Merge branch '341313-remove-vet-feature-flag' into 'master'

Remove vulnerability flags feature flag See merge request gitlab-org/gitlab!71966

Merge branch '341313-remove-vet-feature-flag' into 'master'
Remove vulnerability flags feature flag See merge request gitlab-org/gitlab!71966
3ca39cfb · Dylan Griffith · 6f1fc23f · d80460b1 · 3ca39cfb · 6f1fc23f
Commit 3ca39cfb authored Oct 11, 2021 by Dylan Griffith
19 changed files
--- a/app/views/projects/merge_requests/_widget.html.haml
+++ b/app/views/projects/merge_requests/_widget.html.haml
@@ -19,6 +19,6 @@
      window.gl.mrWidgetData.pipelines_empty_svg_path = '#{image_path('illustrations/pipelines_empty.svg')}';
      window.gl.mrWidgetData.codequality_help_path = '#{help_page_path("user/project/merge_requests/code_quality", anchor: "code-quality-reports")}';
      window.gl.mrWidgetData.false_positive_doc_url = '#{help_page_path('user/application_security/vulnerabilities/index')}';
-      window.gl.mrWidgetData.can_view_false_positive = '#{(Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && @merge_request.project.licensed_feature_available?(:sast_fp_reduction)).to_s}';
+      window.gl.mrWidgetData.can_view_false_positive = '#{@merge_request.project.licensed_feature_available?(:sast_fp_reduction).to_s}';

  #js-vue-mr-widget.mr-widget
--- a/config/feature_flags/development/vulnerability_flags.yml
+++ b/config/feature_flags/development/vulnerability_flags.yml
---
-name: vulnerability_flags
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66775
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/340203
-milestone: '14.3'
-type: development
-group: group::static analysis
-default_enabled: true
--- a/doc/user/application_security/sast/index.md
+++ b/doc/user/application_security/sast/index.md
@@ -365,9 +365,6 @@ To create a custom ruleset:

 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/292686) in GitLab 14.2.

-FLAG:
-On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the `vulnerability_flags` flag](../../../administration/feature_flags.md). On GitLab.com, this feature is available.
-
 Vulnerabilities that have been detected and are false positives will be flagged as false positives in the security dashboard.

 ### Using CI/CD variables to pass credentials for private repositories

--- a/ee/app/finders/security/findings_finder.rb
+++ b/ee/app/finders/security/findings_finder.rb
@@ -82,7 +82,7 @@ module Security
    end

    def calculate_false_positive?
-      ::Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && project.licensed_feature_available?(:sast_fp_reduction)
+      project.licensed_feature_available?(:sast_fp_reduction)
    end

    def existing_vulnerabilities

--- a/ee/app/finders/security/pipeline_vulnerabilities_finder.rb
+++ b/ee/app/finders/security/pipeline_vulnerabilities_finder.rb
@@ -113,7 +113,7 @@ module Security

    def calculate_false_positive?
      project = pipeline.project
-      ::Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && project.licensed_feature_available?(:sast_fp_reduction)
+      project.licensed_feature_available?(:sast_fp_reduction)
    end

    def filter(findings)

--- a/ee/app/graphql/types/pipeline_security_report_finding_type.rb
+++ b/ee/app/graphql/types/pipeline_security_report_finding_type.rb
@@ -94,7 +94,7 @@ module Types
    private

    def expose_false_positive?
-      Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && object.project.licensed_feature_available?(:sast_fp_reduction)
+      object.project.licensed_feature_available?(:sast_fp_reduction)
    end
  end
  # rubocop: enable Graphql/AuthorizeTypes

--- a/ee/app/graphql/types/vulnerability_type.rb
+++ b/ee/app/graphql/types/vulnerability_type.rb
@@ -167,7 +167,7 @@ module Types
    private

    def expose_false_positive?
-      Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && object.project.licensed_feature_available?(:sast_fp_reduction)
+      object.project.licensed_feature_available?(:sast_fp_reduction)
    end
  end
 end
--- a/ee/app/helpers/ee/projects_helper.rb
+++ b/ee/app/helpers/ee/projects_helper.rb
@@ -203,7 +203,7 @@ module EE
    end

    def can_view_false_positive?
-      (::Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && project.licensed_feature_available?(:sast_fp_reduction)).to_s
+      project.licensed_feature_available?(:sast_fp_reduction).to_s
    end

    def can_update_security_orchestration_policy_project?(project)

--- a/ee/app/helpers/groups/security_features_helper.rb
+++ b/ee/app/helpers/groups/security_features_helper.rb
@@ -28,7 +28,7 @@ module Groups::SecurityFeaturesHelper
      scanners: VulnerabilityScanners::ListService.new(group).execute.to_json,
      can_admin_vulnerability: can?(current_user, :admin_vulnerability, group).to_s,
      false_positive_doc_url: help_page_path('user/application_security/vulnerabilities/index'),
-      can_view_false_positive:  (::Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && group.licensed_feature_available?(:sast_fp_reduction)).to_s
+      can_view_false_positive: group.licensed_feature_available?(:sast_fp_reduction).to_s
    }
  end
 end
--- a/ee/app/helpers/security_helper.rb
+++ b/ee/app/helpers/security_helper.rb
@@ -19,7 +19,7 @@ module SecurityHelper
  end

  def can_view_false_positive?
-    (::Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && ::License.feature_available?(:sast_fp_reduction)).to_s
+    ::License.feature_available?(:sast_fp_reduction).to_s
  end

  def security_dashboard_unavailable_view_data

--- a/ee/app/serializers/vulnerabilities/finding_entity.rb
+++ b/ee/app/serializers/vulnerabilities/finding_entity.rb
@@ -62,7 +62,7 @@ class Vulnerabilities::FindingEntity < Grape::Entity

  def expose_false_positive?
    project = occurrence.project
-    ::Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && project.licensed_feature_available?(:sast_fp_reduction)
+    project.licensed_feature_available?(:sast_fp_reduction)
  end
 end


