Skip to content

Fix the deprecated_properties method

Marcos Rocha requested to merge mc_rocha-fix-deprecated-map-check into master

What does this MR do and why?

We are checking for the newly_detected in license_states. However the newly_detected vulnerability_state is the deprecated property we should check.

This MR fix the deprecated_properties method to check for newly_detected vulnerability_states, instead of newly_detected license_states.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

  1. Enable the feature flag
echo "Feature.enable(:security_policies_breaking_changes)" | rails c
  1. Create a new project
  2. Add a new member to the project with developer access
  3. Go to Secure > Policies
  4. Click on New policy
  5. Select Merge request approval policy
  6. Change to .yaml mode
  7. Copy the yaml below:
type: approval_policy
name: 'policy'
description: ''
enabled: true
rules:
  - type: scan_finding
    scanners: []
    vulnerabilities_allowed: 0
    severity_levels: []
    vulnerability_states: [newly_detected]
    branch_type: protected
  - type: license_finding
    match_on_inclusion: true
    license_types: []
    license_states: []
    branch_type: protected
actions:
  - type: require_approval
    approvals_required: 1
    role_approvers:
      - developer
  1. Click on Configure with a merge request
  2. Merge the new MR to add the policy
  3. Go to /-/graphql-explorer
  4. Add a query like:
{
  project(fullPath: "root/test-mr-147958") {
    approvalPolicies {
      nodes {
        name
        deprecatedProperties
      }
    }
  }
}
  1. Verify the deprecatedProperties is ["match_on_inclusion", "newly_detected"]
  2. Go to Secure > Policies
  3. Update the policy with the content below to remove the deprecated fields :
type: approval_policy
name: policy
description: ''
enabled: true
rules:
  - type: scan_finding
    scanners: []
    vulnerabilities_allowed: 0
    severity_levels: []
    vulnerability_states:
      - new_needs_triage 
      - new_dismissed
    branch_type: protected
  - type: license_finding
    match_on_inclusion_license: true
    license_types:
      - MIT License
    license_states:
      - detected
    branch_type: protected
actions:
  - type: require_approval
    approvals_required: 1
    role_approvers:
      - developer
  1. Repeat the steps 11 and 12
  2. Verify the deprecatedPolicy is empty
Edited by Marcos Rocha

Merge request reports