Add latest changes from gitlab-org/gitlab@master

3 files changed, 52 insertions, 1 deletions

diff --git a/spec/lib/gitlab/chat/command_spec.rb b/spec/lib/gitlab/chat/command_spec.rb
index 89c693daaa0..d99c07d1fa3 100644
--- a/spec/lib/gitlab/chat/command_spec.rb
+++ b/spec/lib/gitlab/chat/command_spec.rb
@@ -44,7 +44,7 @@ RSpec.describe Gitlab::Chat::Command do
     let(:pipeline) { command.create_pipeline }
 
     before do
-      stub_ci_pipeline_yaml_file(gitlab_ci_yaml)
+      stub_ci_pipeline_to_return_yaml_file
 
       project.add_developer(chat_name.user)
     end
diff --git a/spec/lib/gitlab/ci/parsers/security/common_spec.rb b/spec/lib/gitlab/ci/parsers/security/common_spec.rb
index 8498e0c993a..c49673f5a4a 100644
--- a/spec/lib/gitlab/ci/parsers/security/common_spec.rb
+++ b/spec/lib/gitlab/ci/parsers/security/common_spec.rb
@@ -13,11 +13,18 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
       # The path 'yarn.lock' was initially used by DependencyScanning, it is okay for SAST locations to use it, but this could be made better
       let(:location) { ::Gitlab::Ci::Reports::Security::Locations::Sast.new(file_path: 'yarn.lock', start_line: 1, end_line: 1) }
       let(:tracking_data) { nil }
+      let(:vulnerability_flags_data) do
+        [
+          ::Gitlab::Ci::Reports::Security::Flag.new(type: 'flagged-as-likely-false-positive', origin: 'post analyzer X', description: 'static string to sink'),
+          ::Gitlab::Ci::Reports::Security::Flag.new(type: 'flagged-as-likely-false-positive', origin: 'post analyzer Y', description: 'integer to sink')
+        ]
+      end
 
       before do
         allow_next_instance_of(described_class) do |parser|
           allow(parser).to receive(:create_location).and_return(location)
           allow(parser).to receive(:tracking_data).and_return(tracking_data)
+          allow(parser).to receive(:create_flags).and_return(vulnerability_flags_data)
         end
 
         artifact.each_blob { |blob| described_class.parse!(blob, report, vulnerability_finding_signatures_enabled) }
@@ -231,6 +238,17 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
         end
       end
 
+      describe 'parsing flags' do
+        it 'returns flags object for each finding' do
+          flags = report.findings.first.flags
+
+          expect(flags).to contain_exactly(
+            have_attributes(type: 'flagged-as-likely-false-positive', origin: 'post analyzer X', description: 'static string to sink'),
+            have_attributes(type: 'flagged-as-likely-false-positive', origin: 'post analyzer Y', description: 'integer to sink')
+          )
+        end
+      end
+
       describe 'parsing links' do
         it 'returns links object for each finding', :aggregate_failures do
           links = report.findings.flat_map(&:links)
diff --git a/spec/lib/gitlab/ci/reports/security/flag_spec.rb b/spec/lib/gitlab/ci/reports/security/flag_spec.rb
new file mode 100644
index 00000000000..27f83694ac2
--- /dev/null
+++ b/spec/lib/gitlab/ci/reports/security/flag_spec.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::Ci::Reports::Security::Flag do
+  subject(:security_flag) { described_class.new(type: 'flagged-as-likely-false-positive', origin: 'post analyzer X', description: 'static string to sink') }
+
+  describe '#initialize' do
+    context 'when all params are given' do
+      it 'initializes an instance' do
+        expect { subject }.not_to raise_error
+
+        expect(subject).to have_attributes(
+          type: 'flagged-as-likely-false-positive',
+          origin: 'post analyzer X',
+          description: 'static string to sink'
+        )
+      end
+    end
+
+    describe '#to_hash' do
+      it 'returns expected hash' do
+        expect(security_flag.to_hash).to eq(
+          {
+            flag_type: :false_positive,
+            origin: 'post analyzer X',
+            description: 'static string to sink'
+          }
+        )
+      end
+    end
+  end
+end