Merge branch 'add-enum-vuln-concern' into 'master'

refactor: Extract vulnerability enums into concern [RUN AS-IF-FOSS]

See merge request gitlab-org/gitlab!49865

app/models/concerns/enums/vulnerability.rb

+# frozen_string_literal: true
+
+module Enums
+  module Vulnerability
+    CONFIDENCE_LEVELS = {
+      # undefined: 0, no longer applicable
+      ignore: 1,
+      unknown: 2,
+      experimental: 3,
+      low: 4,
+      medium: 5,
+      high: 6,
+      confirmed: 7
+    }.with_indifferent_access.freeze
+
+    REPORT_TYPES = {
+      sast: 0,
+      secret_detection: 4
+    }.with_indifferent_access.freeze
+
+    SEVERITY_LEVELS = {
+      # undefined: 0, no longer applicable
+      info: 1,
+      unknown: 2,
+      # experimental: 3, formerly used by confidence, no longer applicable
+      low: 4,
+      medium: 5,
+      high: 6,
+      critical: 7
+    }.with_indifferent_access.freeze
+
+    def self.confidence_levels
+      CONFIDENCE_LEVELS
+    end
+
+    def self.report_types
+      REPORT_TYPES
+    end
+
+    def self.severity_levels
+      SEVERITY_LEVELS
+    end
+  end
+end
+
+Enums::Vulnerability.prepend_if_ee('EE::Enums::Vulnerability')

ee/app/graphql/representation/vulnerability_scanner_entry.rb

@@ -11,7 +11,7 @@ module Representation
     attr_reader :raw_entry
 
     def report_type
-      ::Vulnerabilities::Finding::REPORT_TYPES.key(@report_type) || @report_type
+      ::Enums::Vulnerability.report_types.key(@report_type) || @report_type
     end
 
     def ==(other)

ee/app/graphql/resolvers/vulnerabilities_count_per_day_resolver.rb

@@ -25,7 +25,7 @@ module Resolvers
     private
 
     def generate_missing_dates(calendar_entries, start_date, end_date)
-      severities = ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys
+      severities = ::Enums::Vulnerability.severity_levels.keys
       (start_date..end_date)
         .each_with_object({}) { |date, result| result[date] = build_calendar_entry(date, calendar_entries[date], result[date - 1.day]) }
         .values

ee/app/graphql/types/security_report_summary_type.rb

@@ -6,7 +6,7 @@ module Types
     graphql_name 'SecurityReportSummary'
     description 'Represents summary of a security report'
 
-    ::Vulnerabilities::Finding::REPORT_TYPES.keys.each do |report_type|
+    ::Enums::Vulnerability.report_types.keys.each do |report_type|
       field report_type, ::Types::SecurityReportSummarySectionType, null: true,
             description: "Aggregated counts for the #{report_type} scan"
     end

ee/app/graphql/types/vulnerabilities_count_by_day_type.rb

@@ -12,7 +12,7 @@ module Types
     field :total, GraphQL::INT_TYPE, null: false,
           description: 'Total number of vulnerabilities on a particular day'
 
-    ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.each do |severity|
+    ::Enums::Vulnerability.severity_levels.keys.each do |severity|
       field severity.to_s, GraphQL::INT_TYPE, null: false,
             description: "Total number of vulnerabilities on a particular day with #{severity} severity"
     end

ee/app/graphql/types/vulnerability_location_type.rb

@@ -29,7 +29,7 @@ module Types
       when 'coverage_fuzzing'
         VulnerabilityLocation::CoverageFuzzingType
       else
-        raise UnexpectedReportType, "Report type must be one of #{::Vulnerabilities::Finding::REPORT_TYPES.keys}"
+        raise UnexpectedReportType, "Report type must be one of #{::Enums::Vulnerability.report_types.keys}"
       end
     end
   end

ee/app/graphql/types/vulnerability_report_type_enum.rb

@@ -5,7 +5,7 @@ module Types
     graphql_name 'VulnerabilityReportType'
     description 'The type of the security scan that found the vulnerability'
 
