Commit ac219b48 authored by Matthias Käppler's avatar Matthias Käppler

Merge branch 'remove-sort_dependency_vulnerabilities-feature-flag' into 'master'

Remove sort_dependency_vulnerabilities feature flag

See merge request gitlab-org/gitlab!65295
parents 6d35c88b b9e6510d
......@@ -55,7 +55,7 @@ module Security
when 'packager'
collection.sort_by! { |a| a[:packager] }
when 'severity'
sort_dependency_vulnerabilities_by_severity!(collection) if Feature.enabled?(:sort_dependency_vulnerabilities, @pipeline.project, default_enabled: true)
sort_dependency_vulnerabilities_by_severity!(collection)
sort_dependencies_by_severity!(collection)
else
collection.sort_by! { |a| a[:name] }
......
---
name: sort_dependency_vulnerabilities
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62983
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/332852
milestone: '14.0'
type: development
group: group::composition analysis
default_enabled: true
......@@ -110,7 +110,6 @@ RSpec.describe Security::DependencyListService do
}
end
context('when the sort_dependency_vulnerabilities feature flag is true') do
it 'returns array of data sorted by package severity level in ascending order' do
dependencies = subject.last(2).map do |dependency|
{
......@@ -132,34 +131,6 @@ RSpec.describe Security::DependencyListService do
expect(saml2js_severities).to eq(%w(critical medium unknown))
end
end
context('when the sort_dependency_vulnerabilities feature flag is false') do
# overwrite the existing findings so we can re-create the original test
let_it_be(:pipeline) { create(:ee_ci_pipeline, :with_dependency_list_report) }
let_it_be(:nokogiri_finding) { create(:vulnerabilities_finding, :detected, :with_dependency_scanning_metadata, :with_pipeline) }
let_it_be(:nokogiri_pipeline) { create(:vulnerabilities_finding_pipeline, finding: nokogiri_finding, pipeline: pipeline) }
let_it_be(:other_finding) { create(:vulnerabilities_finding, :detected, :with_dependency_scanning_metadata, package: 'saml2-js', file: 'yarn/yarn.lock', version: '1.5.0', raw_severity: 'Unknown') }
let_it_be(:other_pipeline) { create(:vulnerabilities_finding_pipeline, finding: other_finding, pipeline: pipeline) }
before do
stub_feature_flags(sort_dependency_vulnerabilities: false)
end
it 'returns array of data sorted by package severity level in descending order' do
dependencies = subject.last(2).map do |dependency|
{
name: dependency[:name],
vulnerabilities: dependency[:vulnerabilities].map do |vulnerability|
vulnerability[:severity]
end
}
end
expect(dependencies).to eq([{ name: "saml2-js", vulnerabilities: ["unknown"] },
{ name: "nokogiri", vulnerabilities: ["high"] }])
end
end
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment