diff --git a/ee/app/graphql/mutations/vulnerabilities/create.rb b/ee/app/graphql/mutations/vulnerabilities/create.rb
index 53c0c825c9eb4943ada5077e2f31bb74fe16851c..788fdb0cdd9987a8a668b7f51df8e8ce50b9f843 100644
--- a/ee/app/graphql/mutations/vulnerabilities/create.rb
+++ b/ee/app/graphql/mutations/vulnerabilities/create.rb
@@ -25,6 +25,7 @@ class Create < BaseMutation
argument :identifiers, [Types::VulnerabilityIdentifierInputType],
required: true,
+ validates: { length: { minimum: 1 } },
description: 'Array of CVE or CWE identifiers for the vulnerability.'
argument :state, Types::VulnerabilityStateEnum,
diff --git a/ee/spec/graphql/mutations/vulnerabilities/create_spec.rb b/ee/spec/graphql/mutations/vulnerabilities/create_spec.rb
index 532d5abb4b6ec6fdfdbb92c6871bbae82aeba15a..802b6ce3c40a1ffc8b415296ca7a81dfa36885f2 100644
--- a/ee/spec/graphql/mutations/vulnerabilities/create_spec.rb
+++ b/ee/spec/graphql/mutations/vulnerabilities/create_spec.rb
@@ -7,6 +7,7 @@
let_it_be(:user) { create(:user, maintainer_of: project) }
let(:mutated_vulnerability) { subject[:vulnerability] }
+ let(:project_gid) { GitlabSchema.id_from_object(project) }
before do
stub_licensed_features(security_dashboard: true)
@@ -63,8 +64,6 @@
end
context 'when a vulnerability with the same identifier already exists' do
- let(:project_gid) { GitlabSchema.id_from_object(project) }
-
before do
resolve(described_class, args: attributes, ctx: { current_user: user })
end
@@ -72,6 +71,18 @@
it_behaves_like 'successfully created vulnerability'
end
+ context 'when no identifiers are given' do
+ before do
+ attributes[:identifiers] = []
+ end
+
+ it 'raises validation error' do
+ expect_graphql_error_to_be_created(GraphQL::Schema::Validator::ValidationFailedError) do
+ resolve(described_class, args: attributes, ctx: { current_user: user })
+ end
+ end
+ end
+
context 'with valid parameters' do
subject { resolve(described_class, args: attributes, ctx: { current_user: user }) }