Commit d80460b1 authored by Fernando's avatar Fernando

Remove vulnerability flags feature flag

* Remove feature flag checks
* Update unit test
* Remove yaml file
* Remove doc reference to feature flag

Changelog: changed
parent 4fe41b1e
...@@ -19,6 +19,6 @@ ...@@ -19,6 +19,6 @@
window.gl.mrWidgetData.pipelines_empty_svg_path = '#{image_path('illustrations/pipelines_empty.svg')}'; window.gl.mrWidgetData.pipelines_empty_svg_path = '#{image_path('illustrations/pipelines_empty.svg')}';
window.gl.mrWidgetData.codequality_help_path = '#{help_page_path("user/project/merge_requests/code_quality", anchor: "code-quality-reports")}'; window.gl.mrWidgetData.codequality_help_path = '#{help_page_path("user/project/merge_requests/code_quality", anchor: "code-quality-reports")}';
window.gl.mrWidgetData.false_positive_doc_url = '#{help_page_path('user/application_security/vulnerabilities/index')}'; window.gl.mrWidgetData.false_positive_doc_url = '#{help_page_path('user/application_security/vulnerabilities/index')}';
window.gl.mrWidgetData.can_view_false_positive = '#{(Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && @merge_request.project.licensed_feature_available?(:sast_fp_reduction)).to_s}'; window.gl.mrWidgetData.can_view_false_positive = '#{@merge_request.project.licensed_feature_available?(:sast_fp_reduction).to_s}';
#js-vue-mr-widget.mr-widget #js-vue-mr-widget.mr-widget
---
name: vulnerability_flags
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66775
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/340203
milestone: '14.3'
type: development
group: group::static analysis
default_enabled: true
...@@ -365,9 +365,6 @@ To create a custom ruleset: ...@@ -365,9 +365,6 @@ To create a custom ruleset:
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/292686) in GitLab 14.2. > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/292686) in GitLab 14.2.
FLAG:
On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the `vulnerability_flags` flag](../../../administration/feature_flags.md). On GitLab.com, this feature is available.
Vulnerabilities that have been detected and are false positives will be flagged as false positives in the security dashboard. Vulnerabilities that have been detected and are false positives will be flagged as false positives in the security dashboard.
### Using CI/CD variables to pass credentials for private repositories ### Using CI/CD variables to pass credentials for private repositories
......
...@@ -82,7 +82,7 @@ module Security ...@@ -82,7 +82,7 @@ module Security
end end
def calculate_false_positive? def calculate_false_positive?
::Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && project.licensed_feature_available?(:sast_fp_reduction) project.licensed_feature_available?(:sast_fp_reduction)
end end
def existing_vulnerabilities def existing_vulnerabilities
......
...@@ -113,7 +113,7 @@ module Security ...@@ -113,7 +113,7 @@ module Security
def calculate_false_positive? def calculate_false_positive?
project = pipeline.project project = pipeline.project
::Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && project.licensed_feature_available?(:sast_fp_reduction) project.licensed_feature_available?(:sast_fp_reduction)
end end
def filter(findings) def filter(findings)
......
...@@ -94,7 +94,7 @@ module Types ...@@ -94,7 +94,7 @@ module Types
private private
def expose_false_positive? def expose_false_positive?
Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && object.project.licensed_feature_available?(:sast_fp_reduction) object.project.licensed_feature_available?(:sast_fp_reduction)
end end
end end
# rubocop: enable Graphql/AuthorizeTypes # rubocop: enable Graphql/AuthorizeTypes
......
...@@ -167,7 +167,7 @@ module Types ...@@ -167,7 +167,7 @@ module Types
private private
def expose_false_positive? def expose_false_positive?
Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && object.project.licensed_feature_available?(:sast_fp_reduction) object.project.licensed_feature_available?(:sast_fp_reduction)
end end
end end
end end
...@@ -203,7 +203,7 @@ module EE ...@@ -203,7 +203,7 @@ module EE
end end
def can_view_false_positive? def can_view_false_positive?
