npm - secure-review-extension - Versions diffs - 1.0.7 → 1.0.10 - Mend

secure-review-extension 1.0.7 → 1.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/extension.js +92 -11
package/package.json +1 -1
package/src/scanners/static-scan.js +33 -7

package/extension.js CHANGED Viewed

@@ -1,7 +1,7 @@
 const vscode = require("vscode");
 const { FindingsStore } = require("./src/store");
 const { FindingsProvider } = require("./src/findings-provider");
-const { scanWorkspace, scanCurrentFile } = require("./src/scanners/static-scan");
+const { scanWorkspace, scanFileAtPath } = require("./src/scanners/static-scan");
 const { runDockerZapScan } = require("./src/scanners/dynamic-scan");
 const { detectWorkspace, buildInstallPlan, formatInstallPlan } = require("./src/scanners/bootstrap-tools");
 const { applyDiagnostics } = require("./src/diagnostics");
@@ -11,6 +11,7 @@ const { severityOrder } = require("./src/constants");
 let reportPanel;
 let lastReportMetadata;
+const saveScanTimers = new Map();
 function activate(context) {
   const store = new FindingsStore();
@@ -82,13 +83,7 @@ function activate(context) {
         cancellable: false
       },
       async () => {
-        const currentFileFindings = await scanCurrentFile();
-        const otherStaticFindings = store.findings.filter(
-          (item) => item.source === "static" && item.filePath !== editor.document.uri.fsPath
-        );
-        const dynamicFindings = store.findings.filter((item) => item.source === "dynamic");
-        store.setFindings(sortFindings([...otherStaticFindings, ...currentFileFindings, ...dynamicFindings]));
+        await rescanFile(editor.document.uri.fsPath);
         vscode.window.showInformationMessage(`Secure Review updated findings for ${editor.document.fileName}.`);
       }
     );
@@ -263,11 +258,97 @@ function activate(context) {
     vscode.commands.registerCommand("secureReview.ignoreFinding", ignoreFinding)
   );
+  async function rescanFile(filePath) {
+    const currentFileFindings = await scanFileAtPath(filePath, {
+      workspaceRoot: vscode.workspace.workspaceFolders?.[0]?.uri.fsPath,
+      excludeGlobs: configAccessor().get("excludeGlobs", []),
+      maxFiles: configAccessor().get("maxFiles", 400)
+    });
+    const otherStaticFindings = store.findings.filter(
+      (item) => item.source === "static" && item.filePath !== filePath
+    );
+    const dynamicFindings = store.findings.filter((item) => item.source === "dynamic");
+    store.setFindings(sortFindings([...otherStaticFindings, ...currentFileFindings, ...dynamicFindings]));
+    return currentFileFindings;
+  }
+  async function handleRunOnSave(document) {
+    if (!document || document.uri.scheme !== "file") {
+      return;
+    }
+    const workspaceFolder = vscode.workspace.getWorkspaceFolder(document.uri);
+    if (!workspaceFolder) {
+      return;
+    }
+    const filePath = document.uri.fsPath;
+    const existingFindings = store.findings.filter(
+      (item) => item.source === "static" && item.filePath === filePath
+    );
+    const previousIds = new Set(existingFindings.map((item) => item.id));
+    const updatedFindings = await rescanFile(filePath);
+    const nextIds = new Set(updatedFindings.map((item) => item.id));
+    const newCount = updatedFindings.filter((item) => !previousIds.has(item.id)).length;
+    const resolvedCount = existingFindings.filter((item) => !nextIds.has(item.id)).length;
+    if (!updatedFindings.length && !resolvedCount) {
+      return;
+    }
+    const message = updatedFindings.length
+      ? `Secure Review found ${updatedFindings.length} finding${updatedFindings.length === 1 ? "" : "s"} in ${document.fileName}${newCount || resolvedCount ? ` (${newCount} new, ${resolvedCount} resolved)` : ""}.`
+      : `Secure Review resolved all findings in ${document.fileName}.`;
+    const action = await vscode.window.showInformationMessage(
+      message,
+      "Open Findings",
+      "Open Report",
+      "Export DOCX"
+    );
+    if (action === "Open Findings") {
+      await vscode.commands.executeCommand("secureReview.findingsView.focus");
+      return;
+    }
+    if (action === "Open Report") {
+      openReport();
+      return;
+    }
+    if (action === "Export DOCX") {
+      await exportFindingsReport();
+    }
+  }
   context.subscriptions.push(
-    vscode.workspace.onDidSaveTextDocument(async () => {
-      if (configAccessor().get("runOnSave", false)) {
-        await runCurrentFileScan();
+    vscode.workspace.onDidSaveTextDocument(async (document) => {
+      if (!configAccessor().get("runOnSave", false)) {
+        return;
       }
+      const filePath = document?.uri?.fsPath;
+      if (!filePath) {
+        return;
+      }
+      const existingTimer = saveScanTimers.get(filePath);
+      if (existingTimer) {
+        clearTimeout(existingTimer);
+      }
+      const timer = setTimeout(async () => {
+        saveScanTimers.delete(filePath);
+        try {
+          await handleRunOnSave(document);
+        } catch (error) {
+          vscode.window.showErrorMessage(`Secure Review run-on-save scan failed: ${error.message}`);
+        }
+      }, 250);
+      saveScanTimers.set(filePath, timer);
     })
   );

package/package.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "name": "secure-review-extension",
   "displayName": "Secure Review",
   "description": "Run deep static and Docker-based dynamic secure code reviews directly inside VS Code.",
-  "version": "1.0.7",
+  "version": "1.0.10",
   "publisher": "Ankit-QI",
   "icon": "media/shield.png",
   "license": "MIT",

package/src/scanners/static-scan.js CHANGED Viewed

@@ -135,19 +135,44 @@ async function scanCurrentFile() {
     return [];
   }
-  const content = await readText(editor.document.uri.fsPath);
+  return scanFileAtPath(editor.document.uri.fsPath);
+}
+async function scanFileAtPath(filePath, options = {}) {
+  const content = await readText(filePath);
   if (content === null) {
     return [];
   }
-  const workspaceRoot = vscode?.workspace?.workspaceFolders?.[0]?.uri.fsPath || path.dirname(editor.document.uri.fsPath);
-  return dedupeFindings(scanContent(editor.document.uri.fsPath, content, workspaceRoot, {
-    languages: [],
-    frameworks: [],
-    isSecureReviewWorkspace: false
+  const workspaceRoot = options.workspaceRoot
+    || vscode?.workspace?.workspaceFolders?.[0]?.uri.fsPath
+    || path.dirname(filePath);
+  const workspaceProfile = await buildWorkspaceProfileForRoot(workspaceRoot, {
+    excludeGlobs: options.excludeGlobs || [],
+    maxFiles: options.maxFiles || 400
+  });
+  if (!shouldAnalyzeSingleFile(filePath)) {
+    return [];
+  }
+  return dedupeFindings(scanContent(filePath, content, workspaceRoot, {
+    languages: workspaceProfile.languages,
+    frameworks: workspaceProfile.frameworks,
+    isSecureReviewWorkspace: workspaceProfile.isSecureReviewWorkspace
   }));
 }
+function shouldAnalyzeSingleFile(filePath) {
+  const baseName = path.basename(filePath);
+  if (LOCKFILE_NAMES.has(baseName) || ENV_LIKE_NAMES.has(baseName)) {
+    return true;
+  }
+  const ext = path.extname(filePath).toLowerCase();
+  return ALLOWED_EXTENSIONS.has(ext);
+}
 function scanProfile(workspaceProfile, config) {
   const findings = [];
   const notify = typeof config.get === "function"
@@ -654,7 +679,8 @@ async function readText(filePath) {
 module.exports = {
   scanWorkspace,
   scanWorkspaceAtPath,
-  scanCurrentFile
+  scanCurrentFile,
+  scanFileAtPath
 };
 function analyzeRepository(files, workspaceRoot) {