diff --git a/media/view.js b/media/view.js index 64202d30..dd32c2e2 100644 --- a/media/view.js +++ b/media/view.js @@ -2,513 +2,540 @@ // This script will be run within the webview itself // It cannot access the main VS Code APIs directly. (function () { - var selectSeverity = ""; - var selectState = ""; - var comment = ""; - document.querySelectorAll('.ast-node').forEach(element => { - element.addEventListener('click', (e) => { - var target = e.target; - vscode.postMessage({ - command: 'showFile', - // @ts-ignore - sourceFile: target.dataset.filename, - // @ts-ignore - path: target.dataset.filename, - // @ts-ignore - line: target.dataset.line, - // @ts-ignore - column: target.dataset.column, - // @ts-ignore - length: target.dataset.length, - }); - }); - }); - - // Activated when clicked in triage update - document.querySelectorAll('.submit').forEach(element => { - element.addEventListener('click', () => { - vscode.postMessage({ - command: 'submit', - severitySelection: selectSeverity, - stateSelection: selectState, - comment: comment - }); - }); - }); - - // Activated when clicked in AI Security Champion - document.querySelectorAll('.title_gpt').forEach(element => { - element.addEventListener('click', () => { - vscode.postMessage({ - command: 'gpt', - }); - }); - }); - - // Open external link for more info - document.querySelectorAll('.remediation-links-text').forEach(element => { - element.addEventListener('click', (e) => { - // @ts-ignore - vscode.postMessage({ - command: 'references', - // @ts-ignore - link: e.target.id - }); - }); - }); - - // Apply the sca fix for a vulnerability - document.querySelectorAll('.remediation-icon').forEach(element => { - element.addEventListener('click', (e) => { - // @ts-ignore - var target = e.target; - console.log(target); - vscode.postMessage({ - command: 'scaFix', - // @ts-ignore - package: target.dataset.package, - // @ts-ignore - file: target.dataset.file, - // @ts-ignore - version: target.dataset.version - }); - }); - }); - - // Apply the sca fix for a vulnerability - document.querySelectorAll('.remediation-version').forEach(element => { - element.addEventListener('click', (e) => { - // @ts-ignore - var target = e.target; - console.log(target); - vscode.postMessage({ - command: 'scaFix', - // @ts-ignore - package: target.dataset.package, - // @ts-ignore - file: target.dataset.file, - // @ts-ignore - version: target.dataset.version - }); - }); - }); - - // Apply the sca fix for a vulnerability - document.querySelectorAll('.upgrade-small-icon').forEach(element => { - element.addEventListener('click', (e) => { - // @ts-ignore - var target = e.target; - console.log(target); - vscode.postMessage({ - command: 'scaFix', - // @ts-ignore - package: target.dataset.package, - // @ts-ignore - file: target.dataset.file, - // @ts-ignore - version: target.dataset.version - }); - }); - }); - - // Open external link for referencess - document.querySelectorAll('.references').forEach(element => { - element.addEventListener('click', (e) => { - // @ts-ignore - vscode.postMessage({ - command: 'references', - // @ts-ignore - link: e.target.id - }); - }); - }); - - // Activated when clicked in package next - document.querySelectorAll('.package-next').forEach(element => { - element.addEventListener('click', (e) => { - // @ts-ignore - var target = e.target; - // @ts-ignore - var current = target.dataset.current; - // @ts-ignore - var total = target.dataset.total; - var next = parseInt(current, 10) + 1; - if (next + 1 > parseInt(total, 10)) { - // @ts-ignore - e.target.disabled = true; - } - // Change the displayed tables for packages - let currentPage = document.getElementById('package-table-' + current); - currentPage.style.display = 'none'; - let nextPage = document.getElementById('package-table-' + next); - nextPage.style.display = ''; - // Change the displayed tables for locations - let currentPageLocations = document.getElementById('locations-table-' + current); - currentPageLocations.style.display = 'none'; - let nextPageLocations = document.getElementById('locations-table-' + next); - nextPageLocations.style.display = ''; - // Update in the next button - // @ts-ignore - target.dataset.current = next; - let backButton = document.getElementById('package-back'); - // @ts-ignore - backButton.disabled = false; - // @ts-ignore - backButton.dataset.current = next; - // Update in the back button - // @ts-ignore - target.dataset.current = next; - // Update the counter - let counter = document.getElementById('package-counter'); - counter.innerHTML = "

