Merge branch 'add-enum-vuln-concern' into 'master'

refactor: Extract vulnerability enums into concern [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!49865

Merge branch 'add-enum-vuln-concern' into 'master'
refactor: Extract vulnerability enums into concern [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!49865
b6854212 · Douglas Barbosa Alexandre · 0a234010 · 94ee37f1 · b6854212 · b6854212
Commit b6854212 authored Dec 17, 2020 by Douglas Barbosa Alexandre
33 changed files
--- a/app/models/concerns/enums/vulnerability.rb
+++ b/app/models/concerns/enums/vulnerability.rb
+# frozen_string_literal: true
+module Enums
+  module Vulnerability
+    CONFIDENCE_LEVELS = {
+      # undefined: 0, no longer applicable
+      ignore: 1,
+      unknown: 2,
+      experimental: 3,
+      low: 4,
+      medium: 5,
+      high: 6,
+      confirmed: 7
+    }.with_indifferent_access.freeze
+    REPORT_TYPES = {
+      sast: 0,
+      secret_detection: 4
+    }.with_indifferent_access.freeze
+    SEVERITY_LEVELS = {
+      # undefined: 0, no longer applicable
+      info: 1,
+      unknown: 2,
+      # experimental: 3, formerly used by confidence, no longer applicable
+      low: 4,
+      medium: 5,
+      high: 6,
+      critical: 7
+    }.with_indifferent_access.freeze
+    def self.confidence_levels
+      CONFIDENCE_LEVELS
+    end
+    def self.report_types
+      REPORT_TYPES
+    end
+    def self.severity_levels
+      SEVERITY_LEVELS
+    end
+  end
+end
+Enums::Vulnerability.prepend_if_ee('EE::Enums::Vulnerability')
--- a/ee/app/graphql/representation/vulnerability_scanner_entry.rb
+++ b/ee/app/graphql/representation/vulnerability_scanner_entry.rb
@@ -11,7 +11,7 @@ module Representation
    attr_reader :raw_entry
    def report_type
-      ::Vulnerabilities::Finding::REPORT_TYPES.key(@report_type) || @report_type
+      ::Enums::Vulnerability.report_types.key(@report_type) || @report_type
    end
    def ==(other)

--- a/ee/app/graphql/resolvers/vulnerabilities_count_per_day_resolver.rb
+++ b/ee/app/graphql/resolvers/vulnerabilities_count_per_day_resolver.rb
@@ -25,7 +25,7 @@ module Resolvers
    private
    def generate_missing_dates(calendar_entries, start_date, end_date)
-      severities = ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys
+      severities = ::Enums::Vulnerability.severity_levels.keys
      (start_date..end_date)
        .each_with_object({}) { |date, result| result[date] = build_calendar_entry(date, calendar_entries[date], result[date - 1.day]) }
        .values

--- a/ee/app/graphql/types/security_report_summary_type.rb
+++ b/ee/app/graphql/types/security_report_summary_type.rb
@@ -6,7 +6,7 @@ module Types
    graphql_name 'SecurityReportSummary'
    description 'Represents summary of a security report'
-    ::Vulnerabilities::Finding::REPORT_TYPES.keys.each do |report_type|
+    ::Enums::Vulnerability.report_types.keys.each do |report_type|
      field report_type, ::Types::SecurityReportSummarySectionType, null: true,
            description: "Aggregated counts for the #{report_type} scan"
    end

--- a/ee/app/graphql/types/vulnerabilities_count_by_day_type.rb
+++ b/ee/app/graphql/types/vulnerabilities_count_by_day_type.rb
@@ -12,7 +12,7 @@ module Types
    field :total, GraphQL::INT_TYPE, null: false,
          description: 'Total number of vulnerabilities on a particular day'
-    ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.each do |severity|
+    ::Enums::Vulnerability.severity_levels.keys.each do |severity|
      field severity.to_s, GraphQL::INT_TYPE, null: false,
            description: "Total number of vulnerabilities on a particular day with #{severity} severity"
    end

