Commit 5654dbaf authored by rossfuhrman's avatar rossfuhrman Committed by Michael Kozono

Drops :vulnerability_finding_tracking_signatures flag

parent b5758f26
---
name: vulnerability_finding_tracking_signatures
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54608
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/322044
milestone: '13.11'
type: development
group: group::vulnerability research
default_enabled: false
......@@ -155,7 +155,7 @@ module Security
end
def dismissal_feedback?(finding)
if ::Feature.enabled?(:vulnerability_finding_tracking_signatures, pipeline.project) && pipeline.project.licensed_feature_available?(:vulnerability_finding_signatures) && !finding.signatures.empty?
if pipeline.project.licensed_feature_available?(:vulnerability_finding_signatures) && !finding.signatures.empty?
dismissal_feedback_by_finding_signatures(finding)
else
dismissal_feedback_by_project_fingerprint(finding)
......
......@@ -233,7 +233,7 @@ module EE
end
def parse_raw_security_artifact_blob(security_report, blob)
signatures_enabled = ::Feature.enabled?(:vulnerability_finding_tracking_signatures, project) && project.licensed_feature_available?(:vulnerability_finding_signatures)
signatures_enabled = project.licensed_feature_available?(:vulnerability_finding_signatures)
::Gitlab::Ci::Parsers.fabricate!(security_report.type, blob, security_report, signatures_enabled).parse!
end
......
......@@ -93,7 +93,7 @@ module EE
strong_memoize(:security_report) do
next unless file_type.in?(SECURITY_REPORT_FILE_TYPES)
signatures_enabled = ::Feature.enabled?(:vulnerability_finding_tracking_signatures, project) && project.licensed_feature_available?(:vulnerability_finding_signatures)
signatures_enabled = project.licensed_feature_available?(:vulnerability_finding_signatures)
report = ::Gitlab::Ci::Reports::Security::Report.new(file_type, job.pipeline, nil).tap do |report|
each_blob do |blob|
......
......@@ -317,7 +317,7 @@ module Vulnerabilities
return false unless other.is_a?(self.class)
return false unless other.report_type == report_type && other.primary_identifier_fingerprint == primary_identifier_fingerprint
if ::Feature.enabled?(:vulnerability_finding_tracking_signatures, project) && project.licensed_feature_available?(:vulnerability_finding_signatures)
if project.licensed_feature_available?(:vulnerability_finding_signatures)
matches_signatures(other.signatures, other.uuid)
else
other.location_fingerprint == location_fingerprint
......
......@@ -80,7 +80,7 @@ module Security
update_vulnerability_finding(vulnerability_finding, vulnerability_params)
reset_remediations_for(vulnerability_finding, finding)
if ::Feature.enabled?(:vulnerability_finding_tracking_signatures, project) && project.licensed_feature_available?(:vulnerability_finding_signatures)
if project.licensed_feature_available?(:vulnerability_finding_signatures)
update_feedbacks(vulnerability_finding, vulnerability_params[:uuid])
update_finding_signatures(finding, vulnerability_finding)
end
......@@ -89,7 +89,7 @@ module Security
end
def find_or_create_vulnerability_finding(finding, create_params)
if ::Feature.enabled?(:vulnerability_finding_tracking_signatures, project) && project.licensed_feature_available?(:vulnerability_finding_signatures)
if project.licensed_feature_available?(:vulnerability_finding_signatures)
find_or_create_vulnerability_finding_with_signatures(finding, create_params)
else
find_or_create_vulnerability_finding_with_location(finding, create_params)
......
......@@ -39,7 +39,7 @@ module Security
end
def override_uuids?
::Feature.enabled?(:vulnerability_finding_tracking_signatures, project) && project.licensed_feature_available?(:vulnerability_finding_signatures)
project.licensed_feature_available?(:vulnerability_finding_signatures)
end
def security_scan
......
......@@ -201,7 +201,7 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do
let(:ds_finding) { pipeline.security_reports.reports["dependency_scanning"].findings.first }
let(:sast_finding) { pipeline.security_reports.reports["sast"].findings.first }
context 'when vulnerability_finding_tracking_signatures feature flag is disabled' do
context 'when vulnerability_finding_signatures feature is disabled' do
let!(:feedback) do
[
create(
......@@ -228,7 +228,7 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do
end
before do
stub_feature_flags(vulnerability_finding_tracking_signatures: false)
stub_licensed_features(sast: true, dependency_scanning: true, container_scanning: true, dast: true, vulnerability_finding_signatures: false)
end
context 'when unscoped' do
......@@ -258,7 +258,7 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do
end
end
context 'when vulnerability_finding_tracking_signatures feature flag is enabled' do
context 'when vulnerability_finding_signatures feature is enabled' do
let!(:feedback) do
[
create(
......@@ -275,7 +275,7 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do
end
before do
stub_feature_flags(vulnerability_finding_tracking_signatures: true)
stub_licensed_features(sast: true, dependency_scanning: true, container_scanning: true, dast: true, vulnerability_finding_signatures: true)
end
context 'when unscoped' do
......
