diff --git a/ee/app/models/vulnerability.rb b/ee/app/models/vulnerability.rb index a2a4f3eae8750aa8c32f2a3b7752e1d0872b5e8e..cb80a8c3fbe1fa37ceb538dc395a4193ed051513 100644 --- a/ee/app/models/vulnerability.rb +++ b/ee/app/models/vulnerability.rb @@ -141,23 +141,6 @@ class Vulnerability < ApplicationRecord true end - def resolved_on_default_branch - return false unless findings.any? - - # We can't just use project.latest_successful_pipeline_for_default_branch - # because there's no guarantee that it actually ran the security jobs - # See https://gitlab.com/gitlab-org/gitlab/-/issues/218012 - latest_successful_pipeline = project - .latest_pipeline_with_security_reports(only_successful: true) - - # Technically this shouldn't ever happen. - # If an vulnerability was discovered, then we must have ran a scan of the - # appropriate type at least once. - return false unless latest_successful_pipeline - - finding.pipelines.exclude?(latest_successful_pipeline) - end - def user_notes_count user_notes_count_service.count end diff --git a/ee/spec/models/vulnerability_spec.rb b/ee/spec/models/vulnerability_spec.rb index 87cdf3da5c416b8e3b11183eb39118161005c9c7..259e9bccc6e597bc4c13bd2bcb22ce5dd96860ba 100644 --- a/ee/spec/models/vulnerability_spec.rb +++ b/ee/spec/models/vulnerability_spec.rb @@ -249,38 +249,6 @@ RSpec.describe Vulnerability do it { is_expected.to delegate_method(:name).to(:group).with_prefix.allow_nil } end - describe '#resolved_on_default_branch' do - let_it_be(:project) { create(:project, :repository, :with_vulnerability) } - let_it_be(:pipeline_with_vulnerability) { create(:ee_ci_pipeline, :success, :with_sast_report, project: project, sha: project.commit.id) } - let_it_be(:vulnerability) { project.vulnerabilities.first } - let_it_be(:finding1) { create(:vulnerabilities_occurrence, vulnerability: vulnerability, pipelines: [pipeline_with_vulnerability]) } - let_it_be(:finding2) { create(:vulnerabilities_occurrence, vulnerability: vulnerability, pipelines: [pipeline_with_vulnerability]) } - - subject { vulnerability.resolved_on_default_branch } - - context 'Vulnerability::Finding is present on the pipeline for default branch' do - it { is_expected.to eq(false) } - - context 'but pipeline is failed' do - let!(:unsucessful_pipeline_with_vulnerability) { create(:ee_ci_pipeline, :with_sast_report, :failed, project: project, sha: project.commit.id) } - - it { is_expected.to eq(false) } - end - end - - context 'Vulnerability::Finding is not present on the latest pipeline without security job' do - let!(:pipeline_without_security_job) { create(:ee_ci_pipeline, :success, project: project, sha: project.commit.id) } - - it { is_expected.to eq(false) } - end - - context 'Vulnerability::Finding is not present on the pipeline for default branch' do - let!(:pipeline_without_vulnerability) { create(:ee_ci_pipeline, :success, :with_sast_report, project: project, sha: project.commit.id) } - - it { is_expected.to eq(true) } - end - end - describe '#resource_parent' do let(:vulnerability) { build(:vulnerability) }