" + (parseInt(current, 10) + 1) + "/" + total + "

"; - }); - }); - - // Activated when clicked in package back - document.querySelectorAll('.package-back').forEach(element => { - element.addEventListener('click', (e) => { - // @ts-ignore - var target = e.target; - // @ts-ignore - var current = target.dataset.current; - // @ts-ignore - var total = target.dataset.total; - var next = parseInt(current, 10) - 1; - // @ts-ignore - let nextButton = document.getElementById('package-next'); - // @ts-ignore - nextButton.disabled = false; - if (parseInt(current, 10) - 2 === 0) { - // @ts-ignore - e.target.disabled = true; - } - // Change the displayed tables for packages - let currentPage = document.getElementById('package-table-' + current); - currentPage.style.display = 'none'; - let nextPage = document.getElementById('package-table-' + next); - nextPage.style.display = ''; - // Change the displayed tables for locations - let currentPageLocation = document.getElementById('locations-table-' + current); - currentPageLocation.style.display = 'none'; - let nextPageLocation = document.getElementById('locations-table-' + next); - nextPageLocation.style.display = ''; - // Update in the back button - // @ts-ignore - target.dataset.current = next; - // @ts-ignore - nextButton.dataset.current = next; - // Update in the back button - // @ts-ignore - target.dataset.current = next; - // Update the counter - let counter = document.getElementById('package-counter'); - counter.innerHTML = "

" + (parseInt(current, 10) - 1) + "/" + total + "

