From 46736fe6b051b8aa0e166219b1d38118a48e3ec8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Zaj=C4=85c?= <mzajac@gitlab.com>
Date: Fri, 19 Apr 2024 13:45:23 +0000
Subject: [PATCH] Remove `message` field from Vulnerability GraphQL type
Changelog: removed
EE: true
---
doc/api/graphql/reference/index.md | 2 --
ee/app/graphql/mutations/vulnerabilities/create.rb | 5 -----
ee/app/graphql/types/vulnerability_type.rb | 10 ----------
.../graphql/mutations/vulnerabilities/create_spec.rb | 6 ++----
ee/spec/graphql/types/vulnerability_type_spec.rb | 2 --
.../graphql/mutations/vulnerabilities/create_spec.rb | 3 +--
.../custom_roles/admin_vulnerability/request_spec.rb | 3 +--
7 files changed, 4 insertions(+), 27 deletions(-)
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index eca9d4c570827..47f477ef7442a 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -9143,7 +9143,6 @@ Input type: `VulnerabilityCreateInput`
| <a id="mutationvulnerabilitycreatedetectedat"></a>`detectedAt` | [`Time`](#time) | Timestamp of when the vulnerability was first detected (defaults to creation time). |
| <a id="mutationvulnerabilitycreatedismissedat"></a>`dismissedAt` | [`Time`](#time) | Timestamp of when the vulnerability state changed to dismissed (defaults to creation time if status is `dismissed`). |
| <a id="mutationvulnerabilitycreateidentifiers"></a>`identifiers` | [`[VulnerabilityIdentifierInput!]!`](#vulnerabilityidentifierinput) | Array of CVE or CWE identifiers for the vulnerability. |
-| <a id="mutationvulnerabilitycreatemessage"></a>`message` **{warning-solid}** | [`String`](#string) | **Deprecated:** message field has been removed from security reports schema. Deprecated in GitLab 16.1. |
| <a id="mutationvulnerabilitycreatename"></a>`name` | [`String!`](#string) | Name of the vulnerability. |
| <a id="mutationvulnerabilitycreateproject"></a>`project` | [`ProjectID!`](#projectid) | ID of the project to attach the vulnerability to. |
| <a id="mutationvulnerabilitycreateresolvedat"></a>`resolvedAt` | [`Time`](#time) | Timestamp of when the vulnerability state changed to resolved (defaults to creation time if status is `resolved`). |
@@ -30360,7 +30359,6 @@ Represents a vulnerability.
| <a id="vulnerabilitylinks"></a>`links` | [`[VulnerabilityLink!]!`](#vulnerabilitylink) | List of links associated with the vulnerability. |
| <a id="vulnerabilitylocation"></a>`location` | [`VulnerabilityLocation`](#vulnerabilitylocation) | Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability. |
| <a id="vulnerabilitymergerequest"></a>`mergeRequest` | [`MergeRequest`](#mergerequest) | Merge request that fixes the vulnerability. |
-| <a id="vulnerabilitymessage"></a>`message` **{warning-solid}** | [`String`](#string) | **Deprecated** in GitLab 16.1. message field has been removed from security reports schema. |
| <a id="vulnerabilitypresentondefaultbranch"></a>`presentOnDefaultBranch` | [`Boolean!`](#boolean) | Indicates whether the vulnerability is present on the default branch or not. |
| <a id="vulnerabilityprimaryidentifier"></a>`primaryIdentifier` | [`VulnerabilityIdentifier`](#vulnerabilityidentifier) | Primary identifier of the vulnerability. |
| <a id="vulnerabilityproject"></a>`project` | [`Project`](#project) | Project on which the vulnerability was found. |
diff --git a/ee/app/graphql/mutations/vulnerabilities/create.rb b/ee/app/graphql/mutations/vulnerabilities/create.rb
index 708e970b520f9..53c0c825c9eb4 100644
--- a/ee/app/graphql/mutations/vulnerabilities/create.rb
+++ b/ee/app/graphql/mutations/vulnerabilities/create.rb
@@ -41,11 +41,6 @@ class Create < BaseMutation
required: false,
description: 'Instructions for how to fix the vulnerability.'
- argument :message, GraphQL::Types::String,
- required: false,
- deprecated: { reason: 'message field has been removed from security reports schema', milestone: '16.1' },
- description: "Short text section that describes the vulnerability. This may include the finding's specific information."