--- a/ee/app/graphql/types/vulnerability_location_type.rb
+++ b/ee/app/graphql/types/vulnerability_location_type.rb
@@ -29,7 +29,7 @@ module Types
      when 'coverage_fuzzing'
        VulnerabilityLocation::CoverageFuzzingType
      else
-        raise UnexpectedReportType, "Report type must be one of #{::Vulnerabilities::Finding::REPORT_TYPES.keys}"
+        raise UnexpectedReportType, "Report type must be one of #{::Enums::Vulnerability.report_types.keys}"
      end
    end
  end

--- a/ee/app/graphql/types/vulnerability_report_type_enum.rb
+++ b/ee/app/graphql/types/vulnerability_report_type_enum.rb
@@ -5,7 +5,7 @@ module Types
    graphql_name 'VulnerabilityReportType'
    description 'The type of the security scan that found the vulnerability'
-    ::Vulnerabilities::Finding::REPORT_TYPES.keys.each do |report_type|
+    ::Enums::Vulnerability.report_types.keys.each do |report_type|
      value report_type.to_s.upcase, value: report_type.to_s
    end
  end

--- a/ee/app/graphql/types/vulnerability_severities_count_type.rb
+++ b/ee/app/graphql/types/vulnerability_severities_count_type.rb
@@ -6,7 +6,7 @@ module Types
    graphql_name 'VulnerabilitySeveritiesCount'
    description 'Represents vulnerability counts by severity'
-    ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.each do |severity|
+    ::Enums::Vulnerability.severity_levels.keys.each do |severity|
      field severity, GraphQL::INT_TYPE, null: true,
            description: "Number of vulnerabilities of #{severity.upcase} severity of the project"
    end

--- a/ee/app/graphql/types/vulnerability_severity_enum.rb
+++ b/ee/app/graphql/types/vulnerability_severity_enum.rb
@@ -5,7 +5,7 @@ module Types
    graphql_name 'VulnerabilitySeverity'
    description 'The severity of the vulnerability'
-    ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.each do |severity|
+    ::Enums::Vulnerability.severity_levels.keys.each do |severity|
      value severity.to_s.upcase, value: severity.to_s
    end
  end

--- a/ee/app/graphql/types/vulnerability_type.rb
+++ b/ee/app/graphql/types/vulnerability_type.rb
@@ -24,10 +24,10 @@ module Types
          description: "State of the vulnerability (#{::Vulnerability.states.keys.join(', ').upcase})"
    field :severity, VulnerabilitySeverityEnum, null: true,
-          description: "Severity of the vulnerability (#{::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.join(', ').upcase})"
+          description: "Severity of the vulnerability (#{::Enums::Vulnerability.severity_levels.keys.join(', ').upcase})"
    field :report_type, VulnerabilityReportTypeEnum, null: true,
-          description: "Type of the security report that found the vulnerability (#{::Vulnerabilities::Finding::REPORT_TYPES.keys.join(', ').upcase})"
+          description: "Type of the security report that found the vulnerability (#{::Enums::Vulnerability.report_types.keys.join(', ').upcase})"
    field :resolved_on_default_branch, GraphQL::BOOLEAN_TYPE, null: false,
          description: "Indicates whether the vulnerability is fixed on the default branch or not"

