Add project field to VulnerabilityType

This field is required to show each vulnerability's project on the group and instance security dashboard. https://gitlab.com/gitlab-org/gitlab/-/issues/214269

Add project field to VulnerabilityType
This field is required to show each vulnerability's project on the group and instance security dashboard. https://gitlab.com/gitlab-org/gitlab/-/issues/214269
99f20ccf · Avielle Wolfe · Shinya Maeda · 87a600de · 99f20ccf · 99f20ccf
Commit 99f20ccf authored Apr 16, 2020 by Avielle Wolfe Committed by Shinya Maeda Apr 16, 2020
5 changed files
--- a/doc/api/graphql/reference/gitlab_schema.graphql
+++ b/doc/api/graphql/reference/gitlab_schema.graphql
@@ -9560,6 +9560,11 @@ type Vulnerability {
  """
  location: JSON

+  """
+  The project on which the vulnerability was found
+  """
+  project: Project
+
  """
  Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST)
  """

--- a/doc/api/graphql/reference/gitlab_schema.json
+++ b/doc/api/graphql/reference/gitlab_schema.json
@@ -28863,6 +28863,20 @@
              "isDeprecated": false,
              "deprecationReason": null
            },
+            {
+              "name": "project",
+              "description": "The project on which the vulnerability was found",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "OBJECT",
+                "name": "Project",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
            {
              "name": "reportType",
              "description": "Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST)",

--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -1502,6 +1502,7 @@ Represents a vulnerability.
 | `description` | String | Description of the vulnerability |
 | `id` | ID! | GraphQL ID of the vulnerability |
 | `location` | JSON | The JSON location metadata for the vulnerability. Its format depends on the type of the security scan that found the vulnerability |
+| `project` | Project | The project on which the vulnerability was found |
 | `reportType` | VulnerabilityReportType | Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST) |
 | `severity` | VulnerabilitySeverity | Severity of the vulnerability (INFO, UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL) |
 | `state` | VulnerabilityState | State of the vulnerability (DETECTED, DISMISSED, RESOLVED, CONFIRMED) |

--- a/ee/app/graphql/types/vulnerability_type.rb
+++ b/ee/app/graphql/types/vulnerability_type.rb
@@ -34,5 +34,10 @@ module Types
    field :location, GraphQL::Types::JSON, null: true,
          description: 'The JSON location metadata for the vulnerability. Its format depends on the type of the security scan that found the vulnerability',
          resolve: -> (obj, _args, _ctx) { obj.finding&.location.to_json }
+
+    field :project, ::Types::ProjectType, null: true,
+          description: 'The project on which the vulnerability was found',
+          authorize: :read_project,
+          resolve: -> (obj, args, context) { Gitlab::Graphql::Loaders::BatchModelLoader.new(Project, obj.project_id).find }
  end
 end
--- a/ee/spec/graphql/types/vulnerability_type_spec.rb
+++ b/ee/spec/graphql/types/vulnerability_type_spec.rb
@@ -8,7 +8,7 @@ describe GitlabSchema.types['Vulnerability'] do
  let_it_be(:vulnerability) { create(:vulnerability, project: project) }

  let(:fields) do
-    %i[userPermissions id title description state severity report_type vulnerability_path location]
+    %i[userPermissions id title description state severity report_type vulnerability_path location project]
  end

  before do