Merge branch 'secure-remove-deprecated-mr-widget-code' into 'master'

Delete inaccessible Security Report Code

See merge request gitlab-org/gitlab!22153

ee/app/assets/javascripts/vue_merge_request_widget/mr_widget_options.vue

@@ -72,10 +72,8 @@ export default {
     },
     shouldRenderSecurityReport() {
       return (
-        (this.mr.sast && this.mr.sast.head_path) ||
-        (this.mr.sastContainer && this.mr.sastContainer.head_path) ||
-        (this.mr.dast && this.mr.dast.head_path) ||
-        (this.mr.dependencyScanning && this.mr.dependencyScanning.head_path)
+        this.mr.enabledSecurityReports &&
+        Object.values(this.mr.enabledSecurityReports).some(isReportEnabled => isReportEnabled)
       );
     },
     codequalityText() {
@@ -304,17 +302,9 @@ export default {
         :target-branch="mr.targetBranch"
         :base-blob-path="mr.baseBlobPath"
         :enabled-reports="mr.enabledSecurityReports"
-        :sast-head-path="mr.sast.head_path"
-        :sast-base-path="mr.sast.base_path"
         :sast-help-path="mr.sastHelp"
-        :dast-head-path="mr.dast.head_path"
-        :dast-base-path="mr.dast.base_path"
         :dast-help-path="mr.dastHelp"
-        :sast-container-head-path="mr.sastContainer.head_path"
-        :sast-container-base-path="mr.sastContainer.base_path"
         :sast-container-help-path="mr.sastContainerHelp"
-        :dependency-scanning-head-path="mr.dependencyScanning.head_path"
-        :dependency-scanning-base-path="mr.dependencyScanning.base_path"
         :dependency-scanning-help-path="mr.dependencyScanningHelp"
         :vulnerability-feedback-path="mr.vulnerabilityFeedbackPath"
         :vulnerability-feedback-help-path="mr.vulnerabilityFeedbackHelpPath"

ee/app/assets/javascripts/vue_merge_request_widget/stores/mr_widget_store.js

@@ -10,10 +10,6 @@ export default class MergeRequestStore extends CEMergeRequestStore {
     const blobPath = data.blob_path || {};
     this.headBlobPath = blobPath.head_path || '';
     this.baseBlobPath = blobPath.base_path || '';
-    this.sast = data.sast || {};
-    this.sastContainer = data.sast_container || {};
-    this.dast = data.dast || {};
-    this.dependencyScanning = data.dependency_scanning || {};
     this.sastHelp = data.sast_help_path;
     this.sastContainerHelp = data.sast_container_help_path;
     this.dastHelp = data.dast_help_path;

ee/app/assets/javascripts/vue_shared/security_reports/grouped_security_reports_app.vue

@@ -46,46 +46,6 @@ export default {
       required: false,
       default: null,
     },
-    sastHeadPath: {
-      type: String,
-      required: false,
-      default: null,
-    },
-    sastBasePath: {
-      type: String,
-      required: false,
-      default: null,
-    },
-    dastHeadPath: {
-      type: String,
-      required: false,
-      default: null,
-    },
-    dastBasePath: {
-      type: String,
-      required: false,
-      default: null,
-    },
-    sastContainerHeadPath: {
-      type: String,
-      required: false,
-      default: null,
-    },
-    sastContainerBasePath: {
-      type: String,
-      required: false,
-      default: null,
-    },
-    dependencyScanningHeadPath: {
-      type: String,
-      required: false,
-      default: null,
-    },
-    dependencyScanningBasePath: {
-      type: String,
-      required: false,
-      default: null,
-    },
     sastHelpPath: {
       type: String,
       required: false,
@@ -182,21 +142,16 @@ export default {
       return `${this.pipelinePath}/security`;
     },
     hasContainerScanningReports() {
-      const type = 'containerScanning';
-      if (this.isMergeRequestReportApiEnabled(type)) {
-        return this.enabledReports[type];
-      }
-      const { head, diffEndpoint } = this.sastContainer.paths;
-      return Boolean(head || diffEndpoint);
+      return this.enabledReports.containerScanning;
     },
     hasDependencyScanningReports() {
-      return this.hasReportsType('dependencyScanning');
+      return this.enabledReports.dependencyScanning;
     },
     hasDastReports() {
-      return this.hasReportsType('dast');
+      return this.enabledReports.dast;
     },
     hasSastReports() {
-      return this.hasReportsType('sast');
+      return this.enabledReports.sast;
     },
     subHeadingText() {
       const mrDivergedCommitsCount =
@@ -236,70 +191,36 @@ export default {
     this.setCanCreateIssuePermission(this.canCreateIssue);
     this.setCanCreateFeedbackPermission(this.canCreateFeedback);
 
