Decouple from license scan report v1 structure

This change updates the dependency list parser to delegate
to the license report parser to parse the license report
json. This ensures that upgrades to the license report
schema do not break the functionality in the dependency list.

ee/changelogs/unreleased/13083-delegate-to-parser.yml

+---
+title: Decouple dependency list parser from v1.0 license scanning report
+merge_request: 18103
+author:
+type: fixed

ee/lib/gitlab/ci/parsers/security/dependency_list.rb

@@ -22,8 +22,8 @@ module Gitlab
           end
 
           def parse_licenses!(json_data, report)
-            licenses = JSON.parse(json_data, symbolize_names: true)
-            licenses[:dependencies].each do |license|
+            license_report = ::Gitlab::Ci::Reports::LicenseScanning::Report.parse_from(json_data)
+            license_report.licenses.each do |license|
               report.apply_license(license)
             end
           end

ee/lib/gitlab/ci/reports/dependency_list/report.rb

@@ -17,10 +17,10 @@ module Gitlab
 
           def apply_license(license)
             dependencies.each do |dependency|
-              next unless dependency[:name] == license[:dependency][:name]
-              next if dependency[:licenses].include?(license[:license])
+              next unless license.dependencies.find { |license_dependency| license_dependency.name == dependency[:name] }
+              next if dependency[:licenses].find { |license_hash| license_hash[:name] == license.name }
 
-              dependency[:licenses] << license[:license]
+              dependency[:licenses].push(name: license.name, url: license.url)
             end
           end
         end

ee/lib/gitlab/ci/reports/license_scanning/report.rb

@@ -49,6 +49,12 @@ module Gitlab
             found_licenses.empty?
           end
 
+          def self.parse_from(json)
+            new.tap do |report|
+              ::Gitlab::Ci::Parsers::LicenseCompliance::LicenseScanning.new.parse!(json, report)
+            end
+          end
+
           private
 
           def canonicalize(name)

ee/spec/lib/gitlab/ci/reports/dependency_list/report_spec.rb

@@ -20,24 +20,17 @@ describe Gitlab::Ci::Reports::DependencyList::Report do
   describe '#apply_license' do
     subject { report.dependencies.last[:licenses].size }
 
-    let(:license) do
-      {
-        dependency: {
-          name: 'nokogiri'
-        },
-        license: {
-          name:       'MIT',
-          url:        'http://opensource.org/licenses/mit-license'
-        }
-      }
-    end
+    let(:license) { build(:ci_reports_license_management_report, :mit).licenses.first }
 
     before do
+      license.add_dependency(name_of_dependency_with_license)
       report.add_dependency(dependency)
       report.apply_license(license)
     end
 
     context 'with matching dependency' do
+      let(:name_of_dependency_with_license) { dependency[:name] }
+
       context 'with empty license list' do
         let(:dependency) { build :dependency }
 
@@ -57,6 +50,7 @@ describe Gitlab::Ci::Reports::DependencyList::Report do
 
     context 'without matching dependency' do
       let(:dependency) { build :dependency, name: 'irigokon' }
+      let(:name_of_dependency_with_license) { dependency[:name].reverse }
 
       it 'does not apply the license at all' do
         is_expected.to eq(0)

ee/spec/lib/gitlab/ci/reports/license_scanning/report_spec.rb

@@ -68,4 +68,13 @@ describe Gitlab::Ci::Reports::LicenseScanning::Report do
     it { expect(empty_report).to be_empty }
     it { expect(completed_report).not_to be_empty }
   end
+
+  describe ".parse_from" do
+    context "when parsing a v1 report" do
+      subject { described_class.parse_from(v1_json) }
+      let(:v1_json) { fixture_file('security_reports/master/gl-license-management-report.json', dir: 'ee') }
+
+      specify { expect(subject.licenses.count).to eq(4) }
+    end
+  end
 end