"; - }); - }); - - let severityElement = document.getElementById('select_severity'); - if (severityElement) { - severityElement.addEventListener('change', (e) => { - // @ts-ignore - selectSeverity = e.target.value; - }); - } - - let selectElement = document.getElementById('select_state'); - if (selectElement) { - selectElement.addEventListener('change', (e) => { - // @ts-ignore - selectState = e.target.value; - }); - } - - let commentElement = document.getElementById('comment_box'); - if (commentElement) { - document.getElementById('comment_box').addEventListener('change', (e) => { - // @ts-ignore - comment = e.target.value; - }); - } - - - // Display the changes once loaded - window.addEventListener('message', event => { - const message = event.data; - switch (message.command) { - case 'loadChanges': - let changes = message.changes; - let loaderContainer = document.getElementById('history-container-loader'); - if (loaderContainer) { - loaderContainer.style.display = 'none'; - loaderContainer.innerHTML = infoChangeContainer(changes); - loaderContainer.style.display = 'block'; - loaderContainer.style.padding = '0.4em'; - } - break; - case 'loader': - // html do loader - loaderContainer = document.getElementById('history-container-loader'); - if (loaderContainer) { - loaderContainer.innerHTML = loader(); - loaderContainer.style.display = 'block'; - } - break; - case 'loadLearnMore': - let learn = message.learn; - let learnLoaderContainer = document.getElementById('learn-container-loader'); - learnLoaderContainer.style.display = 'none'; - learnLoaderContainer.innerHTML = infoLearnContainer(learn, message.result); - learnLoaderContainer.style.display = 'block'; - let codeLoaderContainer = document.getElementById('tab-code'); - codeLoaderContainer.style.display = 'none'; - codeLoaderContainer.innerHTML = infoCodeContainer(learn); - codeLoaderContainer.style.display = 'block'; - registerCodebashingEventListener(); - break; - // case 'loadBfl': - // console.log("loadedBFl"); - // let index = message.index.index; - // // Case there is a best fix location - // if(index>=0){ - // updateDisplay('bfl-container-'+index,'block'); - // // Hide loading message - // updateDisplay('bfl-tip-loading','none'); - // updateDisplay('loader','none'); - // // Show tooltip message - // updateDisplay('bfl-tip-loaded','block'); - // } - // // Case there is not best fix location - // else{ - // // Hide the loading - // updateDisplay('bfl-tip-loading','none'); - // updateDisplay('loader','none'); - // } - - // break; - } - }); - - - function registerCodebashingEventListener() { - let codebashingElement = document.getElementById('cx_codebashing'); - if (codebashingElement) { - codebashingElement.addEventListener('click', () => { - // @ts-ignore - vscode.postMessage({ - command: 'codebashing', - }); - }); - } - } - - // Container arround the changes - function infoChangeContainer(changes) { - let html = ""; - if (changes.length > 0) { - for (let change of changes) { - html += userCardInfo(change.CreatedBy, new Date(change.CreatedAt).toLocaleString(), infoChanges(change)); - } - } - else { - html += - ` + var selectSeverity = ""; + var selectState = ""; + var comment = ""; + document.querySelectorAll(".ast-node").forEach((element) => { + element.addEventListener("click", (e) => { + var target = e.target; + vscode.postMessage({ + command: "showFile", + // @ts-ignore + sourceFile: target.dataset.filename, + // @ts-ignore + path: target.dataset.filename, + // @ts-ignore + line: target.dataset.line, + // @ts-ignore + column: target.dataset.column, + // @ts-ignore + length: target.dataset.length, + }); + }); + }); + + // Activated when clicked in triage update + document.querySelectorAll(".submit").forEach((element) => { + element.addEventListener("click", () => { + vscode.postMessage({ + command: "submit", + severitySelection: selectSeverity, + stateSelection: selectState, + comment: comment, + }); + }); + }); + + // Activated when clicked in AI Security Champion + document.querySelectorAll(".title_gpt").forEach((element) => { + element.addEventListener("click", () => { + vscode.postMessage({ + command: "gpt", + }); + }); + }); + + // Open external link for more info + document.querySelectorAll(".remediation-links-text").forEach((element) => { + element.addEventListener("click", (e) => { + // @ts-ignore + vscode.postMessage({ + command: "references", + // @ts-ignore + link: e.target.id, + }); + }); + }); + + // Apply the sca fix for a vulnerability + document.querySelectorAll(".remediation-icon").forEach((element) => { + element.addEventListener("click", (e) => { + // @ts-ignore + var target = e.target; + console.log(target); + vscode.postMessage({ + command: "scaFix", + // @ts-ignore + package: target.dataset.package, + // @ts-ignore + file: target.dataset.file, + // @ts-ignore + version: target.dataset.version, + }); + }); + }); + + // Apply the sca fix for a vulnerability + document.querySelectorAll(".remediation-version").forEach((element) => { + element.addEventListener("click", (e) => { + // @ts-ignore + var target = e.target; + console.log(target); + vscode.postMessage({ + command: "scaFix", + // @ts-ignore + package: target.dataset.package, + // @ts-ignore + file: target.dataset.file, + // @ts-ignore + version: target.dataset.version, + }); + }); + }); + + // Apply the sca fix for a vulnerability + document.querySelectorAll(".upgrade-small-icon").forEach((element) => { + element.addEventListener("click", (e) => { + // @ts-ignore + var target = e.target; + console.log(target); + vscode.postMessage({ + command: "scaFix", + // @ts-ignore + package: target.dataset.package, + // @ts-ignore + file: target.dataset.file, + // @ts-ignore + version: target.dataset.version, + }); + }); + }); + + // Open external link for referencess + document.querySelectorAll(".references").forEach((element) => { + element.addEventListener("click", (e) => { + // @ts-ignore + vscode.postMessage({ + command: "references", + // @ts-ignore + link: e.target.id, + }); + }); + }); + + // Activated when clicked in package next + document.querySelectorAll(".package-next").forEach((element) => { + element.addEventListener("click", (e) => { + // @ts-ignore + var target = e.target; + // @ts-ignore + var current = target.dataset.current; + // @ts-ignore + var total = target.dataset.total; + var next = parseInt(current, 10) + 1; + if (next + 1 > parseInt(total, 10)) { + // @ts-ignore + e.target.disabled = true; + } + // Change the displayed tables for packages + let currentPage = document.getElementById("package-table-" + current); + currentPage.style.display = "none"; + let nextPage = document.getElementById("package-table-" + next); + nextPage.style.display = ""; + // Change the displayed tables for locations + let currentPageLocations = document.getElementById( + "locations-table-" + current + ); + currentPageLocations.style.display = "none"; + let nextPageLocations = document.getElementById( + "locations-table-" + next + ); + nextPageLocations.style.display = ""; + // Update in the next button + // @ts-ignore + target.dataset.current = next; + let backButton = document.getElementById("package-back"); + // @ts-ignore + backButton.disabled = false; + // @ts-ignore + backButton.dataset.current = next; + // Update in the back button + // @ts-ignore + target.dataset.current = next; + // Update the counter + let counter = document.getElementById("package-counter"); + counter.innerHTML = + "