--- a/ee/app/services/security/store_report_service.rb
+++ b/ee/app/services/security/store_report_service.rb
@@ -61,7 +61,7 @@ module Security
      update_vulnerabilities_identifiers
      update_vulnerabilities_finding_identifiers

-      if ::Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && project.licensed_feature_available?(:sast_fp_reduction)
+      if project.licensed_feature_available?(:sast_fp_reduction)
        create_vulnerability_flags_info
      end


--- a/ee/app/views/projects/pipelines/_tabs_content.html.haml
+++ b/ee/app/views/projects/pipelines/_tabs_content.html.haml
@@ -24,7 +24,7 @@
    commit_path_template: commit_path_template(project),
    can_admin_vulnerability: can?(current_user, :admin_vulnerability, project).to_s,
    false_positive_doc_url: help_page_path('user/application_security/vulnerabilities/index'),
-    can_view_false_positive: (::Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && project.licensed_feature_available?(:sast_fp_reduction)).to_s,
+    can_view_false_positive: project.licensed_feature_available?(:sast_fp_reduction).to_s,
    security_report_help_page_link: help_page_path('user/application_security/index', anchor: 'security-report-validation') } }

 - if pipeline.expose_license_scanning_data?

--- a/ee/app/views/projects/security/vulnerabilities/show.html.haml
+++ b/ee/app/views/projects/security/vulnerabilities/show.html.haml
@@ -7,5 +7,5 @@

 #js-vulnerability-main{ data: { vulnerability: vulnerability_details_json(@vulnerability, @pipeline),
                                false_positive_doc_url: help_page_path('user/application_security/vulnerabilities/index'),
-                                can_view_false_positive: (::Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && @project.licensed_feature_available?(:sast_fp_reduction)).to_s,
+                                can_view_false_positive: @project.licensed_feature_available?(:sast_fp_reduction).to_s,
                                commit_path_template: commit_path_template(@project) } }
--- a/ee/spec/finders/security/pipeline_vulnerabilities_finder_spec.rb
+++ b/ee/spec/finders/security/pipeline_vulnerabilities_finder_spec.rb
@@ -154,16 +154,6 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do

            expect(subject.findings).to all(have_attributes(vulnerability_flags: be_empty))
          end
-
-          context 'with vulnerability_flags FF disabled' do
-            before do
-              stub_feature_flags(vulnerability_flags: false)
-            end
-
-            it 'does not include findings with false-positive' do
-              expect(subject.findings).to all(have_attributes(vulnerability_flags: be_empty))
-            end
-          end
        end
      end


--- a/ee/spec/graphql/types/pipeline_security_report_finding_type_spec.rb
+++ b/ee/spec/graphql/types/pipeline_security_report_finding_type_spec.rb
@@ -86,17 +86,5 @@ RSpec.describe GitlabSchema.types['PipelineSecurityReportFinding'] do
        expect(vulnerabilities.first['falsePositive']).to be_nil
      end
    end
-
-    context 'when vulnerability_flags FF has been disabled' do
-      before do
-        stub_feature_flags(vulnerability_flags: false)
-      end
-
-      it 'returns nil for false-positive field' do
-        vulnerabilities = subject.dig('data', 'project', 'pipeline', 'securityReportFindings', 'nodes')
-
-        expect(vulnerabilities.first['falsePositive']).to be_nil
-      end
-    end
  end
 end
--- a/ee/spec/graphql/types/vulnerability_type_spec.rb
+++ b/ee/spec/graphql/types/vulnerability_type_spec.rb
@@ -159,18 +159,6 @@ RSpec.describe GitlabSchema.types['Vulnerability'] do
        expect(vulnerabilities.first['falsePositive']).to be(false)
      end
    end
-
-    context 'when vulnerability_flags FF has been disabled' do
-      before do
-        stub_feature_flags(vulnerability_flags: false)
-      end
-
-      it 'returns nil' do
-        vulnerabilities = subject.dig('data', 'project', 'vulnerabilities', 'nodes')
-
-        expect(vulnerabilities.first['falsePositive']).to be_nil
-      end
-    end
  end

  describe '#description' do

--- a/ee/spec/serializers/vulnerabilities/finding_entity_spec.rb
+++ b/ee/spec/serializers/vulnerabilities/finding_entity_spec.rb
@@ -77,12 +77,6 @@ RSpec.describe Vulnerabilities::FindingEntity do
        expect(subject[:false_positive]).to be(true)
      end

-      it 'does not contain false_positive field if feature_flag is disabled' do
-        stub_feature_flags(vulnerability_flags: false)
-
-        expect(subject).not_to include(:false_positive)
-      end
-
      it 'does not contain false_positive field if license is not available' do
        stub_licensed_features(sast_fp_reduction: false)


--- a/ee/spec/services/security/store_report_service_spec.rb
+++ b/ee/spec/services/security/store_report_service_spec.rb
@@ -81,22 +81,6 @@ RSpec.describe Security::StoreReportService, '#execute', :snowplow do
                )
              end
            end
-
-            context 'with vulnerability_flags disabled' do
-              before do
-                stub_feature_flags(vulnerability_flags: false)
-              end
-
-              it 'does not insert any vulnerability flag' do
-                expect { subject }.to change { Vulnerabilities::Flag.count }.by(0)
-              end
-
-              it 'does not track a snowplow event' do
-                subject
-
-                expect_no_snowplow_event
-              end
-            end
          end

          it 'inserts all finding links' do