Merge branch 'remove_vulnerability_finding_tracking_signatures_flag' into 'master'

Drops :vulnerability_finding_tracking_signatures flag See merge request gitlab-org/gitlab!65924

Merge branch 'remove_vulnerability_finding_tracking_signatures_flag' into 'master'
Drops :vulnerability_finding_tracking_signatures flag See merge request gitlab-org/gitlab!65924
385c2634 · Michael Kozono · 2b621e7a · 5654dbaf · 2b621e7a · 385c2634
Commit 385c2634 authored Aug 16, 2021 by Michael Kozono
15 changed files
--- a/config/feature_flags/development/vulnerability_finding_tracking_signatures.yml
+++ b/config/feature_flags/development/vulnerability_finding_tracking_signatures.yml
---
-name: vulnerability_finding_tracking_signatures
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54608
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/322044
-milestone: '13.11'
-type: development
-group: group::vulnerability research
-default_enabled: false
--- a/ee/app/finders/security/pipeline_vulnerabilities_finder.rb
+++ b/ee/app/finders/security/pipeline_vulnerabilities_finder.rb
@@ -155,7 +155,7 @@ module Security
    end
    def dismissal_feedback?(finding)
-      if ::Feature.enabled?(:vulnerability_finding_tracking_signatures, pipeline.project) && pipeline.project.licensed_feature_available?(:vulnerability_finding_signatures) && !finding.signatures.empty?
+      if pipeline.project.licensed_feature_available?(:vulnerability_finding_signatures) && !finding.signatures.empty?
        dismissal_feedback_by_finding_signatures(finding)
      else
        dismissal_feedback_by_project_fingerprint(finding)

--- a/ee/app/models/ee/ci/build.rb
+++ b/ee/app/models/ee/ci/build.rb
@@ -233,7 +233,7 @@ module EE
      end
      def parse_raw_security_artifact_blob(security_report, blob)
-        signatures_enabled = ::Feature.enabled?(:vulnerability_finding_tracking_signatures, project) && project.licensed_feature_available?(:vulnerability_finding_signatures)
+        signatures_enabled = project.licensed_feature_available?(:vulnerability_finding_signatures)
        ::Gitlab::Ci::Parsers.fabricate!(security_report.type, blob, security_report, signatures_enabled).parse!
      end

--- a/ee/app/models/ee/ci/job_artifact.rb
+++ b/ee/app/models/ee/ci/job_artifact.rb
@@ -93,7 +93,7 @@ module EE
      strong_memoize(:security_report) do
        next unless file_type.in?(SECURITY_REPORT_FILE_TYPES)
-        signatures_enabled = ::Feature.enabled?(:vulnerability_finding_tracking_signatures, project) && project.licensed_feature_available?(:vulnerability_finding_signatures)
+        signatures_enabled = project.licensed_feature_available?(:vulnerability_finding_signatures)
        report = ::Gitlab::Ci::Reports::Security::Report.new(file_type, job.pipeline, nil).tap do |report|
          each_blob do |blob|

--- a/ee/app/models/vulnerabilities/finding.rb
+++ b/ee/app/models/vulnerabilities/finding.rb
@@ -317,7 +317,7 @@ module Vulnerabilities
      return false unless other.is_a?(self.class)
      return false unless other.report_type == report_type && other.primary_identifier_fingerprint == primary_identifier_fingerprint
-      if ::Feature.enabled?(:vulnerability_finding_tracking_signatures, project) && project.licensed_feature_available?(:vulnerability_finding_signatures)
+      if project.licensed_feature_available?(:vulnerability_finding_signatures)
        matches_signatures(other.signatures, other.uuid)
      else
        other.location_fingerprint == location_fingerprint

--- a/ee/app/services/security/store_report_service.rb
+++ b/ee/app/services/security/store_report_service.rb
@@ -80,7 +80,7 @@ module Security
      update_vulnerability_finding(vulnerability_finding, vulnerability_params)
      reset_remediations_for(vulnerability_finding, finding)
-      if ::Feature.enabled?(:vulnerability_finding_tracking_signatures, project) && project.licensed_feature_available?(:vulnerability_finding_signatures)
+      if project.licensed_feature_available?(:vulnerability_finding_signatures)
        update_feedbacks(vulnerability_finding, vulnerability_params[:uuid])
        update_finding_signatures(finding, vulnerability_finding)
      end
@@ -89,7 +89,7 @@ module Security
    end
    def find_or_create_vulnerability_finding(finding, create_params)
-      if ::Feature.enabled?(:vulnerability_finding_tracking_signatures, project) && project.licensed_feature_available?(:vulnerability_finding_signatures)
+      if project.licensed_feature_available?(:vulnerability_finding_signatures)
        find_or_create_vulnerability_finding_with_signatures(finding, create_params)
      else
        find_or_create_vulnerability_finding_with_location(finding, create_params)