(::Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && project.licensed_feature_available?(:sast_fp_reduction)).to_s project.licensed_feature_available?(:sast_fp_reduction).to_s
end end
def can_update_security_orchestration_policy_project?(project) def can_update_security_orchestration_policy_project?(project)
......
...@@ -28,7 +28,7 @@ module Groups::SecurityFeaturesHelper ...@@ -28,7 +28,7 @@ module Groups::SecurityFeaturesHelper
scanners: VulnerabilityScanners::ListService.new(group).execute.to_json, scanners: VulnerabilityScanners::ListService.new(group).execute.to_json,
can_admin_vulnerability: can?(current_user, :admin_vulnerability, group).to_s, can_admin_vulnerability: can?(current_user, :admin_vulnerability, group).to_s,
false_positive_doc_url: help_page_path('user/application_security/vulnerabilities/index'), false_positive_doc_url: help_page_path('user/application_security/vulnerabilities/index'),
can_view_false_positive: (::Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && group.licensed_feature_available?(:sast_fp_reduction)).to_s can_view_false_positive: group.licensed_feature_available?(:sast_fp_reduction).to_s
} }
end end
end end
...@@ -19,7 +19,7 @@ module SecurityHelper ...@@ -19,7 +19,7 @@ module SecurityHelper
end end
def can_view_false_positive? def can_view_false_positive?
(::Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && ::License.feature_available?(:sast_fp_reduction)).to_s ::License.feature_available?(:sast_fp_reduction).to_s
end end
def security_dashboard_unavailable_view_data def security_dashboard_unavailable_view_data
......
...@@ -62,7 +62,7 @@ class Vulnerabilities::FindingEntity < Grape::Entity ...@@ -62,7 +62,7 @@ class Vulnerabilities::FindingEntity < Grape::Entity
def expose_false_positive? def expose_false_positive?
project = occurrence.project project = occurrence.project
::Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && project.licensed_feature_available?(:sast_fp_reduction) project.licensed_feature_available?(:sast_fp_reduction)
end end
end end
......
...@@ -61,7 +61,7 @@ module Security ...@@ -61,7 +61,7 @@ module Security
update_vulnerabilities_identifiers update_vulnerabilities_identifiers
update_vulnerabilities_finding_identifiers update_vulnerabilities_finding_identifiers
if ::Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && project.licensed_feature_available?(:sast_fp_reduction) if project.licensed_feature_available?(:sast_fp_reduction)
create_vulnerability_flags_info create_vulnerability_flags_info
end end
......
...@@ -24,7 +24,7 @@ ...@@ -24,7 +24,7 @@
commit_path_template: commit_path_template(project), commit_path_template: commit_path_template(project),
can_admin_vulnerability: can?(current_user, :admin_vulnerability, project).to_s, can_admin_vulnerability: can?(current_user, :admin_vulnerability, project).to_s,
false_positive_doc_url: help_page_path('user/application_security/vulnerabilities/index'), false_positive_doc_url: help_page_path('user/application_security/vulnerabilities/index'),
can_view_false_positive: (::Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && project.licensed_feature_available?(:sast_fp_reduction)).to_s, can_view_false_positive: project.licensed_feature_available?(:sast_fp_reduction).to_s,
security_report_help_page_link: help_page_path('user/application_security/index', anchor: 'security-report-validation') } } security_report_help_page_link: help_page_path('user/application_security/index', anchor: 'security-report-validation') } }
- if pipeline.expose_license_scanning_data? - if pipeline.expose_license_scanning_data?
......