-    const sastDiffEndpoint = gl && gl.mrWidgetData && gl.mrWidgetData.sast_comparison_path;
+    // eslint-disable-next-line camelcase
+    const sastDiffEndpoint = gl?.mrWidgetData?.sast_comparison_path;
 
-    if (this.isMergeRequestReportApiEnabled('sast') && sastDiffEndpoint && this.hasSastReports) {
+    if (sastDiffEndpoint && this.hasSastReports) {
       this.setSastDiffEndpoint(sastDiffEndpoint);
       this.fetchSastDiff();
-    } else if (this.sastHeadPath) {
-      this.setSastHeadPath(this.sastHeadPath);
-
-      if (this.sastBasePath) {
-        this.setSastBasePath(this.sastBasePath);
-      }
-      this.fetchSastReports();
     }
 
-    const sastContainerDiffEndpoint =
-      gl && gl.mrWidgetData && gl.mrWidgetData.container_scanning_comparison_path;
+    // eslint-disable-next-line camelcase
+    const containerScanningDiffEndpoint = gl?.mrWidgetData?.container_scanning_comparison_path;
 
-    if (
-      this.isMergeRequestReportApiEnabled('containerScanning') &&
-      sastContainerDiffEndpoint &&
-      this.hasContainerScanningReports
-    ) {
-      this.setSastContainerDiffEndpoint(sastContainerDiffEndpoint);
+    if (containerScanningDiffEndpoint && this.hasContainerScanningReports) {
+      this.setSastContainerDiffEndpoint(containerScanningDiffEndpoint);
       this.fetchSastContainerDiff();
-    } else if (this.sastContainerHeadPath) {
-      this.setSastContainerHeadPath(this.sastContainerHeadPath);
-
-      if (this.sastContainerBasePath) {
-        this.setSastContainerBasePath(this.sastContainerBasePath);
-      }
-      this.fetchSastContainerReports();
     }
 
-    const dastDiffEndpoint = gl && gl.mrWidgetData && gl.mrWidgetData.dast_comparison_path;
+    // eslint-disable-next-line camelcase
+    const dastDiffEndpoint = gl?.mrWidgetData?.dast_comparison_path;
 
-    if (this.isMergeRequestReportApiEnabled('dast') && dastDiffEndpoint && this.hasDastReports) {
+    if (dastDiffEndpoint && this.hasDastReports) {
       this.setDastDiffEndpoint(dastDiffEndpoint);
       this.fetchDastDiff();
-    } else if (this.dastHeadPath) {
-      this.setDastHeadPath(this.dastHeadPath);
-
-      if (this.dastBasePath) {
-        this.setDastBasePath(this.dastBasePath);
-      }
-      this.fetchDastReports();
     }
 
-    const dependencyScanningDiffEndpoint =
-      gl && gl.mrWidgetData && gl.mrWidgetData.dependency_scanning_comparison_path;
+    // eslint-disable-next-line camelcase
+    const dependencyScanningDiffEndpoint = gl?.mrWidgetData?.dependency_scanning_comparison_path;
 
-    if (
-      this.isMergeRequestReportApiEnabled('dependencyScanning') &&
-      dependencyScanningDiffEndpoint &&
-      this.hasDependencyScanningReports
-    ) {
+    if (dependencyScanningDiffEndpoint && this.hasDependencyScanningReports) {
       this.setDependencyScanningDiffEndpoint(dependencyScanningDiffEndpoint);
       this.fetchDependencyScanningDiff();
-    } else if (this.dependencyScanningHeadPath) {
-      this.setDependencyScanningHeadPath(this.dependencyScanningHeadPath);
-
-      if (this.dependencyScanningBasePath) {
-        this.setDependencyScanningBasePath(this.dependencyScanningBasePath);
-      }
-      this.fetchDependencyScanningReports();
     }
   },
   methods: {
@@ -308,15 +229,6 @@ export default {
       'setHeadBlobPath',
       'setBaseBlobPath',
       'setSourceBranch',
-      'setSastContainerHeadPath',
-      'setSastContainerBasePath',
-      'setDastHeadPath',
-      'setDastBasePath',
-      'setDependencyScanningHeadPath',
-      'setDependencyScanningBasePath',
-      'fetchSastContainerReports',
-      'fetchDastReports',
-      'fetchDependencyScanningReports',
       'setVulnerabilityFeedbackPath',
       'setVulnerabilityFeedbackHelpPath',
       'setCreateVulnerabilityFeedbackIssuePath',
@@ -344,22 +256,9 @@ export default {
       'setDastDiffEndpoint',
     ]),
     ...mapActions('sast', {
-      setSastHeadPath: 'setHeadPath',
-      setSastBasePath: 'setBasePath',
       setSastDiffEndpoint: 'setDiffEndpoint',
-      fetchSastReports: 'fetchReports',
       fetchSastDiff: 'fetchDiff',
     }),
-    isMergeRequestReportApiEnabled(type) {
-      return Boolean(this.glFeatures[`${type}MergeRequestReportApi`]);
-    },
-    hasReportsType(type) {
-      if (this.isMergeRequestReportApiEnabled(type)) {
-        return this.enabledReports[type];
-      }
-      const { head, diffEndpoint } = this[type].paths;
-      return Boolean(head || diffEndpoint);
-    },
   },
 };
 </script>