-
argument :detected_at, Types::TimeType,
required: false,
description: 'Timestamp of when the vulnerability was first detected (defaults to creation time).'
diff --git a/ee/app/graphql/types/vulnerability_type.rb b/ee/app/graphql/types/vulnerability_type.rb
index 22fe1f960ea30..21cf1fbfe5e09 100644
--- a/ee/app/graphql/types/vulnerability_type.rb
+++ b/ee/app/graphql/types/vulnerability_type.rb
@@ -30,11 +30,6 @@ class VulnerabilityType < BaseObject
null: true,
description: 'Recommended solution for the vulnerability.'
- field :message, GraphQL::Types::String,
- null: true,
- deprecated: { reason: 'message field has been removed from security reports schema', milestone: '16.1' },
- description: "From 16.1 this field always returns null."
-
field :state, VulnerabilityStateEnum,
null: true, description: "State of the vulnerability (#{::Vulnerability.states.keys.join(', ').upcase})"
@@ -210,11 +205,6 @@ def false_positive?
object.finding&.false_positive? || false
end
- # Remove with field :message; https://gitlab.com/gitlab-org/gitlab/-/issues/412114
- def message
- # no-op
- end
-
private
def expose_false_positive?
diff --git a/ee/spec/graphql/mutations/vulnerabilities/create_spec.rb b/ee/spec/graphql/mutations/vulnerabilities/create_spec.rb
index 1100f3a46a78b..532d5abb4b6ec 100644
--- a/ee/spec/graphql/mutations/vulnerabilities/create_spec.rb
+++ b/ee/spec/graphql/mutations/vulnerabilities/create_spec.rb
@@ -48,8 +48,7 @@
state: "detected",
severity: "unknown",
confidence: "unknown",
- solution: "rm -rf --no-preserve-root /",
- message: "You can't fix this"
+ solution: "rm -rf --no-preserve-root /"
}
end
@@ -106,8 +105,7 @@
confirmed_at: confirmed_at,
resolved_at: resolved_at,
dismissed_at: dismissed_at,
- solution: "rm -rf --no-preserve-root /",
- message: "You can't fix this"
+ solution: "rm -rf --no-preserve-root /"
}.compact
end
diff --git a/ee/spec/graphql/types/vulnerability_type_spec.rb b/ee/spec/graphql/types/vulnerability_type_spec.rb
index 8584762a27643..98360d37e1862 100644
--- a/ee/spec/graphql/types/vulnerability_type_spec.rb
+++ b/ee/spec/graphql/types/vulnerability_type_spec.rb
@@ -30,7 +30,6 @@
description
descriptionHtml
solution
- message
user_notes_count
state
severity
@@ -62,7 +61,6 @@
dismissed_by
details
commenters
- message
state_transitions
dismissal_reason
present_on_default_branch
diff --git a/ee/spec/requests/api/graphql/mutations/vulnerabilities/create_spec.rb b/ee/spec/requests/api/graphql/mutations/vulnerabilities/create_spec.rb
index 61ec200479b56..2db0282225324 100644
--- a/ee/spec/requests/api/graphql/mutations/vulnerabilities/create_spec.rb
+++ b/ee/spec/requests/api/graphql/mutations/vulnerabilities/create_spec.rb
@@ -27,8 +27,7 @@
}],
state: "DETECTED",
severity: "UNKNOWN",
- solution: "rm -rf --no-preserve-root /",
- message: "You can't fix this"
+ solution: "rm -rf --no-preserve-root /"
}
end
diff --git a/ee/spec/requests/custom_roles/admin_vulnerability/request_spec.rb b/ee/spec/requests/custom_roles/admin_vulnerability/request_spec.rb
index 48f765d58a791..6944ceab07ce9 100644
--- a/ee/spec/requests/custom_roles/admin_vulnerability/request_spec.rb
+++ b/ee/spec/requests/custom_roles/admin_vulnerability/request_spec.rb
@@ -217,8 +217,7 @@
}],
state: "DETECTED",
severity: "UNKNOWN",
- solution: "curl -s 'https://unpkg.com/emoji.json@13.1.0/emoji.json' | jq -r '.[] | .char'",
- message: "example"
+ solution: "curl -s 'https://unpkg.com/emoji.json@13.1.0/emoji.json' | jq -r '.[] | .char'"
}), current_user: user)
expect(response).to have_gitlab_http_status(:success)
--
GitLab