--- a/ee/app/models/concerns/ee/enums/vulnerability.rb
+++ b/ee/app/models/concerns/ee/enums/vulnerability.rb
+# frozen_string_literal: true
+module EE
+  module Enums
+    module Vulnerability
+      extend ActiveSupport::Concern
+      REPORT_TYPES = {
+        dependency_scanning: 1,
+        container_scanning: 2,
+        dast: 3,
+        coverage_fuzzing: 5,
+        api_fuzzing: 6
+      }.freeze
+      class_methods do
+        extend ::Gitlab::Utils::Override
+        override :report_types
+        def report_types
+          @report_types ||= super.merge(REPORT_TYPES).sort_by(&:last).to_h.with_indifferent_access.freeze
+        end
+      end
+    end
+  end
+end
--- a/ee/app/models/ee/vulnerability.rb
+++ b/ee/app/models/ee/vulnerability.rb
@@ -59,9 +59,9 @@ module EE
      # keep the order of the values in the state enum, it is used in state_order method to properly order vulnerabilities based on state
      # remember to recreate index_vulnerabilities_on_state_case_id index when you update or extend this enum
      enum state: { detected: 1, confirmed: 4, resolved: 3, dismissed: 2 }
-      enum severity: ::Vulnerabilities::Finding::SEVERITY_LEVELS, _prefix: :severity
+      enum severity: ::Enums::Vulnerability.severity_levels, _prefix: :severity
-      enum confidence: ::Vulnerabilities::Finding::CONFIDENCE_LEVELS, _prefix: :confidence
+      enum confidence: ::Enums::Vulnerability.confidence_levels, _prefix: :confidence
-      enum report_type: ::Vulnerabilities::Finding::REPORT_TYPES
+      enum report_type: ::Enums::Vulnerability.report_types
      validates :project, :author, :title, :severity, :confidence, :report_type, presence: true

--- a/ee/app/models/security/finding.rb
+++ b/ee/app/models/security/finding.rb
@@ -16,10 +16,8 @@ module Security
    has_one :build, through: :scan
-    # TODO: These are duplicated between this model and Vulnerabilities::Finding,
+    enum confidence: ::Enums::Vulnerability.confidence_levels, _prefix: :confidence
-    # we should create a shared module to encapculate this in one place.
+    enum severity: ::Enums::Vulnerability.severity_levels, _prefix: :severity
-    enum confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS, _prefix: :confidence
-    enum severity: Vulnerabilities::Finding::SEVERITY_LEVELS, _prefix: :severity
    validates :project_fingerprint, presence: true, length: { maximum: 40 }
    validates :position, presence: true

--- a/ee/app/models/vulnerabilities/feedback.rb
+++ b/ee/app/models/vulnerabilities/feedback.rb
@@ -15,7 +15,7 @@ module Vulnerabilities
    attr_accessor :vulnerability_data
    enum feedback_type: { dismissal: 0, issue: 1, merge_request: 2 }, _prefix: :for
-    enum category: ::Vulnerabilities::Finding::REPORT_TYPES
+    enum category: ::Enums::Vulnerability.report_types
    validates :project, presence: true
    validates :author, presence: true

--- a/ee/app/models/vulnerabilities/finding.rb
+++ b/ee/app/models/vulnerabilities/finding.rb
@@ -39,41 +39,9 @@ module Vulnerabilities
    attr_writer :sha
    attr_accessor :scan
-    CONFIDENCE_LEVELS = {
+    enum confidence: ::Enums::Vulnerability.confidence_levels, _prefix: :confidence
-      # undefined: 0, no longer applicable
+    enum report_type: ::Enums::Vulnerability.report_types
-      ignore: 1,
+    enum severity: ::Enums::Vulnerability.severity_levels, _prefix: :severity
-      unknown: 2,
-      experimental: 3,
-      low: 4,
-      medium: 5,
-      high: 6,
-      confirmed: 7
-    }.with_indifferent_access.freeze
-    SEVERITY_LEVELS = {
-      # undefined: 0, no longer applicable
-      info: 1,
-      unknown: 2,
-      # experimental: 3, formerly used by confidence, no longer applicable
-      low: 4,
-      medium: 5,
-      high: 6,
-      critical: 7
-    }.with_indifferent_access.freeze
-    REPORT_TYPES = {
-      sast: 0,
-      dependency_scanning: 1,
-      container_scanning: 2,
-      dast: 3,
-      secret_detection: 4,
-      coverage_fuzzing: 5,
-      api_fuzzing: 6
-    }.with_indifferent_access.freeze
-    enum confidence: CONFIDENCE_LEVELS, _prefix: :confidence
-    enum report_type: REPORT_TYPES
-    enum severity: SEVERITY_LEVELS, _prefix: :severity
    validates :scanner, presence: true
    validates :project, presence: true
@@ -124,7 +92,7 @@ module Vulnerabilities
    def self.counted_by_severity
      group(:severity).count.transform_keys do |severity|
-        SEVERITY_LEVELS[severity]
+        severities[severity]
      end
    end

--- a/ee/app/models/vulnerabilities/historical_statistic.rb
+++ b/ee/app/models/vulnerabilities/historical_statistic.rb
@@ -27,7 +27,7 @@ module Vulnerabilities
      select(
        arel_table[:date],
        arel_table[:total].sum.as('total'),
-        *Finding::SEVERITY_LEVELS.map { |severity, _| arel_table[severity].sum.as(severity.to_s) }
+        *::Enums::Vulnerability.severity_levels.map { |severity, _| arel_table[severity].sum.as(severity.to_s) }
      )
    end
    scope :grouped_by_date, -> (sort = :asc) do

--- a/ee/app/services/security/dependency_list_service.rb
+++ b/ee/app/services/security/dependency_list_service.rb
@@ -75,7 +75,7 @@ module Security
        level_i = dep_i.dig(:vulnerabilities, 0, :severity) || :info
        level_j = dep_j.dig(:vulnerabilities, 0, :severity) || :info
-        ::Vulnerabilities::Finding::SEVERITY_LEVELS[level_j] <=> ::Vulnerabilities::Finding::SEVERITY_LEVELS[level_i]
+        ::Enums::Vulnerability.severity_levels[level_j] <=> ::Enums::Vulnerability.severity_levels[level_i]
      end
    end
  end

--- a/ee/app/services/security/merge_reports_service.rb
+++ b/ee/app/services/security/merge_reports_service.rb
@@ -72,8 +72,8 @@ module Security
        if a_severity == b_severity
          a.compare_key <=> b.compare_key
        else
-          Vulnerabilities::Finding::SEVERITY_LEVELS[b_severity] <=>
+          ::Enums::Vulnerability.severity_levels[b_severity] <=>
-            Vulnerabilities::Finding::SEVERITY_LEVELS[a_severity]
+            ::Enums::Vulnerability.severity_levels[a_severity]
        end
      end
    end

--- a/ee/app/services/security/report_summary_service.rb
+++ b/ee/app/services/security/report_summary_service.rb
@@ -5,7 +5,7 @@ module Security
    include Gitlab::Utils::StrongMemoize
    # @param [Ci::Pipeline] pipeline
-    # @param [Hash[Symbol, Array[Symbol]] selection_information keys must be in the set of Vulnerabilities::Finding::REPORT_TYPES for example: {dast: [:scanned_resources_count, :vulnerabilities_count], container_scanning:[:vulnerabilities_count]}
+    # @param [Hash[Symbol, Array[Symbol]] selection_information keys must be in the set of Enums::Vulnerability.report_types for example: {dast: [:scanned_resources_count, :vulnerabilities_count], container_scanning:[:vulnerabilities_count]}
    def initialize(pipeline, selection_information)
      @pipeline = pipeline
      @selection_information = selection_information

--- a/ee/app/services/security/scanned_resources_counting_service.rb
+++ b/ee/app/services/security/scanned_resources_counting_service.rb
@@ -6,7 +6,7 @@ module Security
  #
  class ScannedResourcesCountingService
    # @param [Ci::Pipeline] pipeline
-    # @param Array[Symbol] report_types Summary report types. Valid values are members of Vulnerabilities::Finding::REPORT_TYPES
+    # @param Array[Symbol] report_types Summary report types. Valid values are members of Enums::Vulnerability.report_types
    def initialize(pipeline, report_types)
      @pipeline = pipeline
      @report_types = report_types

--- a/ee/app/services/security/scanned_resources_service.rb
+++ b/ee/app/services/security/scanned_resources_service.rb
@@ -6,7 +6,7 @@ module Security
  #
  class ScannedResourcesService
    # @param [Ci::Pipeline] pipeline
-    # @param Array[Symbol] report_types Summary report types. Valid values are members of Vulnerabilities::Finding::REPORT_TYPES
+    # @param Array[Symbol] report_types Summary report types. Valid values are members of Enums::Vulnerability.report_types
    # @param [Int] The maximum number of scanned resources to return
    def initialize(pipeline, report_types, limit = nil)
      @pipeline = pipeline

--- a/ee/app/services/security/vulnerability_counting_service.rb
+++ b/ee/app/services/security/vulnerability_counting_service.rb
@@ -6,7 +6,7 @@ module Security
  #
  class VulnerabilityCountingService
    # @param [Ci::Pipeline] pipeline
-    # @param Array[String] report_types Summary report types. Valid values are members of Vulnerabilities::Finding::REPORT_TYPES
+    # @param Array[String] report_types Summary report types. Valid values are members of Enums::Vulnerability.report_types
    def initialize(pipeline, report_types)
      @pipeline = pipeline
      @report_types = report_types

--- a/ee/db/fixtures/development/20_vulnerabilities.rb
+++ b/ee/db/fixtures/development/20_vulnerabilities.rb
@@ -128,15 +128,15 @@ class Gitlab::Seeder::Vulnerabilities
  end
  def random_confidence_level
-    ::Vulnerabilities::Finding::CONFIDENCE_LEVELS.keys.sample
+    ::Enums::Vulnerability.confidence_levels.keys.sample
  end
  def random_severity_level
-    ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.sample
+    ::Enums::Vulnerability.severity_levels.keys.sample
  end
  def random_report_type
-    ::Vulnerabilities::Finding::REPORT_TYPES.keys.sample
+    ::Enums::Vulnerability.report_types.keys.sample
  end
  def metadata(line)

--- a/ee/lib/gitlab/ci/parsers/security/common.rb
+++ b/ee/lib/gitlab/ci/parsers/security/common.rb
@@ -136,13 +136,13 @@ module Gitlab
          end
          def parse_severity_level(input)
-            return input if ::Vulnerabilities::Finding::SEVERITY_LEVELS.key?(input)
+            return input if ::Enums::Vulnerability.severity_levels.key?(input)
            'unknown'
          end
          def parse_confidence_level(input)
-            return input if ::Vulnerabilities::Finding::CONFIDENCE_LEVELS.key?(input)
+            return input if ::Enums::Vulnerability.confidence_levels.key?(input)
            'unknown'
          end

--- a/ee/spec/factories/vulnerabilities.rb
+++ b/ee/spec/factories/vulnerabilities.rb
@@ -46,13 +46,13 @@ FactoryBot.define do
      severity { :low }
    end
-    ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.each do |severity_level|
+    ::Enums::Vulnerability.severity_levels.keys.each do |severity_level|
      trait severity_level do
        severity { severity_level }
      end
    end
-    ::Vulnerabilities::Finding::REPORT_TYPES.keys.each do |report_type|
+    ::Enums::Vulnerability.report_types.keys.each do |report_type|
      trait report_type do
        report_type { report_type }
      end

--- a/ee/spec/factories/vulnerabilities/findings.rb
+++ b/ee/spec/factories/vulnerabilities/findings.rb
@@ -237,7 +237,7 @@ FactoryBot.define do
      end
    end
-    ::Vulnerabilities::Finding::REPORT_TYPES.keys.each do |security_report_type|
+    ::Enums::Vulnerability.report_types.keys.each do |security_report_type|
      trait security_report_type do
        report_type { security_report_type }
      end

--- a/ee/spec/graphql/types/vulnerability_severities_count_type_spec.rb
+++ b/ee/spec/graphql/types/vulnerability_severities_count_type_spec.rb
@@ -4,7 +4,7 @@ require 'spec_helper'
 RSpec.describe GitlabSchema.types['VulnerabilitySeveritiesCount'] do
  let_it_be(:fields) do
-    ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys
+    ::Enums::Vulnerability.severity_levels.keys
  end
  it { expect(described_class).to have_graphql_fields(fields) }

--- a/ee/spec/lib/ee/gitlab/background_migration/update_vulnerabilities_from_dismissal_feedback_spec.rb
+++ b/ee/spec/lib/ee/gitlab/background_migration/update_vulnerabilities_from_dismissal_feedback_spec.rb
@@ -13,9 +13,9 @@ RSpec.describe Gitlab::BackgroundMigration::UpdateVulnerabilitiesFromDismissalFe
  let(:feedback) { table(:vulnerability_feedback) }
  let(:namespaces) { table(:namespaces)}
-  let(:severity) { Vulnerabilities::Finding::SEVERITY_LEVELS[:unknown] }
+  let(:severity) { ::Enums::Vulnerability.severity_levels[:unknown] }
-  let(:confidence) { Vulnerabilities::Finding::CONFIDENCE_LEVELS[:medium] }
+  let(:confidence) { ::Enums::Vulnerability.confidence_levels[:medium] }
-  let(:report_type) { Vulnerabilities::Finding::REPORT_TYPES[:sast] }
+  let(:report_type) { ::Enums::Vulnerability.report_types[:sast] }
  let!(:user) { users.create!(email: 'author@example.com', username: 'author', projects_limit: 10) }
  let!(:project) { projects.create!(namespace_id: namespace.id, name: 'gitlab', path: 'gitlab') }

--- a/ee/spec/lib/ee/gitlab/background_migration/update_vulnerabilities_to_dismissed_spec.rb
+++ b/ee/spec/lib/ee/gitlab/background_migration/update_vulnerabilities_to_dismissed_spec.rb
@@ -12,9 +12,9 @@ RSpec.describe Gitlab::BackgroundMigration::UpdateVulnerabilitiesToDismissed, :m
  let(:identifiers) { table(:vulnerability_identifiers) }
  let(:feedback) { table(:vulnerability_feedback) }
-  let(:severity) { Vulnerabilities::Finding::SEVERITY_LEVELS[:unknown] }
+  let(:severity) { ::Enums::Vulnerability.severity_levels[:unknown] }
-  let(:confidence) { Vulnerabilities::Finding::CONFIDENCE_LEVELS[:medium] }
+  let(:confidence) { ::Enums::Vulnerability.confidence_levels[:medium] }
-  let(:report_type) { Vulnerabilities::Finding::REPORT_TYPES[:sast] }
+  let(:report_type) { ::Enums::Vulnerability.report_types[:sast] }
  let!(:user) { users.create!(id: 13, email: 'author@example.com', username: 'author', projects_limit: 10) }
  let!(:project) { projects.create!(id: 123, namespace_id: 12, name: 'gitlab', path: 'gitlab') }

--- a/ee/spec/lib/gitlab/ci/reports/security/vulnerability_reports_comparer_spec.rb
+++ b/ee/spec/lib/gitlab/ci/reports/security/vulnerability_reports_comparer_spec.rb
@@ -5,10 +5,10 @@ require 'spec_helper'
 RSpec.describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do
  let(:identifier) { build(:vulnerabilities_identifier) }
-  let(:base_vulnerability) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '123', confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Finding::SEVERITY_LEVELS[:critical]) }
+  let(:base_vulnerability) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '123', confidence: ::Enums::Vulnerability.confidence_levels[:high], severity: ::Enums::Vulnerability.severity_levels[:critical]) }
  let(:base_report) { build(:ci_reports_security_aggregated_reports, findings: [base_vulnerability])}
-  let(:head_vulnerability) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '123', confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Finding::SEVERITY_LEVELS[:critical]) }
+  let(:head_vulnerability) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '123', confidence: ::Enums::Vulnerability.confidence_levels[:high], severity: ::Enums::Vulnerability.severity_levels[:critical]) }
  let(:head_report) { build(:ci_reports_security_aggregated_reports, findings: [head_vulnerability])}
  before do
@@ -62,8 +62,8 @@ RSpec.describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do
      end
      context 'new vulnerabilities' do
-        let(:vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS[:medium]) }
+        let(:vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: ::Enums::Vulnerability.confidence_levels[:medium]) }
-        let(:low_vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS[:low]) }
+        let(:low_vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: ::Enums::Vulnerability.confidence_levels[:low]) }
        let(:base_report) { build(:ci_reports_security_aggregated_reports, findings: [base_vulnerability, vuln])}
        let(:head_report) { build(:ci_reports_security_aggregated_reports, findings: [head_vulnerability, vuln, low_vuln])}
@@ -75,8 +75,8 @@ RSpec.describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do
  end
  describe '#added' do
-    let(:vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Finding::SEVERITY_LEVELS[:critical]) }
+    let(:vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: ::Enums::Vulnerability.confidence_levels[:high], severity: Enums::Vulnerability.severity_levels[:critical]) }
-    let(:low_vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Finding::SEVERITY_LEVELS[:low]) }
+    let(:low_vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: ::Enums::Vulnerability.confidence_levels[:high], severity: Enums::Vulnerability.severity_levels[:low]) }
    context 'with new vulnerability' do
      let(:head_report) { build(:ci_reports_security_aggregated_reports, findings: [head_vulnerability, vuln])}
@@ -107,7 +107,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::VulnerabilityReportsComparer do
  describe '#fixed' do
    let(:vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888') }
-    let(:medium_vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS[:high], severity: Vulnerabilities::Finding::SEVERITY_LEVELS[:medium]) }
+    let(:medium_vuln) { build(:vulnerabilities_finding, report_type: :sast, identifiers: [identifier], location_fingerprint: '888', confidence: ::Enums::Vulnerability.confidence_levels[:high], severity: Enums::Vulnerability.severity_levels[:medium]) }
    context 'with fixed vulnerability' do
      let(:base_report) { build(:ci_reports_security_aggregated_reports, findings: [base_vulnerability, vuln])}

--- a/ee/spec/migrations/migrate_vulnerability_dismissal_feedback_spec.rb
+++ b/ee/spec/migrations/migrate_vulnerability_dismissal_feedback_spec.rb
@@ -16,9 +16,9 @@ RSpec.describe MigrateVulnerabilityDismissalFeedback, :migration, :sidekiq do
  let(:vulnerabilities) { table(:vulnerabilities) }
  let(:dismissed_state) { Gitlab::BackgroundMigration::UpdateVulnerabilitiesFromDismissalFeedback::VULNERABILITY_DISMISSED_STATE }
-  let(:severity) { Vulnerabilities::Finding::SEVERITY_LEVELS[:unknown] }
+  let(:severity) { ::Enums::Vulnerability.severity_levels[:unknown] }
-  let(:confidence) { Vulnerabilities::Finding::CONFIDENCE_LEVELS[:medium] }
+  let(:confidence) { ::Enums::Vulnerability.confidence_levels[:medium] }
-  let(:report_type) { Vulnerabilities::Finding::REPORT_TYPES[:sast] }
+  let(:report_type) { ::Enums::Vulnerability.report_types[:sast] }
  before do
    stub_const("#{described_class.name}::BATCH_SIZE", 1)

--- a/ee/spec/migrations/migrate_vulnerability_dismissals_spec.rb
+++ b/ee/spec/migrations/migrate_vulnerability_dismissals_spec.rb
@@ -16,9 +16,9 @@ RSpec.describe MigrateVulnerabilityDismissals, :migration, :sidekiq do
  let(:vulnerabilities) { table(:vulnerabilities) }
  let(:detected_state) {  Gitlab::BackgroundMigration::UpdateVulnerabilitiesToDismissed::VULNERABILITY_DETECTED }
-  let(:severity) { Vulnerabilities::Finding::SEVERITY_LEVELS[:unknown] }
+  let(:severity) { ::Enums::Vulnerability.severity_levels[:unknown] }
-  let(:confidence) { Vulnerabilities::Finding::CONFIDENCE_LEVELS[:medium] }
+  let(:confidence) { ::Enums::Vulnerability.confidence_levels[:medium] }
-  let(:report_type) { Vulnerabilities::Finding::REPORT_TYPES[:sast] }
+  let(:report_type) { ::Enums::Vulnerability.report_types[:sast] }
  before do
    stub_const("#{described_class.name}::BATCH_SIZE", 1)

--- a/ee/spec/models/vulnerabilities/finding_spec.rb
+++ b/ee/spec/models/vulnerabilities/finding_spec.rb
@@ -82,9 +82,9 @@ RSpec.describe Vulnerabilities::Finding do
  end
  context 'order' do
-    let!(:finding1) { create(:vulnerabilities_finding, confidence: described_class::CONFIDENCE_LEVELS[:high], severity:   described_class::SEVERITY_LEVELS[:high]) }
+    let!(:finding1) { create(:vulnerabilities_finding, confidence: ::Enums::Vulnerability.confidence_levels[:high], severity: ::Enums::Vulnerability.severity_levels[:high]) }
-    let!(:finding2) { create(:vulnerabilities_finding, confidence: described_class::CONFIDENCE_LEVELS[:medium], severity: described_class::SEVERITY_LEVELS[:critical]) }
+    let!(:finding2) { create(:vulnerabilities_finding, confidence: ::Enums::Vulnerability.confidence_levels[:medium], severity: ::Enums::Vulnerability.severity_levels[:critical]) }
-    let!(:finding3) { create(:vulnerabilities_finding, confidence: described_class::CONFIDENCE_LEVELS[:high], severity:   described_class::SEVERITY_LEVELS[:critical]) }
+    let!(:finding3) { create(:vulnerabilities_finding, confidence: ::Enums::Vulnerability.confidence_levels[:high], severity: ::Enums::Vulnerability.severity_levels[:critical]) }
    it 'orders by severity and confidence' do
      expect(described_class.all.ordered).to eq([finding3, finding2, finding1])
@@ -139,7 +139,7 @@ RSpec.describe Vulnerabilities::Finding do
    subject { described_class.by_report_types(param) }
    context 'with one param' do
-      let(:param) { Vulnerabilities::Finding::REPORT_TYPES['sast'] }
+      let(:param) { Vulnerabilities::Finding.report_types['sast'] }
      it 'returns found record' do
        is_expected.to contain_exactly(vulnerability_sast)
@@ -149,11 +149,11 @@ RSpec.describe Vulnerabilities::Finding do
    context 'with array of params' do
      let(:param) do
        [
-          Vulnerabilities::Finding::REPORT_TYPES['dependency_scanning'],
+          Vulnerabilities::Finding.report_types['dependency_scanning'],
-          Vulnerabilities::Finding::REPORT_TYPES['dast'],
+          Vulnerabilities::Finding.report_types['dast'],
-          Vulnerabilities::Finding::REPORT_TYPES['secret_detection'],
+          Vulnerabilities::Finding.report_types['secret_detection'],
-          Vulnerabilities::Finding::REPORT_TYPES['coverage_fuzzing'],
+          Vulnerabilities::Finding.report_types['coverage_fuzzing'],
-          Vulnerabilities::Finding::REPORT_TYPES['api_fuzzing']
+          Vulnerabilities::Finding.report_types['api_fuzzing']
        ]
      end
@@ -168,7 +168,7 @@ RSpec.describe Vulnerabilities::Finding do
    end
    context 'without found record' do
-      let(:param) { Vulnerabilities::Finding::REPORT_TYPES['container_scanning']}
+      let(:param) { ::Enums::Vulnerability.report_types['container_scanning']}
      it 'returns empty collection' do
        is_expected.to be_empty