-    ::Vulnerabilities::Finding::REPORT_TYPES.keys.each do |report_type|
+    ::Enums::Vulnerability.report_types.keys.each do |report_type|
       value report_type.to_s.upcase, value: report_type.to_s
     end
   end

ee/app/graphql/types/vulnerability_severities_count_type.rb

@@ -6,7 +6,7 @@ module Types
     graphql_name 'VulnerabilitySeveritiesCount'
     description 'Represents vulnerability counts by severity'
 
-    ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.each do |severity|
+    ::Enums::Vulnerability.severity_levels.keys.each do |severity|
       field severity, GraphQL::INT_TYPE, null: true,
             description: "Number of vulnerabilities of #{severity.upcase} severity of the project"
     end

ee/app/graphql/types/vulnerability_severity_enum.rb

@@ -5,7 +5,7 @@ module Types
     graphql_name 'VulnerabilitySeverity'
     description 'The severity of the vulnerability'
 
-    ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.each do |severity|
+    ::Enums::Vulnerability.severity_levels.keys.each do |severity|
       value severity.to_s.upcase, value: severity.to_s
     end
   end

ee/app/graphql/types/vulnerability_type.rb

@@ -24,10 +24,10 @@ module Types
           description: "State of the vulnerability (#{::Vulnerability.states.keys.join(', ').upcase})"
 
     field :severity, VulnerabilitySeverityEnum, null: true,
-          description: "Severity of the vulnerability (#{::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.join(', ').upcase})"
+          description: "Severity of the vulnerability (#{::Enums::Vulnerability.severity_levels.keys.join(', ').upcase})"
 
     field :report_type, VulnerabilityReportTypeEnum, null: true,
-          description: "Type of the security report that found the vulnerability (#{::Vulnerabilities::Finding::REPORT_TYPES.keys.join(', ').upcase})"
+          description: "Type of the security report that found the vulnerability (#{::Enums::Vulnerability.report_types.keys.join(', ').upcase})"
 
     field :resolved_on_default_branch, GraphQL::BOOLEAN_TYPE, null: false,
           description: "Indicates whether the vulnerability is fixed on the default branch or not"

ee/app/models/concerns/ee/enums/vulnerability.rb

+# frozen_string_literal: true
+
+module EE
+  module Enums
+    module Vulnerability
+      extend ActiveSupport::Concern
+
+      REPORT_TYPES = {
+        dependency_scanning: 1,
+        container_scanning: 2,
+        dast: 3,
+        coverage_fuzzing: 5,
+        api_fuzzing: 6
+      }.freeze
+
+      class_methods do
+        extend ::Gitlab::Utils::Override
+
+        override :report_types
+        def report_types
+          @report_types ||= super.merge(REPORT_TYPES).sort_by(&:last).to_h.with_indifferent_access.freeze
+        end
+      end
+    end
+  end
+end

ee/app/models/ee/vulnerability.rb

@@ -59,9 +59,9 @@ module EE
       # keep the order of the values in the state enum, it is used in state_order method to properly order vulnerabilities based on state
       # remember to recreate index_vulnerabilities_on_state_case_id index when you update or extend this enum
       enum state: { detected: 1, confirmed: 4, resolved: 3, dismissed: 2 }
-      enum severity: ::Vulnerabilities::Finding::SEVERITY_LEVELS, _prefix: :severity
-      enum confidence: ::Vulnerabilities::Finding::CONFIDENCE_LEVELS, _prefix: :confidence
-      enum report_type: ::Vulnerabilities::Finding::REPORT_TYPES
+      enum severity: ::Enums::Vulnerability.severity_levels, _prefix: :severity
+      enum confidence: ::Enums::Vulnerability.confidence_levels, _prefix: :confidence
+      enum report_type: ::Enums::Vulnerability.report_types
 
       validates :project, :author, :title, :severity, :confidence, :report_type, presence: true
 

ee/app/models/security/finding.rb

@@ -16,10 +16,8 @@ module Security
 
     has_one :build, through: :scan
 
-    # TODO: These are duplicated between this model and Vulnerabilities::Finding,
-    # we should create a shared module to encapculate this in one place.
-    enum confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS, _prefix: :confidence
-    enum severity: Vulnerabilities::Finding::SEVERITY_LEVELS, _prefix: :severity
+    enum confidence: ::Enums::Vulnerability.confidence_levels, _prefix: :confidence
+    enum severity: ::Enums::Vulnerability.severity_levels, _prefix: :severity
 
     validates :project_fingerprint, presence: true, length: { maximum: 40 }
     validates :position, presence: true

ee/app/models/vulnerabilities/feedback.rb

@@ -15,7 +15,7 @@ module Vulnerabilities
     attr_accessor :vulnerability_data
 
     enum feedback_type: { dismissal: 0, issue: 1, merge_request: 2 }, _prefix: :for
-    enum category: ::Vulnerabilities::Finding::REPORT_TYPES
+    enum category: ::Enums::Vulnerability.report_types
 
     validates :project, presence: true
     validates :author, presence: true

ee/app/models/vulnerabilities/finding.rb

@@ -39,41 +39,9 @@ module Vulnerabilities
     attr_writer :sha
     attr_accessor :scan
 
-    CONFIDENCE_LEVELS = {
-      # undefined: 0, no longer applicable
-      ignore: 1,
-      unknown: 2,
-      experimental: 3,
-      low: 4,
-      medium: 5,
-      high: 6,
-      confirmed: 7
-    }.with_indifferent_access.freeze
-
-    SEVERITY_LEVELS = {
-      # undefined: 0, no longer applicable
-      info: 1,
-      unknown: 2,
-      # experimental: 3, formerly used by confidence, no longer applicable
-      low: 4,
-      medium: 5,
-      high: 6,
-      critical: 7
-    }.with_indifferent_access.freeze
-
-    REPORT_TYPES = {
-      sast: 0,
-      dependency_scanning: 1,
-      container_scanning: 2,
-      dast: 3,
-      secret_detection: 4,
-      coverage_fuzzing: 5,
-      api_fuzzing: 6
-    }.with_indifferent_access.freeze
-
-    enum confidence: CONFIDENCE_LEVELS, _prefix: :confidence
-    enum report_type: REPORT_TYPES
-    enum severity: SEVERITY_LEVELS, _prefix: :severity
+    enum confidence: ::Enums::Vulnerability.confidence_levels, _prefix: :confidence
+    enum report_type: ::Enums::Vulnerability.report_types
+    enum severity: ::Enums::Vulnerability.severity_levels, _prefix: :severity
 
     validates :scanner, presence: true
     validates :project, presence: true
@@ -124,7 +92,7 @@ module Vulnerabilities
 
     def self.counted_by_severity
       group(:severity).count.transform_keys do |severity|
-        SEVERITY_LEVELS[severity]
+        severities[severity]
       end
     end
 

ee/app/models/vulnerabilities/historical_statistic.rb

@@ -27,7 +27,7 @@ module Vulnerabilities
       select(
         arel_table[:date],
         arel_table[:total].sum.as('total'),
-        *Finding::SEVERITY_LEVELS.map { |severity, _| arel_table[severity].sum.as(severity.to_s) }
+        *::Enums::Vulnerability.severity_levels.map { |severity, _| arel_table[severity].sum.as(severity.to_s) }
       )
     end
     scope :grouped_by_date, -> (sort = :asc) do

ee/app/services/security/dependency_list_service.rb

@@ -75,7 +75,7 @@ module Security
         level_i = dep_i.dig(:vulnerabilities, 0, :severity) || :info
         level_j = dep_j.dig(:vulnerabilities, 0, :severity) || :info
 
