Commit 10f52d3a authored by James Fargher's avatar James Fargher

Merge branch 'graphql_for_false_positive' into 'master'

Add false-positive info of Vulnerability in GraphQL query

See merge request gitlab-org/gitlab!66960
parents 432f80e4 dfaaceac
...@@ -13885,6 +13885,7 @@ Represents a vulnerability. ...@@ -13885,6 +13885,7 @@ Represents a vulnerability.
| <a id="vulnerabilitydismissedat"></a>`dismissedAt` | [`Time`](#time) | Timestamp of when the vulnerability state was changed to dismissed. | | <a id="vulnerabilitydismissedat"></a>`dismissedAt` | [`Time`](#time) | Timestamp of when the vulnerability state was changed to dismissed. |
| <a id="vulnerabilitydismissedby"></a>`dismissedBy` | [`UserCore`](#usercore) | The user that dismissed the vulnerability. | | <a id="vulnerabilitydismissedby"></a>`dismissedBy` | [`UserCore`](#usercore) | The user that dismissed the vulnerability. |
| <a id="vulnerabilityexternalissuelinks"></a>`externalIssueLinks` | [`VulnerabilityExternalIssueLinkConnection!`](#vulnerabilityexternalissuelinkconnection) | List of external issue links related to the vulnerability. (see [Connections](#connections)) | | <a id="vulnerabilityexternalissuelinks"></a>`externalIssueLinks` | [`VulnerabilityExternalIssueLinkConnection!`](#vulnerabilityexternalissuelinkconnection) | List of external issue links related to the vulnerability. (see [Connections](#connections)) |
| <a id="vulnerabilityfalsepositive"></a>`falsePositive` | [`Boolean`](#boolean) | Indicates whether the vulnerability is a false positive. Available only when feature flag `vulnerability_flags` is enabled. This flag is disabled by default, because the feature is experimental and is subject to change without notice. |
| <a id="vulnerabilityhassolutions"></a>`hasSolutions` | [`Boolean`](#boolean) | Indicates whether there is a solution available for this vulnerability. | | <a id="vulnerabilityhassolutions"></a>`hasSolutions` | [`Boolean`](#boolean) | Indicates whether there is a solution available for this vulnerability. |
| <a id="vulnerabilityid"></a>`id` | [`ID!`](#id) | GraphQL ID of the vulnerability. | | <a id="vulnerabilityid"></a>`id` | [`ID!`](#id) | GraphQL ID of the vulnerability. |
| <a id="vulnerabilityidentifiers"></a>`identifiers` | [`[VulnerabilityIdentifier!]!`](#vulnerabilityidentifier) | Identifiers of the vulnerability. | | <a id="vulnerabilityidentifiers"></a>`identifiers` | [`[VulnerabilityIdentifier!]!`](#vulnerabilityidentifier) | Identifiers of the vulnerability. |
......
...@@ -94,6 +94,11 @@ module Types ...@@ -94,6 +94,11 @@ module Types
description: 'Details of the vulnerability.', description: 'Details of the vulnerability.',
resolver: Resolvers::Vulnerabilities::DetailsResolver resolver: Resolvers::Vulnerabilities::DetailsResolver
field :false_positive, GraphQL::Types::Boolean, null: true,
description: 'Indicates whether the vulnerability is a false positive.',
resolver_method: :false_positive?,
feature_flag: :vulnerability_flags
def confirmed_by def confirmed_by
::Gitlab::Graphql::Loaders::BatchModelLoader.new(::User, object.confirmed_by_id).find ::Gitlab::Graphql::Loaders::BatchModelLoader.new(::User, object.confirmed_by_id).find
end end
...@@ -146,5 +151,17 @@ module Types ...@@ -146,5 +151,17 @@ module Types
def has_solutions? def has_solutions?
object.finding&.remediations&.any? object.finding&.remediations&.any?
end end
def false_positive?
return unless expose_false_positive?
object.finding&.false_positive? || false
end
private
def expose_false_positive?
object.project.licensed_feature_available?(:sast_fp_reduction)
end
end end
end end
...@@ -30,6 +30,7 @@ RSpec.describe GitlabSchema.types['Vulnerability'] do ...@@ -30,6 +30,7 @@ RSpec.describe GitlabSchema.types['Vulnerability'] do
notes notes
external_issue_links external_issue_links
has_solutions has_solutions
false_positive
merge_request merge_request
discussions discussions
confirmed_by confirmed_by
...@@ -39,7 +40,7 @@ RSpec.describe GitlabSchema.types['Vulnerability'] do ...@@ -39,7 +40,7 @@ RSpec.describe GitlabSchema.types['Vulnerability'] do
end end
before do before do
stub_licensed_features(security_dashboard: true) stub_licensed_features(security_dashboard: true, sast_fp_reduction: true)
project.add_developer(user) project.add_developer(user)
end end
...@@ -107,6 +108,68 @@ RSpec.describe GitlabSchema.types['Vulnerability'] do ...@@ -107,6 +108,68 @@ RSpec.describe GitlabSchema.types['Vulnerability'] do
end end
end end
describe 'false_positive' do
let_it_be(:vulnerability_with_finding) { create(:vulnerability, :with_findings, project: project) }
let(:query) do
%(
query {
project(fullPath: "#{project.full_path}") {
name
vulnerabilities {
nodes {
falsePositive
}
}
}
}
)
end
context 'when the vulnerability has a false-positive flag' do
before do
create(:vulnerabilities_flag, finding: vulnerability_with_finding.finding)
end
it 'returns true for false positive field' do
vulnerabilities = subject.dig('data', 'project', 'vulnerabilities', 'nodes')
expect(vulnerabilities.first['falsePositive']).to be(true)
end
end
context 'when the license is missing' do
before do
stub_licensed_features(security_dashboard: true, sast_fp_reduction: false)
end
it 'returns nil' do
vulnerabilities = subject.dig('data', 'project', 'vulnerabilities', 'nodes')
expect(vulnerabilities.first['falsePositive']).to be_nil
end
end
context 'when the vulnerability does not have any false positive flag' do
it 'returns false for false-positive field' do
vulnerabilities = subject.dig('data', 'project', 'vulnerabilities', 'nodes')
expect(vulnerabilities.first['falsePositive']).to be(false)
end
end
context 'when vulnerability_flags FF has been disabled' do
before do
stub_feature_flags(vulnerability_flags: false)
end
it 'exposes an error message' do
error_msg = subject.dig('errors').first['message']
expect(error_msg).to eql("Field 'falsePositive' doesn't exist on type 'Vulnerability'")
end
end
end
describe '#description' do describe '#description' do
let_it_be(:vulnerability_with_finding) { create(:vulnerability, :with_findings, project: project) } let_it_be(:vulnerability_with_finding) { create(:vulnerability, :with_findings, project: project) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment