feat: use language server for html vulnerability counts [HEAD-282] (#371

)

Signed-off-by: Bastian Doetsch <[email protected]>
Co-authored-by: Jason Luong <[email protected]>

CHANGELOG.md

@@ -1,5 +1,18 @@
 # Snyk Security - Code and Open Source Dependencies Changelog
 
+## [1.21.4]
+
+### Changed
+- Use Language Server to retrieve vulnerability count for HTML files
+
+## [1.21.1]
+### Fixed
+- Snyk Learn links
+
+## [1.21.0]
+### Fixed
+- Plugin Initialization
+
 ## [1.20.3]
 
 ### Removed

package.json

@@ -458,6 +458,7 @@
     "string-argv": "^0.3.1",
     "uuid": "^8.3.2",
     "validate-npm-package-name": "^3.0.0",
-    "vscode-languageclient": "8.1.0"
+    "vscode-languageclient": "8.1.0",
+    "vscode-languageserver-textdocument":"^1.0.8"
   }
 }

src/snyk/common/vscode/textdocument.ts

@@ -0,0 +1,12 @@
+import * as vlt from 'vscode-languageserver-textdocument';
+import { LSPTextDocument } from './types';
+
+export interface ITextDocumentAdapter {
+  create(uri: string, language: string, version: number, content: string): LSPTextDocument;
+}
+
+export class TextDocumentAdapter implements ITextDocumentAdapter {
+  create(uri: string, language: string, version: number, content: string): LSPTextDocument {
+    return vlt.TextDocument.create(uri, language, version, content);
+  }
+}

src/snyk/common/vscode/types.ts

@@ -1,5 +1,6 @@
 import * as vscode from 'vscode';
 import * as lsc from 'vscode-languageclient/node';
+import * as lst from 'vscode-languageserver-textdocument';
 
 // VS Code core type mappings
 export type Disposable = vscode.Disposable;
@@ -57,3 +58,6 @@ export type ConfigurationParams = lsc.ConfigurationParams;
 export type CancellationToken = lsc.CancellationToken;
 export type ConfigurationRequestHandlerSignature = lsc.ConfigurationRequest.HandlerSignature;
 export type ResponseError<D = void> = lsc.ResponseError<D>;
+export type InlineValueContext = lsc.InlineValueContext;
+export type InlineValueText = lsc.InlineValueText;
+export type LSPTextDocument = lst.TextDocument;

src/snyk/extension.ts

@@ -59,6 +59,7 @@ import { HoverAdapter } from './common/vscode/hover';
 import { LanguageClientAdapter } from './common/vscode/languageClient';
 import { vsCodeLanguages } from './common/vscode/languages';
 import SecretStorageAdapter from './common/vscode/secretStorage';
+import { TextDocumentAdapter } from './common/vscode/textdocument';
 import { ThemeColorAdapter } from './common/vscode/theme';
 import { Range, Uri } from './common/vscode/types';
 import { UriAdapter } from './common/vscode/uri';
@@ -74,10 +75,8 @@ import { CodeSuggestionWebviewProvider } from './snykCode/views/suggestion/codeS
 import { IacService } from './snykIac/iacService';
 import IacIssueTreeProvider from './snykIac/views/iacIssueTreeProvider';
 import { IacSuggestionWebviewProvider } from './snykIac/views/suggestion/iacSuggestionWebviewProvider';
-import { NpmTestApi } from './snykOss/api/npmTestApi';
 import { EditorDecorator } from './snykOss/editor/editorDecorator';
 import { OssService } from './snykOss/services/ossService';
-import { NpmModuleInfoFetchService } from './snykOss/services/vulnerabilityCount/npmModuleInfoFetchService';
 import { OssVulnerabilityCountService } from './snykOss/services/vulnerabilityCount/ossVulnerabilityCountService';
 import { ModuleVulnerabilityCountProvider } from './snykOss/services/vulnerabilityCount/vulnerabilityCountProvider';
 import { OssVulnerabilityTreeProvider } from './snykOss/views/ossVulnerabilityTreeProvider';
@@ -361,16 +360,16 @@ class SnykExtension extends SnykLib implements IExtension {
 
     this.initDependencyDownload();
 
-    const npmModuleInfoFetchService = new NpmModuleInfoFetchService(
-      configuration,
-      Logger,
-      new NpmTestApi(Logger, vsCodeWorkspace),
-    );
     this.ossVulnerabilityCountService = new OssVulnerabilityCountService(
       vsCodeWorkspace,
       vsCodeWindow,
       vsCodeLanguages,
-      new ModuleVulnerabilityCountProvider(this.ossService, npmModuleInfoFetchService),
+      new ModuleVulnerabilityCountProvider(
+        this.ossService,
+        languageClientAdapter,
+        new UriAdapter(),
+        new TextDocumentAdapter(),
+      ),
       this.ossService,
       Logger,
       new EditorDecorator(vsCodeWindow, vsCodeLanguages, new ThemeColorAdapter()),

src/snyk/snykOss/messages/vulnerabilityCount.ts

@@ -6,8 +6,13 @@ export const messages = {
   vulnerabilities: 'vulnerabilities',
   showMostSevereVulnerability: 'Show the most severe vulnerability (Snyk)',
 
-  decoratorMessage: (vulnerabilityCount: number): string =>
-    `${vulnerabilityCount} ${vulnerabilityCount > 1 ? 'vulnerabilities' : 'vulnerability'}`,
+  decoratorMessage: (vulnerabilityCount: string): string => {
+    const vulnerabilityCountNumber = Number.parseInt(vulnerabilityCount, 10);
+    if (isNaN(vulnerabilityCountNumber)) {
+      return vulnerabilityCount;
+    }
+    return `${vulnerabilityCountNumber} ${vulnerabilityCountNumber > 1 ? 'vulnerabilities' : 'vulnerability'}`;
+  },
 
   diagnosticMessagePrefix: (module: ModuleVulnerabilityCount): string =>
     `Dependency ${module.name}${module.version ? `@${module.version}` : ''} has `,

src/snyk/snykOss/services/vulnerabilityCount/importedModule.ts

@@ -17,12 +17,6 @@ export type Range = {
     column: number;
   };
 };
-
-export type TestedImportedModule = ImportedModule & {
-  tested: boolean;
-  vulnerabilityCount?: number;
-};
-
 export enum ModuleVulnerabilityCountSeverity {
   Low = 'low',
   Medium = 'medium',
@@ -41,7 +35,7 @@ export type ModuleVulnerabilityCount = {
   line: number | null;
   range: Range | null;
   hasCount: boolean;
-  count?: number;
+  count?: string;
   severityCounts?: SeverityCounts;
   mostSevereVulnerabilityId?: string;
 };

src/snyk/snykOss/services/vulnerabilityCount/ossVulnerabilityCountService.ts

@@ -124,6 +124,7 @@ export class OssVulnerabilityCountService implements Disposable {
     let emitter = this.fileEmitters.get(fileName);
     if (emitter) {
       emitter.removeAllListeners();
+      this.editorDecorator.resetDecorations(fileName);
     } else {
       emitter = new VulnerabilityCountEmitter();
       this.fileEmitters.set(fileName, emitter);
@@ -215,7 +216,7 @@ export class OssVulnerabilityCountService implements Disposable {
       emitter.startScanning(modules);
 
       const promises = modules
-        .map(module => this.vulnerabilityCountProvider.getVulnerabilityCount(module, language))
+        .map(module => this.vulnerabilityCountProvider.getVulnerabilityCount(fileName, module, language))
         .map(promise =>
           promise.then(module => {
             emitter.scanned(module);
@@ -253,7 +254,7 @@ export class OssVulnerabilityCountService implements Disposable {
       ],
       module,
     );
-    message += module.count > 1 ? ` ${messages.vulnerabilities}.` : ` ${messages.vulnerabilities}.`;
+    message += messages.decoratorMessage(module.count);
     return message;
   }
 
@@ -262,7 +263,7 @@ export class OssVulnerabilityCountService implements Disposable {
     module: ModuleVulnerabilityCount,
   ): string {
     if (!module.severityCounts) {
-      return module.count ? module.count.toString() : '';
+      return module.count ? module.count : '';
     }
 
     const content: string[] = [];