" + (parseInt(current, 10) + 1) + "/" + total + "

"; + }); + }); + + // Activated when clicked in package back + document.querySelectorAll(".package-back").forEach((element) => { + element.addEventListener("click", (e) => { + // @ts-ignore + var target = e.target; + // @ts-ignore + var current = target.dataset.current; + // @ts-ignore + var total = target.dataset.total; + var next = parseInt(current, 10) - 1; + // @ts-ignore + let nextButton = document.getElementById("package-next"); + // @ts-ignore + nextButton.disabled = false; + if (parseInt(current, 10) - 2 === 0) { + // @ts-ignore + e.target.disabled = true; + } + // Change the displayed tables for packages + let currentPage = document.getElementById("package-table-" + current); + currentPage.style.display = "none"; + let nextPage = document.getElementById("package-table-" + next); + nextPage.style.display = ""; + // Change the displayed tables for locations + let currentPageLocation = document.getElementById( + "locations-table-" + current + ); + currentPageLocation.style.display = "none"; + let nextPageLocation = document.getElementById("locations-table-" + next); + nextPageLocation.style.display = ""; + // Update in the back button + // @ts-ignore + target.dataset.current = next; + // @ts-ignore + nextButton.dataset.current = next; + // Update in the back button + // @ts-ignore + target.dataset.current = next; + // Update the counter + let counter = document.getElementById("package-counter"); + counter.innerHTML = + "

" + (parseInt(current, 10) - 1) + "/" + total + "

"; + }); + }); + + let severityElement = document.getElementById("select_severity"); + if (severityElement) { + severityElement.addEventListener("change", (e) => { + // @ts-ignore + selectSeverity = e.target.value; + }); + } + + let selectElement = document.getElementById("select_state"); + if (selectElement) { + selectElement.addEventListener("change", (e) => { + // @ts-ignore + selectState = e.target.value; + }); + } + + let commentElement = document.getElementById("comment_box"); + if (commentElement) { + document.getElementById("comment_box").addEventListener("change", (e) => { + // @ts-ignore + comment = e.target.value; + }); + } + + // Display the changes once loaded + window.addEventListener("message", (event) => { + console.log("checkkkk11111"); + + const message = event.data; + switch (message.command) { + case "loadChanges": + let changes = message.changes; + let loaderContainer = document.getElementById( + "history-container-loader" + ); + if (loaderContainer) { + loaderContainer.style.display = "none"; + loaderContainer.innerHTML = infoChangeContainer(changes); + loaderContainer.style.display = "block"; + loaderContainer.style.padding = "0.4em"; + } + break; + case "loader": + // html do loader + loaderContainer = document.getElementById("history-container-loader"); + if (loaderContainer) { + loaderContainer.innerHTML = loader(); + loaderContainer.style.display = "block"; + } + break; + case "loadLearnMore": + let learn = message.learn; + let learnLoaderContainer = document.getElementById( + "learn-container-loader" + ); + learnLoaderContainer.style.display = "none"; + learnLoaderContainer.innerHTML = infoLearnContainer( + learn, + message.result + ); + learnLoaderContainer.style.display = "block"; + let codeLoaderContainer = document.getElementById("tab-code"); + codeLoaderContainer.style.display = "none"; + codeLoaderContainer.innerHTML = infoCodeContainer(learn); + codeLoaderContainer.style.display = "block"; + registerCodebashingEventListener(); + break; + // case 'loadBfl': + // console.log("loadedBFl"); + // let index = message.index.index; + // // Case there is a best fix location + // if(index>=0){ + // updateDisplay('bfl-container-'+index,'block'); + // // Hide loading message + // updateDisplay('bfl-tip-loading','none'); + // updateDisplay('loader','none'); + // // Show tooltip message + // updateDisplay('bfl-tip-loaded','block'); + // } + // // Case there is not best fix location + // else{ + // // Hide the loading + // updateDisplay('bfl-tip-loading','none'); + // updateDisplay('loader','none'); + // } + + // break; + } + }); + + function registerCodebashingEventListener() { + let codebashingElement = document.getElementById("cx_codebashing"); + if (codebashingElement) { + codebashingElement.addEventListener("click", () => { + // @ts-ignore + vscode.postMessage({ + command: "codebashing", + }); + }); + } + } + + // Container arround the changes + function infoChangeContainer(changes) { + let html = ""; + if (changes.length > 0) { + for (let change of changes) { + html += userCardInfo( + change.CreatedBy, + new Date(change.CreatedAt).toLocaleString(), + infoChanges(change) + ); + } + } else { + html += `