......@@ -371,24 +371,21 @@ RSpec.describe Ci::Build do
end
end
context 'vulnerability_finding_tracking_signatures' do
context 'vulnerability_finding_signatures' do
let!(:artifact) { create(:ee_ci_job_artifact, :sast, job: job, project: job.project) }
where(vulnerability_finding_signatures_enabled: [true, false])
where(vulnerability_finding_signatures: [true, false])
with_them do
it 'parses the report' do
stub_licensed_features(
sast: true,
vulnerability_finding_signatures: vulnerability_finding_signatures_enabled
)
stub_feature_flags(
vulnerability_finding_tracking_signatures: vulnerability_finding_signatures_enabled
vulnerability_finding_signatures: vulnerability_finding_signatures
)
expect(::Gitlab::Ci::Parsers::Security::Sast).to receive(:new).with(
artifact.file.read,
kind_of(::Gitlab::Ci::Reports::Security::Report),
vulnerability_finding_signatures_enabled
vulnerability_finding_signatures
)
subject
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Vulnerabilities::Finding do
......@@ -8,12 +7,10 @@ RSpec.describe Vulnerabilities::Finding do
it { is_expected.to define_enum_for(:severity) }
it { is_expected.to define_enum_for(:detection_method) }
where(vulnerability_finding_signatures_enabled: [true, false])
where(vulnerability_finding_signatures: [true, false])
with_them do
before do
stub_feature_flags(vulnerability_finding_tracking_signatures: vulnerability_finding_signatures_enabled)
stub_feature_flags(vulnerability_finding_replace_metadata: false)
stub_licensed_features(vulnerability_finding_signatures: vulnerability_finding_signatures_enabled)
stub_licensed_features(vulnerability_finding_signatures: vulnerability_finding_signatures)
end
describe 'associations' do
......@@ -388,6 +385,10 @@ RSpec.describe Vulnerabilities::Finding do
end
context 'when the feature flag is disabled' do
before do
stub_feature_flags(vulnerability_finding_replace_metadata: false)
end
it 'returns links from raw_metadata' do
expect(links).to eq([{ 'url' => 'https://raw.example.com', 'name' => 'raw_metadata_link' }])
end
......@@ -966,7 +967,7 @@ RSpec.describe Vulnerabilities::Finding do
expect(signature1.eql?(signature2)).to be(true)
# now verify that the correct matching method was used for eql?
expect(finding1.eql?(finding2)).to be(vulnerability_finding_signatures_enabled)
expect(finding1.eql?(finding2)).to be(vulnerability_finding_signatures)
end
it 'wont match other record types' do
......@@ -1035,7 +1036,7 @@ RSpec.describe Vulnerabilities::Finding do
end
with_them do
it 'matches correctly' do
next unless vulnerability_finding_signatures_enabled
next unless vulnerability_finding_signatures
create_signatures
expect(finding1.eql?(finding2)).to be(should_match)
......
......@@ -11,10 +11,10 @@ RSpec.describe Ci::CompareSecurityReportsService do
collection.map { |t| t['identifiers'].first['external_id'] }
end
where(vulnerability_finding_tracking_signatures_enabled: [true, false])
where(vulnerability_finding_signatures: [true, false])
with_them do
before do
stub_feature_flags(vulnerability_finding_tracking_signatures: vulnerability_finding_tracking_signatures_enabled)
stub_licensed_features(vulnerability_finding_signatures: vulnerability_finding_signatures)
end
describe '#execute DS' do
......
