved from local storage
    • 90ab0a39 - Retrieve pageSize from local storage as soon as possible

    Compare with previous version

  • Paul Gascou-Vaillancourt marked this merge request as ready

    marked this merge request as ready

  • Savas Vedova approved this merge request

    approved this merge request

  • Savas Vedova resolved all threads

    resolved all threads

  • merged

  • Savas Vedova mentioned in commit 9cd65b77

    mentioned in commit 9cd65b77

  • mentioned in issue #366951 (closed)

  • added workflowstaging label and removed workflowcanary label

  • Please register or sign in to reply
    Loading