ee/app/assets/javascripts/vue_shared/security_reports/store/getters.js

@@ -119,10 +119,10 @@ export const anyReportHasError = state =>
   state.dependencyScanning.hasError;
 
 export const noBaseInAllReports = state =>
-  !state.sast.paths.base &&
-  !state.dast.paths.base &&
-  !state.sastContainer.paths.base &&
-  !state.dependencyScanning.paths.base;
+  !state.sast.hasBaseReport &&
+  !state.dast.hasBaseReport &&
+  !state.sastContainer.hasBaseReport &&
+  !state.dependencyScanning.hasBaseReport;
 
 export const anyReportHasIssues = state =>
   state.sast.newIssues.length > 0 ||

ee/app/assets/javascripts/vue_shared/security_reports/store/modules/sast/mutations.js

@@ -62,12 +62,14 @@ export default {
   [types.RECEIVE_DIFF_SUCCESS](state, { diff, enrichData }) {
     const { added, fixed, existing } = parseDiff(diff, enrichData);
     const baseReportOutofDate = diff.base_report_out_of_date || false;
+    const hasBaseReport = Boolean(diff.base_report_created_at);
 
     state.isLoading = false;
     state.newIssues = added;
     state.resolvedIssues = fixed;
     state.allIssues = existing;
     state.baseReportOutofDate = baseReportOutofDate;
+    state.hasBaseReport = hasBaseReport;
   },
 
   [types.RECEIVE_DIFF_ERROR](state) {

ee/app/assets/javascripts/vue_shared/security_reports/store/modules/sast/state.js

@@ -12,4 +12,5 @@ export default () => ({
   resolvedIssues: [],
   allIssues: [],
   baseReportOutofDate: false,
+  hasBaseReport: false,
 });

ee/app/assets/javascripts/vue_shared/security_reports/store/mutations.js

@@ -109,12 +109,14 @@ export default {
   [types.RECEIVE_SAST_CONTAINER_DIFF_SUCCESS](state, { diff, enrichData }) {
     const { added, fixed, existing } = parseDiff(diff, enrichData);
     const baseReportOutofDate = diff.base_report_out_of_date || false;
+    const hasBaseReport = Boolean(diff.base_report_created_at);
 
     Vue.set(state.sastContainer, 'isLoading', false);
     Vue.set(state.sastContainer, 'newIssues', added);
     Vue.set(state.sastContainer, 'resolvedIssues', fixed);
     Vue.set(state.sastContainer, 'allIssues', existing);
     Vue.set(state.sastContainer, 'baseReportOutofDate', baseReportOutofDate);
+    Vue.set(state.sastContainer, 'hasBaseReport', hasBaseReport);
   },
 
   [types.RECEIVE_SAST_CONTAINER_DIFF_ERROR](state) {
@@ -167,12 +169,14 @@ export default {
   [types.RECEIVE_DAST_DIFF_SUCCESS](state, { diff, enrichData }) {
     const { added, fixed, existing } = parseDiff(diff, enrichData);
     const baseReportOutofDate = diff.base_report_out_of_date || false;
+    const hasBaseReport = Boolean(diff.base_report_created_at);
 
     Vue.set(state.dast, 'isLoading', false);
     Vue.set(state.dast, 'newIssues', added);
     Vue.set(state.dast, 'resolvedIssues', fixed);
     Vue.set(state.dast, 'allIssues', existing);
     Vue.set(state.dast, 'baseReportOutofDate', baseReportOutofDate);
+    Vue.set(state.dast, 'hasBaseReport', hasBaseReport);
   },
 
