Refactor diff_codeQuality component
What does this MR do and why?
This MR solves: #417438 (closed) It refactors the diff Code Quality component by adding a new component that removes duplication and redundancy from the diff_codeQuality component.
Screenshots or screen recordings
no visual changes |
---|
How to set up and validate locally
- Enable this flag: #410191 (closed)
- Clone this repo: https://gitlab.com/jannik_lehmann/sast-inline-findings-example
- Recreate this MR: jannik_lehmann/sast-inline-findings-example!1 (merged)
- Let the Pipeline finish and see the Security findings in action
- Clone this repo: https://gitlab.com/jannik_lehmann/code-quality-test
- Recreate this MR: jannik_lehmann/code-quality-test!4 (diffs)
- Let the pipeline finish and see that the CodeQuality Findings are still working.
- Apply the patch below
- Go to recreated MR, see CQ and (mocked)-Security finding on same line
diff --git a/app/assets/javascripts/diffs/index.js b/app/assets/javascripts/diffs/index.js
index 621d78850dfe..8e2e8ac4829d 100644
--- a/app/assets/javascripts/diffs/index.js
+++ b/app/assets/javascripts/diffs/index.js
@@ -32,7 +32,7 @@ export default function initDiffsApp(store = notesStore) {
return {
endpointCoverage: dataset.endpointCoverage || '',
endpointCodequality: dataset.endpointCodequality || '',
- endpointSast: dataset.endpointSast || '',
+ endpointSast: 'mockedEndpoint',
endpointUpdateUser: dataset.updateCurrentUserPath,
projectPath: dataset.projectPath,
helpPagePath: dataset.helpPagePath,
diff --git a/ee/app/assets/javascripts/diffs/store/actions.js b/ee/app/assets/javascripts/diffs/store/actions.js
index 3c91c1fc3482..17b36f0b1e1c 100644
--- a/ee/app/assets/javascripts/diffs/store/actions.js
+++ b/ee/app/assets/javascripts/diffs/store/actions.js
@@ -100,6 +100,21 @@ export const setGenerateTestFilePath = ({ commit }, path) =>
commit(types.SET_GENERATE_TEST_FILE_PATH, path);
export const fetchSast = ({ commit, state, dispatch }) => {
+ commit(types.SET_SAST_DATA, {
+ added: [
+ {
+ severity: 'medium',
+ description:
+ 'Markup escaping disabled. This can be used with some template engines to escape\ndisabling of HTML entities, which can lead to XSS attacks.\n',
+ location: {
+ file: 'noise.rb',
+ start_line: 7,
+ },
+ },
+ ],
+ fixed: [],
+ });
+ return;
let retryCount = 0;
sastPoll = new Poll({
resource: {
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Jannik Lehmann