Fix the deprecated_properties method
What does this MR do and why?
We are checking for the newly_detected
in license_states
. However the newly_detected
vulnerability_state
is the deprecated property we should check.
This MR fix the deprecated_properties method to check for newly_detected
vulnerability_states
, instead of
newly_detected
license_states
.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- Enable the feature flag
echo "Feature.enable(:security_policies_breaking_changes)" | rails c
- Create a new project
- Add a new member to the project with developer access
- Go to Secure > Policies
- Click on New policy
- Select Merge request approval policy
- Change to .yaml mode
- Copy the yaml below:
type: approval_policy
name: 'policy'
description: ''
enabled: true
rules:
- type: scan_finding
scanners: []
vulnerabilities_allowed: 0
severity_levels: []
vulnerability_states: [newly_detected]
branch_type: protected
- type: license_finding
match_on_inclusion: true
license_types: []
license_states: []
branch_type: protected
actions:
- type: require_approval
approvals_required: 1
role_approvers:
- developer
- Click on Configure with a merge request
- Merge the new MR to add the policy
- Go to
/-/graphql-explorer
- Add a query like:
{
project(fullPath: "root/test-mr-147958") {
approvalPolicies {
nodes {
name
deprecatedProperties
}
}
}
}
- Verify the
deprecatedProperties
is ["match_on_inclusion", "newly_detected"] - Go to Secure > Policies
- Update the policy with the content below to remove the deprecated fields :
type: approval_policy
name: policy
description: ''
enabled: true
rules:
- type: scan_finding
scanners: []
vulnerabilities_allowed: 0
severity_levels: []
vulnerability_states:
- new_needs_triage
- new_dismissed
branch_type: protected
- type: license_finding
match_on_inclusion_license: true
license_types:
- MIT License
license_states:
- detected
branch_type: protected
actions:
- type: require_approval
approvals_required: 1
role_approvers:
- developer
- Repeat the steps 11 and 12
- Verify the
deprecatedPolicy
is empty
Edited by Marcos Rocha