Commit 57f4c300 authored by Markus Koller's avatar Markus Koller

Merge branch '276011_remove_store_security_findings_feature_flag' into 'master'

Remove `store_security_findings` feature flag related code

See merge request gitlab-org/gitlab!48357
parents 1ebfe6a9 632e353a
...@@ -29,7 +29,7 @@ module Security ...@@ -29,7 +29,7 @@ module Security
end end
def execute def execute
return unless can_use_security_findings? return unless has_security_findings?
ResultSet.new(security_findings, findings) ResultSet.new(security_findings, findings)
end end
...@@ -39,10 +39,6 @@ module Security ...@@ -39,10 +39,6 @@ module Security
attr_reader :pipeline, :params attr_reader :pipeline, :params
delegate :project, :has_security_findings?, to: :pipeline, private: true delegate :project, :has_security_findings?, to: :pipeline, private: true
def can_use_security_findings?
Feature.enabled?(:store_security_findings, project) && has_security_findings?
end
def findings def findings
security_findings.map(&method(:build_vulnerability_finding)) security_findings.map(&method(:build_vulnerability_finding))
end end
......
...@@ -19,8 +19,6 @@ module Security ...@@ -19,8 +19,6 @@ module Security
end end
def execute def execute
return security_scan unless Feature.enabled?(:store_security_findings, project)
StoreFindingsMetadataService.execute(security_scan, security_report) StoreFindingsMetadataService.execute(security_scan, security_report)
deduplicate_findings? ? update_deduplicated_findings : register_finding_keys deduplicate_findings? ? update_deduplicated_findings : register_finding_keys
......
---
title: Remove `store_security_findings` feature flag
merge_request: 48357
author:
type: changed
---
name: store_security_findings
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/44312
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/276011
milestone: '13.6'
type: development
group: group::threat insights
default_enabled: false
...@@ -41,121 +41,89 @@ RSpec.describe Security::StoreScanService do ...@@ -41,121 +41,89 @@ RSpec.describe Security::StoreScanService do
known_keys.add(finding_key) known_keys.add(finding_key)
end end
context 'when the `store_security_findings` feature is not enabled' do it 'calls the `Security::StoreFindingsMetadataService` to store findings' do
before do store_scan
stub_feature_flags(store_security_findings: false)
end
it 'does not call the `Security::StoreFindingsMetadataService`' do
store_scan
expect(Security::StoreFindingsMetadataService).not_to have_received(:execute)
end
context 'when the security scan already exists for the artifact' do
let_it_be(:security_scan) { create(:security_scan, build: artifact.job, scan_type: :sast) }
it 'does not create a new security scan' do expect(Security::StoreFindingsMetadataService).to have_received(:execute)
expect { store_scan }.not_to change { artifact.job.security_scans.count }
end
end
context 'when the security scan does not exist for the artifact' do
it 'creates a new security scan' do
expect { store_scan }.to change { artifact.job.security_scans.sast.count }.by(1)
end
end
end end
context 'when the `store_security_findings` feature is enabled' do context 'when the security scan already exists for the artifact' do
before do let_it_be(:security_scan) { create(:security_scan, build: artifact.job, scan_type: :sast) }
stub_feature_flags(store_security_findings: artifact.project) let_it_be(:unique_security_finding) do
create(:security_finding,
scan: security_scan,
position: 0)
end end
it 'calls the `Security::StoreFindingsMetadataService` to store findings' do let_it_be(:duplicated_security_finding) do
store_scan create(:security_finding,
scan: security_scan,
expect(Security::StoreFindingsMetadataService).to have_received(:execute) position: 5)
end end
context 'when the security scan already exists for the artifact' do it 'does not create a new security scan' do
let_it_be(:security_scan) { create(:security_scan, build: artifact.job, scan_type: :sast) } expect { store_scan }.not_to change { artifact.job.security_scans.count }
let_it_be(:unique_security_finding) do end
create(:security_finding,
scan: security_scan,
position: 0)
end
let_it_be(:duplicated_security_finding) do context 'when the `deduplicate` param is set as false' do
