Skip to content

Duplicate approval rules in MR when scan_finding and license_finding rules are in same policy

Summary

When a scan result policy contains both scan_finding and license_finding in the same policy, the approval rules in MR widget shows duplicate values with same name.

Allow user to set the rule name to be displayed... (#341962 - closed) made the change to MR approvals to show only one entry for a scan result policy with multiple scan_finding rules, but after license_finding type was introduced, this behaviour fails in regex filter that filters the approval rule name with integer.

Steps to reproduce

  1. Create a scan result policy that contains both license_finding and scan_finding rules in a same policy

Screenshot_2023-07-31_at_10.01.49_PM

  1. Create a MR and check that the approval rules are duplicated

Screenshot_2023-07-31_at_10.01.37_PM

Example Project

https://gitlab.com/gitlab-org/govern/security-policies/sashis-test-group/verify-license-and-srp/-/merge_requests/1

What is the current bug behavior?

Duplicate approval rules are shown

What is the expected correct behavior?

Approval rules of type scan_finding and license_finding should be grouped and shown

Relevant logs and/or screenshots

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info 

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check 
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)


(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)


(we will only investigate if the tests are passing)

Possible fixes