--- a/ee/app/services/security/store_scan_service.rb
+++ b/ee/app/services/security/store_scan_service.rb
@@ -39,7 +39,7 @@ module Security
    end
    def override_uuids?
-      ::Feature.enabled?(:vulnerability_finding_tracking_signatures, project) && project.licensed_feature_available?(:vulnerability_finding_signatures)
+      project.licensed_feature_available?(:vulnerability_finding_signatures)
    end
    def security_scan

--- a/ee/spec/finders/security/pipeline_vulnerabilities_finder_spec.rb
+++ b/ee/spec/finders/security/pipeline_vulnerabilities_finder_spec.rb
@@ -201,7 +201,7 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do
      let(:ds_finding) { pipeline.security_reports.reports["dependency_scanning"].findings.first }
      let(:sast_finding) { pipeline.security_reports.reports["sast"].findings.first }
-      context 'when vulnerability_finding_tracking_signatures feature flag is disabled' do
+      context 'when vulnerability_finding_signatures feature is disabled' do
        let!(:feedback) do
          [
            create(
@@ -228,7 +228,7 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do
        end
        before do
-          stub_feature_flags(vulnerability_finding_tracking_signatures: false)
+          stub_licensed_features(sast: true, dependency_scanning: true, container_scanning: true, dast: true, vulnerability_finding_signatures: false)
        end
        context 'when unscoped' do
@@ -258,7 +258,7 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do
        end
      end
-      context 'when vulnerability_finding_tracking_signatures feature flag is enabled' do
+      context 'when vulnerability_finding_signatures feature is enabled' do
        let!(:feedback) do
          [
            create(
@@ -275,7 +275,7 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do
        end
        before do
-          stub_feature_flags(vulnerability_finding_tracking_signatures: true)
+          stub_licensed_features(sast: true, dependency_scanning: true, container_scanning: true, dast: true, vulnerability_finding_signatures: true)
        end
        context 'when unscoped' do

--- a/ee/spec/models/ci/build_spec.rb
+++ b/ee/spec/models/ci/build_spec.rb
@@ -371,24 +371,21 @@ RSpec.describe Ci::Build do
        end
      end
-      context 'vulnerability_finding_tracking_signatures' do
+      context 'vulnerability_finding_signatures' do
        let!(:artifact) { create(:ee_ci_job_artifact, :sast, job: job, project: job.project) }
-        where(vulnerability_finding_signatures_enabled: [true, false])
+        where(vulnerability_finding_signatures: [true, false])
        with_them do
          it 'parses the report' do
            stub_licensed_features(
              sast: true,
-              vulnerability_finding_signatures: vulnerability_finding_signatures_enabled
+              vulnerability_finding_signatures: vulnerability_finding_signatures
-            )
-            stub_feature_flags(
-              vulnerability_finding_tracking_signatures: vulnerability_finding_signatures_enabled
            )
            expect(::Gitlab::Ci::Parsers::Security::Sast).to receive(:new).with(
              artifact.file.read,
              kind_of(::Gitlab::Ci::Reports::Security::Report),
-              vulnerability_finding_signatures_enabled
+              vulnerability_finding_signatures
            )
            subject

