Skip to content

G
gitlab-ce
Commit ac219b48 authored by Matthias Käppler's avatar Matthias Käppler
Browse files
Options

Merge branch 'remove-sort_dependency_vulnerabilities-feature-flag' into 'master' 

Remove sort_dependency_vulnerabilities feature flag

See merge request gitlab-org/gitlab!65295
parents 6d35c88b b9e6510d
Show whitespace changes
Inline Side-by-side
Showing with 15 additions and 52 deletions
ee/app/services/security/dependency_list_service.rb
View file @ ac219b48
...@@ -55,7 +55,7 @@ module Security ...@@ -55,7 +55,7 @@ module Security
when 'packager' when 'packager'
collection.sort_by! { |a| a[:packager] } collection.sort_by! { |a| a[:packager] }
when 'severity' when 'severity'
sort_dependency_vulnerabilities_by_severity!(collection) if Feature.enabled?(:sort_dependency_vulnerabilities, @pipeline.project, default_enabled: true) sort_dependency_vulnerabilities_by_severity!(collection)
sort_dependencies_by_severity!(collection) sort_dependencies_by_severity!(collection)
else else
collection.sort_by! { |a| a[:name] } collection.sort_by! { |a| a[:name] }
......
ee/config/feature_flags/development/sort_dependency_vulnerabilities.yml deleted 100644 → 0
View file @ 6d35c88b
---
name: sort_dependency_vulnerabilities
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62983
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/332852
milestone: '14.0'
type: development
group: group::composition analysis
default_enabled: true
ee/spec/services/security/dependency_list_service_spec.rb
View file @ ac219b48
...@@ -110,7 +110,6 @@ RSpec.describe Security::DependencyListService do ...@@ -110,7 +110,6 @@ RSpec.describe Security::DependencyListService do
} }
end end
context('when the sort_dependency_vulnerabilities feature flag is true') do
it 'returns array of data sorted by package severity level in ascending order' do it 'returns array of data sorted by package severity level in ascending order' do
dependencies = subject.last(2).map do |dependency| dependencies = subject.last(2).map do |dependency|
{ {
...@@ -132,34 +131,6 @@ RSpec.describe Security::DependencyListService do ...@@ -132,34 +131,6 @@ RSpec.describe Security::DependencyListService do
expect(saml2js_severities).to eq(%w(critical medium unknown)) expect(saml2js_severities).to eq(%w(critical medium unknown))
end end
end end
context('when the sort_dependency_vulnerabilities feature flag is false') do
# overwrite the existing findings so we can re-create the original test
let_it_be(:pipeline) { create(:ee_ci_pipeline, :with_dependency_list_report) }
let_it_be(:nokogiri_finding) { create(:vulnerabilities_finding, :detected, :with_dependency_scanning_metadata, :with_pipeline) }
let_it_be(:nokogiri_pipeline) { create(:vulnerabilities_finding_pipeline, finding: nokogiri_finding, pipeline: pipeline) }
let_it_be(:other_finding) { create(:vulnerabilities_finding, :detected, :with_dependency_scanning_metadata, package: 'saml2-js', file: 'yarn/yarn.lock', version: '1.5.0', raw_severity: 'Unknown') }
let_it_be(:other_pipeline) { create(:vulnerabilities_finding_pipeline, finding: other_finding, pipeline: pipeline) }
before do
stub_feature_flags(sort_dependency_vulnerabilities: false)
end
it 'returns array of data sorted by package severity level in descending order' do
dependencies = subject.last(2).map do |dependency|
{
name: dependency[:name],
vulnerabilities: dependency[:vulnerabilities].map do |vulnerability|
vulnerability[:severity]
end
}
end
expect(dependencies).to eq([{ name: "saml2-js", vulnerabilities: ["unknown"] },
{ name: "nokogiri", vulnerabilities: ["high"] }])
end
end
end
end end
end end
end end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7