...@@ -7,5 +7,5 @@ ...@@ -7,5 +7,5 @@
#js-vulnerability-main{ data: { vulnerability: vulnerability_details_json(@vulnerability, @pipeline), #js-vulnerability-main{ data: { vulnerability: vulnerability_details_json(@vulnerability, @pipeline),
false_positive_doc_url: help_page_path('user/application_security/vulnerabilities/index'), false_positive_doc_url: help_page_path('user/application_security/vulnerabilities/index'),
can_view_false_positive: (::Feature.enabled?(:vulnerability_flags, default_enabled: :yaml) && @project.licensed_feature_available?(:sast_fp_reduction)).to_s, can_view_false_positive: @project.licensed_feature_available?(:sast_fp_reduction).to_s,
commit_path_template: commit_path_template(@project) } } commit_path_template: commit_path_template(@project) } }
...@@ -154,16 +154,6 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do ...@@ -154,16 +154,6 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do
expect(subject.findings).to all(have_attributes(vulnerability_flags: be_empty)) expect(subject.findings).to all(have_attributes(vulnerability_flags: be_empty))
end end
context 'with vulnerability_flags FF disabled' do
before do
stub_feature_flags(vulnerability_flags: false)
end
it 'does not include findings with false-positive' do
expect(subject.findings).to all(have_attributes(vulnerability_flags: be_empty))
end
end
end end
end end
......
...@@ -86,17 +86,5 @@ RSpec.describe GitlabSchema.types['PipelineSecurityReportFinding'] do ...@@ -86,17 +86,5 @@ RSpec.describe GitlabSchema.types['PipelineSecurityReportFinding'] do
expect(vulnerabilities.first['falsePositive']).to be_nil expect(vulnerabilities.first['falsePositive']).to be_nil
end end
end end
context 'when vulnerability_flags FF has been disabled' do
before do
stub_feature_flags(vulnerability_flags: false)
end
it 'returns nil for false-positive field' do
vulnerabilities = subject.dig('data', 'project', 'pipeline', 'securityReportFindings', 'nodes')
expect(vulnerabilities.first['falsePositive']).to be_nil
end
end
end end
end end
...@@ -159,18 +159,6 @@ RSpec.describe GitlabSchema.types['Vulnerability'] do ...@@ -159,18 +159,6 @@ RSpec.describe GitlabSchema.types['Vulnerability'] do
expect(vulnerabilities.first['falsePositive']).to be(false) expect(vulnerabilities.first['falsePositive']).to be(false)
end end
end end
context 'when vulnerability_flags FF has been disabled' do
before do
stub_feature_flags(vulnerability_flags: false)
end
it 'returns nil' do
vulnerabilities = subject.dig('data', 'project', 'vulnerabilities', 'nodes')
expect(vulnerabilities.first['falsePositive']).to be_nil
end
end
end end
describe '#description' do describe '#description' do
......
...@@ -77,12 +77,6 @@ RSpec.describe Vulnerabilities::FindingEntity do ...@@ -77,12 +77,6 @@ RSpec.describe Vulnerabilities::FindingEntity do
expect(subject[:false_positive]).to be(true) expect(subject[:false_positive]).to be(true)
end end
it 'does not contain false_positive field if feature_flag is disabled' do
stub_feature_flags(vulnerability_flags: false)
expect(subject).not_to include(:false_positive)
end
it 'does not contain false_positive field if license is not available' do it 'does not contain false_positive field if license is not available' do
stub_licensed_features(sast_fp_reduction: false) stub_licensed_features(sast_fp_reduction: false)
......
...@@ -81,22 +81,6 @@ RSpec.describe Security::StoreReportService, '#execute', :snowplow do ...@@ -81,22 +81,6 @@ RSpec.describe Security::StoreReportService, '#execute', :snowplow do
) )
end end
end end
context 'with vulnerability_flags disabled' do
before do
stub_feature_flags(vulnerability_flags: false)
end
it 'does not insert any vulnerability flag' do
expect { subject }.to change { Vulnerabilities::Flag.count }.by(0)
end
it 'does not track a snowplow event' do
subject
expect_no_snowplow_event
end
end
end end
it 'inserts all finding links' do it 'inserts all finding links' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment