From 6eb58d0d84d26780cf5b2b60c77601dcb8bbab5a Mon Sep 17 00:00:00 2001 From: Jason Luong Date: Thu, 24 Aug 2023 14:23:38 +0100 Subject: [PATCH 1/5] feat: disable amplitude and sentry when using fedramp endpoints --- src/snyk/common/analytics/itly.ts | 2 +- src/snyk/common/configuration/configuration.ts | 4 ++-- src/snyk/extension.ts | 12 ++++++------ 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/snyk/common/analytics/itly.ts b/src/snyk/common/analytics/itly.ts index 2743addec..d9f096378 100644 --- a/src/snyk/common/analytics/itly.ts +++ b/src/snyk/common/analytics/itly.ts @@ -70,7 +70,7 @@ export class Iteratively implements IAnalytics { private isFedramp: boolean, private isDevelopment: boolean, private snykConfiguration?: SnykConfiguration, - ) {} + ) { } setShouldReportEvents(shouldReportEvents: boolean): void { this.shouldReportEvents = shouldReportEvents; diff --git a/src/snyk/common/configuration/configuration.ts b/src/snyk/common/configuration/configuration.ts index 5942bc144..bcf8c09f4 100644 --- a/src/snyk/common/configuration/configuration.ts +++ b/src/snyk/common/configuration/configuration.ts @@ -23,7 +23,7 @@ import { YES_BACKGROUND_OSS_NOTIFICATION_SETTING, YES_CRASH_REPORT_SETTING, YES_TELEMETRY_SETTING, - YES_WELCOME_NOTIFICATION_SETTING, + YES_WELCOME_NOTIFICATION_SETTING } from '../constants/settings'; import SecretStorageAdapter from '../vscode/secretStorage'; import { IVSCodeWorkspace } from '../vscode/workspace'; @@ -122,7 +122,7 @@ export class Configuration implements IConfiguration { private readonly defaultOssApiEndpoint = `${this.defaultAuthHost}/api/v1`; private readonly defaultBaseApiHost = 'https://api.snyk.io'; - constructor(private processEnv: NodeJS.ProcessEnv = process.env, private workspace: IVSCodeWorkspace) {} + constructor(private processEnv: NodeJS.ProcessEnv = process.env, private workspace: IVSCodeWorkspace) { } getInsecure(): boolean { const strictSSL = this.workspace.getConfiguration('http', 'proxyStrictSSL') ?? true; diff --git a/src/snyk/extension.ts b/src/snyk/extension.ts index aeae6683a..fd8158f62 100644 --- a/src/snyk/extension.ts +++ b/src/snyk/extension.ts @@ -252,12 +252,12 @@ class SnykExtension extends SnykLib implements IExtension { this.registerCommands(vscodeContext); const codeSecurityIssueProvider = new CodeSecurityIssueTreeProvider( - this.viewManagerService, - this.contextService, - this.snykCode, - configuration, - vsCodeLanguages, - ), + this.viewManagerService, + this.contextService, + this.snykCode, + configuration, + vsCodeLanguages, + ), codeQualityIssueProvider = new CodeQualityIssueTreeProvider( this.viewManagerService, this.contextService, From 2fcef2a080226012c54e1d76c23dfd8c7175e278 Mon Sep 17 00:00:00 2001 From: Jason Luong Date: Thu, 24 Aug 2023 14:36:15 +0100 Subject: [PATCH 2/5] fix: linting --- src/snyk/common/analytics/itly.ts | 2 +- src/snyk/common/configuration/configuration.ts | 4 ++-- src/snyk/extension.ts | 12 ++++++------ 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/snyk/common/analytics/itly.ts b/src/snyk/common/analytics/itly.ts index d9f096378..2743addec 100644 --- a/src/snyk/common/analytics/itly.ts +++ b/src/snyk/common/analytics/itly.ts @@ -70,7 +70,7 @@ export class Iteratively implements IAnalytics { private isFedramp: boolean, private isDevelopment: boolean, private snykConfiguration?: SnykConfiguration, - ) { } + ) {} setShouldReportEvents(shouldReportEvents: boolean): void { this.shouldReportEvents = shouldReportEvents; diff --git a/src/snyk/common/configuration/configuration.ts b/src/snyk/common/configuration/configuration.ts index bcf8c09f4..5942bc144 100644 --- a/src/snyk/common/configuration/configuration.ts +++ b/src/snyk/common/configuration/configuration.ts @@ -23,7 +23,7 @@ import { YES_BACKGROUND_OSS_NOTIFICATION_SETTING, YES_CRASH_REPORT_SETTING, YES_TELEMETRY_SETTING, - YES_WELCOME_NOTIFICATION_SETTING + YES_WELCOME_NOTIFICATION_SETTING, } from '../constants/settings'; import SecretStorageAdapter from '../vscode/secretStorage'; import { IVSCodeWorkspace } from '../vscode/workspace'; @@ -122,7 +122,7 @@ export class Configuration implements IConfiguration { private readonly defaultOssApiEndpoint = `${this.defaultAuthHost}/api/v1`; private readonly defaultBaseApiHost = 'https://api.snyk.io'; - constructor(private processEnv: NodeJS.ProcessEnv = process.env, private workspace: IVSCodeWorkspace) { } + constructor(private processEnv: NodeJS.ProcessEnv = process.env, private workspace: IVSCodeWorkspace) {} getInsecure(): boolean { const strictSSL = this.workspace.getConfiguration('http', 'proxyStrictSSL') ?? true; diff --git a/src/snyk/extension.ts b/src/snyk/extension.ts index fd8158f62..aeae6683a 100644 --- a/src/snyk/extension.ts +++ b/src/snyk/extension.ts @@ -252,12 +252,12 @@ class SnykExtension extends SnykLib implements IExtension { this.registerCommands(vscodeContext); const codeSecurityIssueProvider = new CodeSecurityIssueTreeProvider( - this.viewManagerService, - this.contextService, - this.snykCode, - configuration, - vsCodeLanguages, - ), + this.viewManagerService, + this.contextService, + this.snykCode, + configuration, + vsCodeLanguages, + ), codeQualityIssueProvider = new CodeQualityIssueTreeProvider( this.viewManagerService, this.contextService, From 3f3317630651a482f5751608c5b209dc16609713 Mon Sep 17 00:00:00 2001 From: Jason Luong Date: Mon, 4 Sep 2023 09:41:17 +0100 Subject: [PATCH 3/5] fix: remove .only in test --- src/test/unit/common/analytics/itly.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/unit/common/analytics/itly.test.ts b/src/test/unit/common/analytics/itly.test.ts index d49379162..02a6c5858 100644 --- a/src/test/unit/common/analytics/itly.test.ts +++ b/src/test/unit/common/analytics/itly.test.ts @@ -4,7 +4,7 @@ import { SnykConfiguration } from '../../../../snyk/common/configuration/snykCon import { User } from '../../../../snyk/common/user'; import { LoggerMock } from '../../mocks/logger.mock'; -suite.only('Iteratively', () => { +suite('Iteratively', () => { const snykConfig = {} as SnykConfiguration; const isDevelopment = false; From 41a93fc41aeb380114e5a0e252a93879fc099826 Mon Sep 17 00:00:00 2001 From: Jason Luong Date: Mon, 4 Sep 2023 09:53:04 +0100 Subject: [PATCH 4/5] fix: only check snykgov.io domain to check if fedramp --- .../common/configuration/configuration.ts | 7 +++---- src/test/integration/analytics.test.ts | 2 +- src/test/unit/common/configuration.test.ts | 20 +++++++++++++++++++ 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/src/snyk/common/configuration/configuration.ts b/src/snyk/common/configuration/configuration.ts index 5942bc144..5a6646193 100644 --- a/src/snyk/common/configuration/configuration.ts +++ b/src/snyk/common/configuration/configuration.ts @@ -196,16 +196,15 @@ export class Configuration implements IConfiguration { get isFedramp(): boolean { if (!this.customEndpoint) return false; - // FEDRAMP URL e.g. https://api.fedramp.snykgov.io + // FEDRAMP URL e.g. https://api.feddramp.snykgov.io const endpoint = new URL(this.customEndpoint); // hostname validation const hostnameParts = endpoint.hostname.split('.'); if (hostnameParts.length < 3) return false; - const isFedrampInstance = hostnameParts[1].includes('fedramp'); - const isFedrampDomain = hostnameParts[2].includes('snykgov') && hostnameParts[3].includes('io'); - return isFedrampDomain && isFedrampInstance; + const isFedrampDomain = `${hostnameParts[2]}.${hostnameParts[3]}`.includes('snykgov.io'); + return isFedrampDomain; } get snykOssApiEndpoint(): string { diff --git a/src/test/integration/analytics.test.ts b/src/test/integration/analytics.test.ts index 1975e4834..8edadf5bf 100644 --- a/src/test/integration/analytics.test.ts +++ b/src/test/integration/analytics.test.ts @@ -36,7 +36,7 @@ suite('Analytics', () => { }); test('"Welcome Is Viewed" not tracked if using fedramp endpoint', async () => { - await configuration.setEndpoint('https://api.fedramp.snykgov.io'); + await configuration.setEndpoint('https://api.feddramp.snykgov.io'); await vscode.commands.executeCommand('workbench.action.toggleSidebarVisibility'); await vscode.commands.executeCommand(VSCODE_VIEW_CONTAINER_COMMAND); diff --git a/src/test/unit/common/configuration.test.ts b/src/test/unit/common/configuration.test.ts index 456b5fb6f..05960ffff 100644 --- a/src/test/unit/common/configuration.test.ts +++ b/src/test/unit/common/configuration.test.ts @@ -211,4 +211,24 @@ suite('Configuration', () => { strictEqual(configuration.scanningMode, mode); }); }); + + suite('.isFedramp()', () => { + test('returns true for FEDRAMP URLs', () => { + const fedrampUrl = 'https://api.fedramp.snykgov.io'; + const workspace = stubWorkspaceConfiguration(ADVANCED_CUSTOM_ENDPOINT, fedrampUrl); + + const configuration = new Configuration({}, workspace); + + strictEqual(configuration.isFedramp, true); + }); + + test('returns false for non-FEDRAMP URLs', () => { + const nonFedrampUrl = 'https://api.snyk.io'; + const workspace = stubWorkspaceConfiguration(ADVANCED_CUSTOM_ENDPOINT, nonFedrampUrl); + + const configuration = new Configuration({}, workspace); + + strictEqual(configuration.isFedramp, false); + }); + }); }); From e7d215256db68eb3e67d323bc364ae0b62f1ad10 Mon Sep 17 00:00:00 2001 From: Jason Luong Date: Mon, 4 Sep 2023 09:55:34 +0100 Subject: [PATCH 5/5] chore: udpate changelog --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 218b4265e..f91212396 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Snyk Security - Code and Open Source Dependencies Changelog +## [1.21.6] + +### Added + +- Only check `snykgov.io` domain to check if fedramp + ## [1.21.5] ### Added