create(:security_finding, it 'does not change the deduplicated flag of duplicated finding' do
scan: security_scan, expect { store_scan }.not_to change { duplicated_security_finding.reload.deduplicated }.from(false)
position: 5)
end end
it 'does not create a new security scan' do it 'does not change the deduplicated flag of unique finding' do
expect { store_scan }.not_to change { artifact.job.security_scans.count } expect { store_scan }.not_to change { unique_security_finding.reload.deduplicated }.from(false)
end end
end
context 'when the `deduplicate` param is set as false' do context 'when the `deduplicate` param is set as true' do
it 'does not change the deduplicated flag of duplicated finding' do let(:deduplicate) { true }
expect { store_scan }.not_to change { duplicated_security_finding.reload.deduplicated }.from(false)
end
it 'does not change the deduplicated flag of unique finding' do it 'does not change the deduplicated flag of duplicated finding false' do
expect { store_scan }.not_to change { unique_security_finding.reload.deduplicated }.from(false) expect { store_scan }.not_to change { duplicated_security_finding.reload.deduplicated }.from(false)
end
end end
context 'when the `deduplicate` param is set as true' do it 'sets the deduplicated flag of unique finding as true' do
let(:deduplicate) { true } expect { store_scan }.to change { unique_security_finding.reload.deduplicated }.to(true)
end
end
end
it 'does not change the deduplicated flag of duplicated finding false' do context 'when the security scan does not exist for the artifact' do
expect { store_scan }.not_to change { duplicated_security_finding.reload.deduplicated }.from(false) let(:unique_finding_attribute) do
end -> { Security::Finding.by_position(0).first&.deduplicated }
end
it 'sets the deduplicated flag of unique finding as true' do let(:duplicated_finding_attribute) do
expect { store_scan }.to change { unique_security_finding.reload.deduplicated }.to(true) -> { Security::Finding.by_position(5).first&.deduplicated }
end
end
end end
context 'when the security scan does not exist for the artifact' do before do
let(:unique_finding_attribute) do allow(Security::StoreFindingsMetadataService).to receive(:execute).and_call_original
-> { Security::Finding.by_position(0).first&.deduplicated } end
end
let(:duplicated_finding_attribute) do it 'creates a new security scan' do
-> { Security::Finding.by_position(5).first&.deduplicated } expect { store_scan }.to change { artifact.job.security_scans.sast.count }.by(1)
end end
before do context 'when the `deduplicate` param is set as false' do
allow(Security::StoreFindingsMetadataService).to receive(:execute).and_call_original it 'sets the deduplicated flag of duplicated finding as false' do
expect { store_scan }.to change { duplicated_finding_attribute.call }.to(false)
end end
it 'creates a new security scan' do it 'sets the deduplicated flag of unique finding as true' do
expect { store_scan }.to change { artifact.job.security_scans.sast.count }.by(1) expect { store_scan }.to change { unique_finding_attribute.call }.to(true)
end end
end
context 'when the `deduplicate` param is set as false' do context 'when the `deduplicate` param is set as true' do
it 'sets the deduplicated flag of duplicated finding as false' do let(:deduplicate) { true }
expect { store_scan }.to change { duplicated_finding_attribute.call }.to(false)
end
it 'sets the deduplicated flag of unique finding as true' do it 'sets the deduplicated flag of duplicated finding false' do
expect { store_scan }.to change { unique_finding_attribute.call }.to(true) expect { store_scan }.to change { duplicated_finding_attribute.call }.to(false)
end
end end
context 'when the `deduplicate` param is set as true' do it 'sets the deduplicated flag of unique finding as true' do
let(:deduplicate) { true } expect { store_scan }.to change { unique_finding_attribute.call }.to(true)
it 'sets the deduplicated flag of duplicated finding false' do
expect { store_scan }.to change { duplicated_finding_attribute.call }.to(false)
end
it 'sets the deduplicated flag of unique finding as true' do
expect { store_scan }.to change { unique_finding_attribute.call }.to(true)
end
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment