Merge branch...

Merge branch '322803-vulnerability_findings-api-does-not-correctly-filter-on-scanner-parameter-2' into 'master'

Remove `scanner` parameter from vulnerability_findings REST endpoint

See merge request gitlab-org/gitlab!55453

doc/api/vulnerability_findings.md

@@ -49,7 +49,6 @@ GET /projects/:id/vulnerability_findings?scope=all
 GET /projects/:id/vulnerability_findings?scope=dismissed
 GET /projects/:id/vulnerability_findings?severity=high
 GET /projects/:id/vulnerability_findings?confidence=unknown,experimental
-GET /projects/:id/vulnerability_findings?scanner=bandit,find_sec_bugs
 GET /projects/:id/vulnerability_findings?pipeline_id=42
 ```
 
@@ -63,7 +62,6 @@ Beginning with GitLab 12.9, the `undefined` severity and confidence level is no
 | `scope`       | string         | no       | Returns vulnerability findings for the given scope: `all` or `dismissed`. Defaults to `dismissed`.                                                                                  |
 | `severity`    | string array   | no       | Returns vulnerability findings belonging to specified severity level: `info`, `unknown`, `low`, `medium`, `high`, or `critical`. Defaults to all.                                   |
 | `confidence`  | string array   | no       | Returns vulnerability findings belonging to specified confidence level: `ignore`, `unknown`, `experimental`, `low`, `medium`, `high`, or `confirmed`. Defaults to all.              |
-| `scanner`     | string array   | no       | Returns vulnerability findings detected by specified scanner.
 | `pipeline_id` | integer/string | no       | Returns vulnerability findings belonging to specified pipeline.                                                                                                                     |
 
 ```shell

ee/changelogs/unreleased/322803-vulnerability_findings-api-does-not-correctly-filter-on-scanner-pa.yml

+---
+title: Remove scanner parameter from vulnerability_findings REST endpoint
+merge_request: 55453
+author: Thiago Figueiro @thiagocsf
+type: changed

ee/lib/api/vulnerability_findings.rb

@@ -76,10 +76,6 @@ module API
                        'Defaults to all',
                  values: ::Vulnerabilities::Finding.confidences.keys,
                  default: ::Vulnerabilities::Finding.confidences.keys
-        optional :scanner,
-                 type: Array[String],
-                 coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce,
-                 desc: 'Returns vulnerabilities detected by specified scanners'
         optional :pipeline_id, type: String, desc: 'The ID of the pipeline'
 
         use :pagination

ee/spec/requests/api/vulnerability_findings_spec.rb

@@ -179,14 +179,6 @@ RSpec.describe API::VulnerabilityFindings do
           expect(response).to have_gitlab_http_status(:bad_request)
         end
 
-        it 'returns vulnerabilities detected by bandit and find_sec_bugs scanners' do
-          get api(project_vulnerability_findings_path, user), params: { scanner: 'bandit,find_sec_bugs' }.merge(pagination)
-
-          expect(response).to have_gitlab_http_status(:ok)
-
-          expect(json_response.map { |v| v.dig('scanner', 'external_id') }.uniq).to match_array %w[bandit find_sec_bugs]
-        end
-
         context 'when pipeline_id is supplied' do
           it 'returns vulnerabilities from supplied pipeline' do
             finding_count = (sast_report.findings.count + ds_report.findings.count - 1).to_s