-        ::Vulnerabilities::Finding::SEVERITY_LEVELS[level_j] <=> ::Vulnerabilities::Finding::SEVERITY_LEVELS[level_i]
+        ::Enums::Vulnerability.severity_levels[level_j] <=> ::Enums::Vulnerability.severity_levels[level_i]
       end
     end
   end

ee/app/services/security/merge_reports_service.rb

@@ -72,8 +72,8 @@ module Security
         if a_severity == b_severity
           a.compare_key <=> b.compare_key
         else
-          Vulnerabilities::Finding::SEVERITY_LEVELS[b_severity] <=>
-            Vulnerabilities::Finding::SEVERITY_LEVELS[a_severity]
+          ::Enums::Vulnerability.severity_levels[b_severity] <=>
+            ::Enums::Vulnerability.severity_levels[a_severity]
         end
       end
     end

ee/app/services/security/report_summary_service.rb

@@ -5,7 +5,7 @@ module Security
     include Gitlab::Utils::StrongMemoize
 
     # @param [Ci::Pipeline] pipeline
-    # @param [Hash[Symbol, Array[Symbol]] selection_information keys must be in the set of Vulnerabilities::Finding::REPORT_TYPES for example: {dast: [:scanned_resources_count, :vulnerabilities_count], container_scanning:[:vulnerabilities_count]}
+    # @param [Hash[Symbol, Array[Symbol]] selection_information keys must be in the set of Enums::Vulnerability.report_types for example: {dast: [:scanned_resources_count, :vulnerabilities_count], container_scanning:[:vulnerabilities_count]}
     def initialize(pipeline, selection_information)
       @pipeline = pipeline
       @selection_information = selection_information

ee/app/services/security/scanned_resources_counting_service.rb

@@ -6,7 +6,7 @@ module Security
   #
   class ScannedResourcesCountingService
     # @param [Ci::Pipeline] pipeline
-    # @param Array[Symbol] report_types Summary report types. Valid values are members of Vulnerabilities::Finding::REPORT_TYPES
+    # @param Array[Symbol] report_types Summary report types. Valid values are members of Enums::Vulnerability.report_types
     def initialize(pipeline, report_types)
       @pipeline = pipeline
       @report_types = report_types

ee/app/services/security/scanned_resources_service.rb

@@ -6,7 +6,7 @@ module Security
   #
   class ScannedResourcesService
     # @param [Ci::Pipeline] pipeline
-    # @param Array[Symbol] report_types Summary report types. Valid values are members of Vulnerabilities::Finding::REPORT_TYPES
+    # @param Array[Symbol] report_types Summary report types. Valid values are members of Enums::Vulnerability.report_types
     # @param [Int] The maximum number of scanned resources to return
     def initialize(pipeline, report_types, limit = nil)
       @pipeline = pipeline

ee/app/services/security/vulnerability_counting_service.rb

@@ -6,7 +6,7 @@ module Security
   #
   class VulnerabilityCountingService
     # @param [Ci::Pipeline] pipeline
-    # @param Array[String] report_types Summary report types. Valid values are members of Vulnerabilities::Finding::REPORT_TYPES
+    # @param Array[String] report_types Summary report types. Valid values are members of Enums::Vulnerability.report_types
     def initialize(pipeline, report_types)
       @pipeline = pipeline
       @report_types = report_types

ee/db/fixtures/development/20_vulnerabilities.rb

@@ -128,15 +128,15 @@ class Gitlab::Seeder::Vulnerabilities
   end
 
   def random_confidence_level
-    ::Vulnerabilities::Finding::CONFIDENCE_LEVELS.keys.sample
+    ::Enums::Vulnerability.confidence_levels.keys.sample
   end
 
   def random_severity_level
-    ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.sample
+    ::Enums::Vulnerability.severity_levels.keys.sample
   end
 
   def random_report_type
-    ::Vulnerabilities::Finding::REPORT_TYPES.keys.sample
+    ::Enums::Vulnerability.report_types.keys.sample
   end
 
   def metadata(line)

ee/lib/gitlab/ci/parsers/security/common.rb

@@ -136,13 +136,13 @@ module Gitlab
           end
 
           def parse_severity_level(input)
-            return input if ::Vulnerabilities::Finding::SEVERITY_LEVELS.key?(input)
+            return input if ::Enums::Vulnerability.severity_levels.key?(input)
 
             'unknown'
           end
 
           def parse_confidence_level(input)
-            return input if ::Vulnerabilities::Finding::CONFIDENCE_LEVELS.key?(input)
+            return input if ::Enums::Vulnerability.confidence_levels.key?(input)
 
             'unknown'
           end

ee/spec/factories/vulnerabilities.rb

@@ -46,13 +46,13 @@ FactoryBot.define do
       severity { :low }
     end
 
-    ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.each do |severity_level|
+    ::Enums::Vulnerability.severity_levels.keys.each do |severity_level|
       trait severity_level do
         severity { severity_level }
       end
     end
 
-    ::Vulnerabilities::Finding::REPORT_TYPES.keys.each do |report_type|
+    ::Enums::Vulnerability.report_types.keys.each do |report_type|
       trait report_type do
         report_type { report_type }
       end

ee/spec/factories/vulnerabilities/findings.rb

@@ -237,7 +237,7 @@ FactoryBot.define do
       end
     end
 
-    ::Vulnerabilities::Finding::REPORT_TYPES.keys.each do |security_report_type|
+    ::Enums::Vulnerability.report_types.keys.each do |security_report_type|
       trait security_report_type do
         report_type { security_report_type }
       end

ee/spec/graphql/types/vulnerability_severities_count_type_spec.rb

@@ -4,7 +4,7 @@ require 'spec_helper'
 
 RSpec.describe GitlabSchema.types['VulnerabilitySeveritiesCount'] do
   let_it_be(:fields) do
-    ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys
+    ::Enums::Vulnerability.severity_levels.keys
   end
 
   it { expect(described_class).to have_graphql_fields(fields) }

ee/spec/lib/ee/gitlab/background_migration/update_vulnerabilities_from_dismissal_feedback_spec.rb

@@ -13,9 +13,9 @@ RSpec.describe Gitlab::BackgroundMigration::UpdateVulnerabilitiesFromDismissalFe
   let(:feedback) { table(:vulnerability_feedback) }
   let(:namespaces) { table(:namespaces)}
 
-  let(:severity) { Vulnerabilities::Finding::SEVERITY_LEVELS[:unknown] }
-  let(:confidence) { Vulnerabilities::Finding::CONFIDENCE_LEVELS[:medium] }
-  let(:report_type) { Vulnerabilities::Finding::REPORT_TYPES[:sast] }
+  let(:severity) { ::Enums::Vulnerability.severity_levels[:unknown] }
+  let(:confidence) { ::Enums::Vulnerability.confidence_levels[:medium] }
+  let(:report_type) { ::Enums::Vulnerability.report_types[:sast] }
 
   let!(:user) { users.create!(email: 'author@example.com', username: 'author', projects_limit: 10) }
   let!(:project) { projects.create!(namespace_id: namespace.id, name: 'gitlab', path: 'gitlab') }

ee/spec/lib/ee/gitlab/background_migration/update_vulnerabilities_to_dismissed_spec.rb

@@ -12,9 +12,9 @@ RSpec.describe Gitlab::BackgroundMigration::UpdateVulnerabilitiesToDismissed, :m
   let(:identifiers) { table(:vulnerability_identifiers) }
   let(:feedback) { table(:vulnerability_feedback) }
 
-  let(:severity) { Vulnerabilities::Finding::SEVERITY_LEVELS[:unknown] }
-  let(:confidence) { Vulnerabilities::Finding::CONFIDENCE_LEVELS[:medium] }
-  let(:report_type) { Vulnerabilities::Finding::REPORT_TYPES[:sast] }
+  let(:severity) { ::Enums::Vulnerability.severity_levels[:unknown] }
+  let(:confidence) { ::Enums::Vulnerability.confidence_levels[:medium] }
+  let(:report_type) { ::Enums::Vulnerability.report_types[:sast] }
 
   let!(:user) { users.create!(id: 13, email: 'author@example.com', username: 'author', projects_limit: 10) }
   let!(:project) { projects.create!(id: 123, namespace_id: 12, name: 'gitlab', path: 'gitlab') }

ee/spec/lib/gitlab/ci/reports/security/vulnerability_reports_comparer_spec.rb

@@ -5,10 +5,10 @@ require 'spec_helper'
 RSpec.describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do
   let(:identifier) { build(:vulnerabilities_identifier) }
 
-  let(:base_vulnerability) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '123', confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Finding::SEVERITY_LEVELS[:critical]) }
+  let(:base_vulnerability) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '123', confidence: ::Enums::Vulnerability.confidence_levels[:high], severity: ::Enums::Vulnerability.severity_levels[:critical]) }
   let(:base_report) { build(:ci_reports_security_aggregated_reports, findings: [base_vulnerability])}
 
-  let(:head_vulnerability) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '123', confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Finding::SEVERITY_LEVELS[:critical]) }
+  let(:head_vulnerability) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '123', confidence: ::Enums::Vulnerability.confidence_levels[:high], severity: ::Enums::Vulnerability.severity_levels[:critical]) }
   let(:head_report) { build(:ci_reports_security_aggregated_reports, findings: [head_vulnerability])}
 
   before do
@@ -62,8 +62,8 @@ RSpec.describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do
       end
 
       context 'new vulnerabilities' do
-        let(:vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS[:medium]) }
-        let(:low_vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS[:low]) }
+        let(:vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: ::Enums::Vulnerability.confidence_levels[:medium]) }
+        let(:low_vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: ::Enums::Vulnerability.confidence_levels[:low]) }
         let(:base_report) { build(:ci_reports_security_aggregated_reports, findings: [base_vulnerability, vuln])}
         let(:head_report) { build(:ci_reports_security_aggregated_reports, findings: [head_vulnerability, vuln, low_vuln])}
 
@@ -75,8 +75,8 @@ RSpec.describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do
   end
 
   describe '#added' do
-    let(:vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Finding::SEVERITY_LEVELS[:critical]) }
-    let(:low_vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Finding::SEVERITY_LEVELS[:low]) }
+    let(:vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: ::Enums::Vulnerability.confidence_levels[:high], severity: Enums::Vulnerability.severity_levels[:critical]) }
+    let(:low_vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: ::Enums::Vulnerability.confidence_levels[:high], severity: Enums::Vulnerability.severity_levels[:low]) }
 
     context 'with new vulnerability' do
       let(:head_report) { build(:ci_reports_security_aggregated_reports, findings: [head_vulnerability, vuln])}
@@ -107,7 +107,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do
 
   describe '#fixed' do
     let(:vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888') }
-    let(:medium_vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Finding::SEVERITY_LEVELS[:medium]) }
+    let(:medium_vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: ::Enums::Vulnerability.confidence_levels[:high], severity: Enums::Vulnerability.severity_levels[:medium]) }
 
     context 'with fixed vulnerability' do
       let(:base_report) { build(:ci_reports_security_aggregated_reports, findings: [base_vulnerability, vuln])}

ee/spec/migrations/migrate_vulnerability_dismissal_feedback_spec.rb

@@ -16,9 +16,9 @@ RSpec.describe MigrateVulnerabilityDismissalFeedback, :migration, :sidekiq do
   let(:vulnerabilities) { table(:vulnerabilities) }
 
   let(:dismissed_state) { Gitlab::BackgroundMigration::UpdateVulnerabilitiesFromDismissalFeedback::VULNERABILITY_DISMISSED_STATE }
-  let(:severity) { Vulnerabilities::Finding::SEVERITY_LEVELS[:unknown] }
-  let(:confidence) { Vulnerabilities::Finding::CONFIDENCE_LEVELS[:medium] }
-  let(:report_type) { Vulnerabilities::Finding::REPORT_TYPES[:sast] }
+  let(:severity) { ::Enums::Vulnerability.severity_levels[:unknown] }
+  let(:confidence) { ::Enums::Vulnerability.confidence_levels[:medium] }
+  let(:report_type) { ::Enums::Vulnerability.report_types[:sast] }
 
   before do
     stub_const("#{described_class.name}::BATCH_SIZE", 1)

ee/spec/migrations/migrate_vulnerability_dismissals_spec.rb

@@ -16,9 +16,9 @@ RSpec.describe MigrateVulnerabilityDismissals, :migration, :sidekiq do
   let(:vulnerabilities) { table(:vulnerabilities) }
 