   [types.RECEIVE_DAST_DIFF_ERROR](state) {
@@ -256,12 +260,14 @@ export default {
   [types.RECEIVE_DEPENDENCY_SCANNING_DIFF_SUCCESS](state, { diff, enrichData }) {
     const { added, fixed, existing } = parseDiff(diff, enrichData);
     const baseReportOutofDate = diff.base_report_out_of_date || false;
+    const hasBaseReport = Boolean(diff.base_report_created_at);
 
     Vue.set(state.dependencyScanning, 'isLoading', false);
     Vue.set(state.dependencyScanning, 'newIssues', added);
     Vue.set(state.dependencyScanning, 'resolvedIssues', fixed);
     Vue.set(state.dependencyScanning, 'allIssues', existing);
     Vue.set(state.dependencyScanning, 'baseReportOutofDate', baseReportOutofDate);
+    Vue.set(state.dependencyScanning, 'hasBaseReport', hasBaseReport);
   },
 
   [types.RECEIVE_DEPENDENCY_SCANNING_DIFF_ERROR](state) {

ee/app/assets/javascripts/vue_shared/security_reports/store/state.js

@@ -29,6 +29,7 @@ export default () => ({
     newIssues: [],
     resolvedIssues: [],
     baseReportOutofDate: false,
+    hasBaseReport: false,
   },
   dast: {
     paths: {
@@ -43,6 +44,7 @@ export default () => ({
     newIssues: [],
     resolvedIssues: [],
     baseReportOutofDate: false,
+    hasBaseReport: false,
   },
 
   dependencyScanning: {
@@ -59,6 +61,7 @@ export default () => ({
     resolvedIssues: [],
     allIssues: [],
     baseReportOutofDate: false,
+    hasBaseReport: false,
   },
 
   modal: {

ee/spec/frontend/vue_shared/security_reports/store/getters_spec.js

@@ -525,8 +525,8 @@ describe('Security reports getters', () => {
       expect(noBaseInAllReports(state)).toEqual(true);
     });
 
-    it('returns false when any of the reports has base', () => {
-      state.dast.paths.base = BASE_PATH;
+    it('returns false when any of the reports has a base', () => {
+      state.dast.hasBaseReport = true;
 
       expect(noBaseInAllReports(state)).toEqual(false);
     });

ee/spec/javascripts/vue_mr_widget/mock_data.js

@@ -11,9 +11,9 @@ export default Object.assign({}, mockData, {
   },
   vulnerability_feedback_help_path: '/help/user/application_security/index',
   enabled_reports: {
-    sast: true,
+    sast: false,
     container_scanning: false,
-    dast: true,
+    dast: false,
     dependency_scanning: false,
     license_management: true,
   },

ee/spec/javascripts/vue_shared/security_reports/mock_data.js

@@ -4,37 +4,22 @@ import * as mockData from '../../../frontend/vue_shared/security_reports/mock_da
 // https://gitlab.com/gitlab-org/gitlab/merge_requests/10466#note_156218753
 
 export const {
-  allIssuesParsed,
-  baseIssues,
   containerScanningFeedbacks,
   dast,
   dastBase,
   dastFeedbacks,
   dependencyScanningFeedbacks,
-  dependencyScanningIssues,
-  dependencyScanningIssuesBase,
-  dependencyScanningIssuesMajor2,
-  dependencyScanningIssuesOld,
   dockerBaseReport,
-  dockerNewIssues,
-  dockerOnlyHeadParsed,
   dockerReport,
   dockerReportParsed,
-  oldSastIssues,
   parsedDast,
-  parsedDastNewIssues,
-  parsedDependencyScanningBaseStore,
-  parsedDependencyScanningIssuesHead,
-  parsedDependencyScanningIssuesStore,
-  parsedSastBaseStore,
-  parsedSastContainerBaseStore,
-  parsedSastIssuesHead,
-  parsedSastIssuesStore,
-  sastBaseAllIssues,
   sastFeedbacks,
-  sastHeadAllIssues,
   sastIssues,
   sastIssuesBase,
-  sastIssuesMajor2,
   sastParsedIssues,
+  mockFindings,
+  sastDiffSuccessMock,
+  dastDiffSuccessMock,
+  containerScanningDiffSuccessMock,
+  dependencyScanningDiffSuccessMock,
 } = mockData;