--- a/ee/spec/models/vulnerabilities/finding_spec.rb
+++ b/ee/spec/models/vulnerabilities/finding_spec.rb
 # frozen_string_literal: true
 require 'spec_helper'
 RSpec.describe Vulnerabilities::Finding do
@@ -8,12 +7,10 @@ RSpec.describe Vulnerabilities::Finding do
  it { is_expected.to define_enum_for(:severity) }
  it { is_expected.to define_enum_for(:detection_method) }
-  where(vulnerability_finding_signatures_enabled: [true, false])
+  where(vulnerability_finding_signatures: [true, false])
  with_them do
    before do
-      stub_feature_flags(vulnerability_finding_tracking_signatures: vulnerability_finding_signatures_enabled)
+      stub_licensed_features(vulnerability_finding_signatures: vulnerability_finding_signatures)
-      stub_feature_flags(vulnerability_finding_replace_metadata: false)
-      stub_licensed_features(vulnerability_finding_signatures: vulnerability_finding_signatures_enabled)
    end
    describe 'associations' do
@@ -388,6 +385,10 @@ RSpec.describe Vulnerabilities::Finding do
        end
        context 'when the feature flag is disabled' do
+          before do
+            stub_feature_flags(vulnerability_finding_replace_metadata: false)
+          end
          it 'returns links from raw_metadata' do
            expect(links).to eq([{ 'url' => 'https://raw.example.com', 'name' => 'raw_metadata_link' }])
          end
@@ -966,7 +967,7 @@ RSpec.describe Vulnerabilities::Finding do
        expect(signature1.eql?(signature2)).to be(true)
        # now verify that the correct matching method was used for eql?
-        expect(finding1.eql?(finding2)).to be(vulnerability_finding_signatures_enabled)
+        expect(finding1.eql?(finding2)).to be(vulnerability_finding_signatures)
      end
      it 'wont match other record types' do
@@ -1035,7 +1036,7 @@ RSpec.describe Vulnerabilities::Finding do
        end
        with_them do
          it 'matches correctly' do
-            next unless vulnerability_finding_signatures_enabled
+            next unless vulnerability_finding_signatures
            create_signatures
            expect(finding1.eql?(finding2)).to be(should_match)

--- a/ee/spec/services/ci/compare_security_reports_service_spec.rb
+++ b/ee/spec/services/ci/compare_security_reports_service_spec.rb
@@ -11,10 +11,10 @@ RSpec.describe Ci::CompareSecurityReportsService do
    collection.map { |t| t['identifiers'].first['external_id'] }
  end
-  where(vulnerability_finding_tracking_signatures_enabled: [true, false])
+  where(vulnerability_finding_signatures: [true, false])
  with_them do
    before do
-      stub_feature_flags(vulnerability_finding_tracking_signatures: vulnerability_finding_tracking_signatures_enabled)
+      stub_licensed_features(vulnerability_finding_signatures: vulnerability_finding_signatures)
    end
    describe '#execute DS' do

--- a/ee/spec/services/security/store_report_service_spec.rb
+++ b/ee/spec/services/security/store_report_service_spec.rb
@@ -15,19 +15,18 @@ RSpec.describe Security::StoreReportService, '#execute' do
  subject { described_class.new(pipeline, report).execute }
-  where(:vulnerability_finding_signatures_enabled) do
+  where(:vulnerability_finding_signatures) do
    [true, false]
  end
  with_them do
    before do
-      stub_feature_flags(vulnerability_finding_tracking_signatures: vulnerability_finding_signatures_enabled)
      stub_licensed_features(
        sast: true,
        dependency_scanning: true,
        container_scanning: true,
        security_dashboard: true,
-        vulnerability_finding_signatures: vulnerability_finding_signatures_enabled
+        vulnerability_finding_signatures: vulnerability_finding_signatures
      )
      allow(Security::AutoFixWorker).to receive(:perform_async)
    end
@@ -85,7 +84,7 @@ RSpec.describe Security::StoreReportService, '#execute' do
          end
          it 'inserts all signatures' do
-            signatures_count = vulnerability_finding_signatures_enabled ? signatures : 0
+            signatures_count = vulnerability_finding_signatures ? signatures : 0
            expect { subject }.to change { Vulnerabilities::FindingSignature.count }.by(signatures_count)
          end
        end
@@ -408,7 +407,7 @@ RSpec.describe Security::StoreReportService, '#execute' do
        end
        it 'handles the error correctly' do
-          next unless vulnerability_finding_signatures_enabled
+          next unless vulnerability_finding_signatures
          report_finding = report.findings.find { |f| f.location.fingerprint == finding.location_fingerprint}
@@ -418,7 +417,7 @@ RSpec.describe Security::StoreReportService, '#execute' do
        end
        it 'raises the error if there exists no vulnerability finding' do
-          next unless vulnerability_finding_signatures_enabled
+          next unless vulnerability_finding_signatures
          allow(store_report_service).to receive(:sync_vulnerability_finding).and_raise(ActiveRecord::RecordNotUnique)
@@ -429,7 +428,7 @@ RSpec.describe Security::StoreReportService, '#execute' do
      end
      it 'updates signatures to match new values' do
-        next unless vulnerability_finding_signatures_enabled
+        next unless vulnerability_finding_signatures
        expect(finding.signatures.count).to eq(1)
        expect(finding.signatures.first.algorithm_type).to eq('hash')
@@ -685,9 +684,6 @@ RSpec.describe Security::StoreReportService, '#execute' do
        security_dashboard: true,
        vulnerability_finding_signatures: false
      )
-      stub_feature_flags(
-        vulnerability_finding_tracking_signatures: false
-      )
      expect do
        expect do
@@ -703,7 +699,6 @@ RSpec.describe Security::StoreReportService, '#execute' do
        security_dashboard: true,
        vulnerability_finding_signatures: true
      )
-      stub_feature_flags(vulnerability_finding_tracking_signatures: true)
      pipeline, report = generate_new_pipeline