......@@ -15,19 +15,18 @@ RSpec.describe Security::StoreReportService, '#execute' do
subject { described_class.new(pipeline, report).execute }
where(:vulnerability_finding_signatures_enabled) do
where(:vulnerability_finding_signatures) do
[true, false]
end
with_them do
before do
stub_feature_flags(vulnerability_finding_tracking_signatures: vulnerability_finding_signatures_enabled)
stub_licensed_features(
sast: true,
dependency_scanning: true,
container_scanning: true,
security_dashboard: true,
vulnerability_finding_signatures: vulnerability_finding_signatures_enabled
vulnerability_finding_signatures: vulnerability_finding_signatures
)
allow(Security::AutoFixWorker).to receive(:perform_async)
end
......@@ -85,7 +84,7 @@ RSpec.describe Security::StoreReportService, '#execute' do
end
it 'inserts all signatures' do
signatures_count = vulnerability_finding_signatures_enabled ? signatures : 0
signatures_count = vulnerability_finding_signatures ? signatures : 0
expect { subject }.to change { Vulnerabilities::FindingSignature.count }.by(signatures_count)
end
end
......@@ -408,7 +407,7 @@ RSpec.describe Security::StoreReportService, '#execute' do
end
it 'handles the error correctly' do
next unless vulnerability_finding_signatures_enabled
next unless vulnerability_finding_signatures
report_finding = report.findings.find { |f| f.location.fingerprint == finding.location_fingerprint}
......@@ -418,7 +417,7 @@ RSpec.describe Security::StoreReportService, '#execute' do
end
it 'raises the error if there exists no vulnerability finding' do
next unless vulnerability_finding_signatures_enabled
next unless vulnerability_finding_signatures
allow(store_report_service).to receive(:sync_vulnerability_finding).and_raise(ActiveRecord::RecordNotUnique)
......@@ -429,7 +428,7 @@ RSpec.describe Security::StoreReportService, '#execute' do
end
it 'updates signatures to match new values' do
next unless vulnerability_finding_signatures_enabled
next unless vulnerability_finding_signatures
expect(finding.signatures.count).to eq(1)
expect(finding.signatures.first.algorithm_type).to eq('hash')
......@@ -685,9 +684,6 @@ RSpec.describe Security::StoreReportService, '#execute' do
security_dashboard: true,
vulnerability_finding_signatures: false
)
stub_feature_flags(
vulnerability_finding_tracking_signatures: false
)
expect do
expect do
......@@ -703,7 +699,6 @@ RSpec.describe Security::StoreReportService, '#execute' do
security_dashboard: true,
vulnerability_finding_signatures: true
)
stub_feature_flags(vulnerability_finding_tracking_signatures: true)
pipeline, report = generate_new_pipeline
......
......@@ -59,15 +59,11 @@ RSpec.describe Security::StoreScanService do
context 'when the `vulnerability_finding_signatures` licensed feature is available' do
before do
stub_feature_flags(vulnerability_finding_tracking_signatures: feature_enabled?)
stub_licensed_features(vulnerability_finding_signatures: true)
allow(Security::OverrideUuidsService).to receive(:execute)
end
context 'when the `vulnerability_finding_tracking_signatures` feature is enabled' do
let(:feature_enabled?) { true }
it 'calls `Security::OverrideUuidsService` with security report to re-calculate the finding UUIDs' do
store_scan
......@@ -75,45 +71,19 @@ RSpec.describe Security::StoreScanService do
end
end
context 'when the `vulnerability_finding_tracking_signatures` feature is disabled' do
let(:feature_enabled?) { false }
it 'does not call `Security::OverrideUuidsService`' do
store_scan
expect(Security::OverrideUuidsService).not_to have_received(:execute)
end
end
end
context 'when the `vulnerability_finding_signatures` licensed feature is not available' do
before do
stub_feature_flags(vulnerability_finding_tracking_signatures: feature_enabled?)
stub_licensed_features(vulnerability_finding_signatures: false)
allow(Security::OverrideUuidsService).to receive(:execute)
end
context 'when the `vulnerability_finding_tracking_signatures` feature is enabled' do
let(:feature_enabled?) { true }
it 'does not call `Security::OverrideUuidsService`' do
store_scan
expect(Security::OverrideUuidsService).not_to have_received(:execute)
end
end
context 'when the `vulnerability_finding_tracking_signatures` feature is disabled' do
let(:feature_enabled?) { false }
it 'does not call `Security::OverrideUuidsService`' do
store_scan
expect(Security::OverrideUuidsService).not_to have_received(:execute)
end
end
end
context 'when the report has some errors' do
before do
......
......@@ -15,10 +15,7 @@ module Gitlab
@base_report = base_report
@head_report = head_report
@signatures_enabled = (
::Feature.enabled?(:vulnerability_finding_tracking_signatures, project) &&
project.licensed_feature_available?(:vulnerability_finding_signatures)
)
@signatures_enabled = project.licensed_feature_available?(:vulnerability_finding_signatures)
if @signatures_enabled
@added_findings = []
......
......@@ -24,12 +24,11 @@ RSpec.describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do
subject { described_class.new(project, base_report, head_report) }
where(vulnerability_finding_tracking_signatures_enabled: [true, false])
where(vulnerability_finding_signatures: [true, false])
with_them do
before do
stub_feature_flags(vulnerability_finding_tracking_signatures: vulnerability_finding_tracking_signatures_enabled)
stub_licensed_features(vulnerability_finding_signatures: vulnerability_finding_tracking_signatures_enabled)
stub_licensed_features(vulnerability_finding_signatures: vulnerability_finding_signatures)
end
describe '#base_report_out_of_date' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment