Skip to content

Refactor diff_codeQuality component

Jannik Lehmann requested to merge jnnkl-refactor-inline-finding-component into master

What does this MR do and why?

This MR solves: #417438 (closed) It refactors the diff Code Quality component by adding a new component that removes duplication and redundancy from the diff_codeQuality component.

Screenshots or screen recordings

no visual changes
Screenshot_2023-07-17_at_13.03.42

How to set up and validate locally

  1. Enable this flag: #410191 (closed)
  2. Clone this repo: https://gitlab.com/jannik_lehmann/sast-inline-findings-example
  3. Recreate this MR: jannik_lehmann/sast-inline-findings-example!1 (merged)
  4. Let the Pipeline finish and see the Security findings in action
  5. Clone this repo: https://gitlab.com/jannik_lehmann/code-quality-test
  6. Recreate this MR: jannik_lehmann/code-quality-test!4 (diffs)
  7. Let the pipeline finish and see that the CodeQuality Findings are still working.
  8. Apply the patch below
  9. Go to recreated MR, see CQ and (mocked)-Security finding on same line
diff --git a/app/assets/javascripts/diffs/index.js b/app/assets/javascripts/diffs/index.js
index 621d78850dfe..8e2e8ac4829d 100644
--- a/app/assets/javascripts/diffs/index.js
+++ b/app/assets/javascripts/diffs/index.js
@@ -32,7 +32,7 @@ export default function initDiffsApp(store = notesStore) {
       return {
         endpointCoverage: dataset.endpointCoverage || '',
         endpointCodequality: dataset.endpointCodequality || '',
-        endpointSast: dataset.endpointSast || '',
+        endpointSast: 'mockedEndpoint',
         endpointUpdateUser: dataset.updateCurrentUserPath,
         projectPath: dataset.projectPath,
         helpPagePath: dataset.helpPagePath,
diff --git a/ee/app/assets/javascripts/diffs/store/actions.js b/ee/app/assets/javascripts/diffs/store/actions.js
index 3c91c1fc3482..17b36f0b1e1c 100644
--- a/ee/app/assets/javascripts/diffs/store/actions.js
+++ b/ee/app/assets/javascripts/diffs/store/actions.js
@@ -100,6 +100,21 @@ export const setGenerateTestFilePath = ({ commit }, path) =>
   commit(types.SET_GENERATE_TEST_FILE_PATH, path);
 
 export const fetchSast = ({ commit, state, dispatch }) => {
+  commit(types.SET_SAST_DATA, {
+    added: [
+      {
+        severity: 'medium',
+        description:
+          'Markup escaping disabled. This can be used with some template engines to escape\ndisabling of HTML entities, which can lead to XSS attacks.\n',
+        location: {
+          file: 'noise.rb',
+          start_line: 7,
+        },
+      },
+    ],
+    fixed: [],
+  });
+  return;
   let retryCount = 0;
   sastPoll = new Poll({
     resource: {

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Jannik Lehmann

Merge request reports

Loading