--- a/ee/spec/services/security/store_scan_service_spec.rb
+++ b/ee/spec/services/security/store_scan_service_spec.rb
@@ -59,15 +59,11 @@ RSpec.describe Security::StoreScanService do
    context 'when the `vulnerability_finding_signatures` licensed feature is available' do
      before do
-        stub_feature_flags(vulnerability_finding_tracking_signatures: feature_enabled?)
        stub_licensed_features(vulnerability_finding_signatures: true)
        allow(Security::OverrideUuidsService).to receive(:execute)
      end
-      context 'when the `vulnerability_finding_tracking_signatures` feature is enabled' do
-        let(:feature_enabled?) { true }
      it 'calls `Security::OverrideUuidsService` with security report to re-calculate the finding UUIDs' do
        store_scan
@@ -75,45 +71,19 @@ RSpec.describe Security::StoreScanService do
      end
    end
-      context 'when the `vulnerability_finding_tracking_signatures` feature is disabled' do
-        let(:feature_enabled?) { false }
-        it 'does not call `Security::OverrideUuidsService`' do
-          store_scan
-          expect(Security::OverrideUuidsService).not_to have_received(:execute)
-        end
-      end
-    end
    context 'when the `vulnerability_finding_signatures` licensed feature is not available' do
      before do
-        stub_feature_flags(vulnerability_finding_tracking_signatures: feature_enabled?)
        stub_licensed_features(vulnerability_finding_signatures: false)
        allow(Security::OverrideUuidsService).to receive(:execute)
      end
-      context 'when the `vulnerability_finding_tracking_signatures` feature is enabled' do
-        let(:feature_enabled?) { true }
-        it 'does not call `Security::OverrideUuidsService`' do
-          store_scan
-          expect(Security::OverrideUuidsService).not_to have_received(:execute)
-        end
-      end
-      context 'when the `vulnerability_finding_tracking_signatures` feature is disabled' do
-        let(:feature_enabled?) { false }
      it 'does not call `Security::OverrideUuidsService`' do
        store_scan
        expect(Security::OverrideUuidsService).not_to have_received(:execute)
      end
    end
-    end
    context 'when the report has some errors' do
      before do

--- a/lib/gitlab/ci/reports/security/vulnerability_reports_comparer.rb
+++ b/lib/gitlab/ci/reports/security/vulnerability_reports_comparer.rb
@@ -15,10 +15,7 @@ module Gitlab
            @base_report = base_report
            @head_report = head_report
-            @signatures_enabled = (
+            @signatures_enabled = project.licensed_feature_available?(:vulnerability_finding_signatures)
-              ::Feature.enabled?(:vulnerability_finding_tracking_signatures, project) &&
-              project.licensed_feature_available?(:vulnerability_finding_signatures)
-            )
            if @signatures_enabled
              @added_findings = []

--- a/spec/lib/gitlab/ci/reports/security/vulnerability_reports_comparer_spec.rb
+++ b/spec/lib/gitlab/ci/reports/security/vulnerability_reports_comparer_spec.rb
@@ -24,12 +24,11 @@ RSpec.describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do
  subject { described_class.new(project, base_report, head_report) }
-  where(vulnerability_finding_tracking_signatures_enabled: [true, false])
+  where(vulnerability_finding_signatures: [true, false])
  with_them do
    before do
-      stub_feature_flags(vulnerability_finding_tracking_signatures: vulnerability_finding_tracking_signatures_enabled)
+      stub_licensed_features(vulnerability_finding_signatures: vulnerability_finding_signatures)
-      stub_licensed_features(vulnerability_finding_signatures: vulnerability_finding_tracking_signatures_enabled)
    end
    describe '#base_report_out_of_date' do