   let(:detected_state) {  Gitlab::BackgroundMigration::UpdateVulnerabilitiesToDismissed::VULNERABILITY_DETECTED }
-  let(:severity) { Vulnerabilities::Finding::SEVERITY_LEVELS[:unknown] }
-  let(:confidence) { Vulnerabilities::Finding::CONFIDENCE_LEVELS[:medium] }
-  let(:report_type) { Vulnerabilities::Finding::REPORT_TYPES[:sast] }
+  let(:severity) { ::Enums::Vulnerability.severity_levels[:unknown] }
+  let(:confidence) { ::Enums::Vulnerability.confidence_levels[:medium] }
+  let(:report_type) { ::Enums::Vulnerability.report_types[:sast] }
 
   before do
     stub_const("#{described_class.name}::BATCH_SIZE", 1)

ee/spec/models/vulnerabilities/finding_spec.rb

@@ -82,9 +82,9 @@ RSpec.describe Vulnerabilities::Finding do
   end
 
   context 'order' do
-    let!(:finding1) { create(:vulnerabilities_finding, confidence: described_class::CONFIDENCE_LEVELS[:high], severity:   described_class::SEVERITY_LEVELS[:high]) }
-    let!(:finding2) { create(:vulnerabilities_finding, confidence: described_class::CONFIDENCE_LEVELS[:medium], severity: described_class::SEVERITY_LEVELS[:critical]) }
-    let!(:finding3) { create(:vulnerabilities_finding, confidence: described_class::CONFIDENCE_LEVELS[:high], severity:   described_class::SEVERITY_LEVELS[:critical]) }
+    let!(:finding1) { create(:vulnerabilities_finding, confidence: ::Enums::Vulnerability.confidence_levels[:high], severity: ::Enums::Vulnerability.severity_levels[:high]) }
+    let!(:finding2) { create(:vulnerabilities_finding, confidence: ::Enums::Vulnerability.confidence_levels[:medium], severity: ::Enums::Vulnerability.severity_levels[:critical]) }
+    let!(:finding3) { create(:vulnerabilities_finding, confidence: ::Enums::Vulnerability.confidence_levels[:high], severity: ::Enums::Vulnerability.severity_levels[:critical]) }
 
     it 'orders by severity and confidence' do
       expect(described_class.all.ordered).to eq([finding3, finding2, finding1])
@@ -139,7 +139,7 @@ RSpec.describe Vulnerabilities::Finding do
     subject { described_class.by_report_types(param) }
 
     context 'with one param' do
-      let(:param) { Vulnerabilities::Finding::REPORT_TYPES['sast'] }
+      let(:param) { Vulnerabilities::Finding.report_types['sast'] }
 
       it 'returns found record' do
         is_expected.to contain_exactly(vulnerability_sast)
@@ -149,11 +149,11 @@ RSpec.describe Vulnerabilities::Finding do
     context 'with array of params' do
       let(:param) do
         [
-          Vulnerabilities::Finding::REPORT_TYPES['dependency_scanning'],
-          Vulnerabilities::Finding::REPORT_TYPES['dast'],
-          Vulnerabilities::Finding::REPORT_TYPES['secret_detection'],
-          Vulnerabilities::Finding::REPORT_TYPES['coverage_fuzzing'],
-          Vulnerabilities::Finding::REPORT_TYPES['api_fuzzing']
+          Vulnerabilities::Finding.report_types['dependency_scanning'],
+          Vulnerabilities::Finding.report_types['dast'],
+          Vulnerabilities::Finding.report_types['secret_detection'],
+          Vulnerabilities::Finding.report_types['coverage_fuzzing'],
+          Vulnerabilities::Finding.report_types['api_fuzzing']
         ]
       end
 
@@ -168,7 +168,7 @@ RSpec.describe Vulnerabilities::Finding do
     end
 
     context 'without found record' do
-      let(:param) { Vulnerabilities::Finding::REPORT_TYPES['container_scanning']}
+      let(:param) { ::Enums::Vulnerability.report_types['container_scanning']}
 
       it 'returns empty collection' do
         is_expected.to be_empty