No changes to display.

`; - } - html += ""; - return html; - } - - // Remediation examples content - function infoCodeContainer(learnArray) { - let html = '
'; - if (learnArray.length > 0) { - for (let learn of learnArray) { - for (let code of learn.samples) { - let learnSectionDiv = document.createElement('div'); - learnSectionDiv.setAttribute('class', 'learn-section'); - let codeTitlePara = document.createElement('p'); - codeTitlePara.textContent = '' + code.title + ' using ' + code.progLanguage; - let preCode = document.createElement('pre'); - preCode.setAttribute('class', 'pre-code'); - let codeElement = document.createElement('code'); - codeElement.textContent = code.code.replaceAll("<", "<").replaceAll(">", ">"); - preCode.appendChild(codeElement); - learnSectionDiv.appendChild(codeTitlePara); - learnSectionDiv.appendChild(preCode); - html += learnSectionDiv.outerHTML; - } - } - } - else { - html += - ` + } + html += ""; + return html; + } + + // Remediation examples content + function infoCodeContainer(learnArray) { + let html = "
"; + if (learnArray.length > 0) { + for (let learn of learnArray) { + for (let code of learn.samples) { + let learnSectionDiv = document.createElement("div"); + learnSectionDiv.setAttribute("class", "learn-section"); + let codeTitlePara = document.createElement("p"); + codeTitlePara.textContent = + "" + code.title + " using " + code.progLanguage; + let preCode = document.createElement("pre"); + preCode.setAttribute("class", "pre-code"); + let codeElement = document.createElement("code"); + codeElement.textContent = code.code + .replaceAll("<", "<") + .replaceAll(">", ">"); + preCode.appendChild(codeElement); + learnSectionDiv.appendChild(codeTitlePara); + learnSectionDiv.appendChild(preCode); + html += learnSectionDiv.outerHTML; + } + } + } else { + html += `

No remediation examples available to display.

`; - } - html += "
"; - return html; - } - - // Description content - function infoLearnContainer(descriptionArray, result) { - let html = "
"; - if (descriptionArray.length > 0) { - for (let description of descriptionArray) { - html += codeBashingSection(result); - html += riskSection(description.risk); - html += causeSection(description.cause); - html += recommendationSection(description.generalRecommendations); - } - } - else { - html += - ` + } + html += "
"; + return html; + } + + // Description content + function infoLearnContainer(descriptionArray, result) { + let html = "
"; + if (descriptionArray.length > 0) { + for (let description of descriptionArray) { + html += codeBashingSection(result); + html += riskSection(description.risk); + html += causeSection(description.cause); + html += recommendationSection(description.generalRecommendations); + } + } else { + html += `

No information available to display.

`; - } - html += "
"; - return html; - } - - function codeBashingSection(result) { - let codeBashingSection = ""; - if (result.sastNodes.length > 0) { - let headerItemCodebashingDiv = document.createElement('div'); - headerItemCodebashingDiv.setAttribute('id', 'cx_header_codebashing'); - headerItemCodebashingDiv.style.marginBottom = '20px'; - let codebashingLinkSpan = document.createElement('span'); - codebashingLinkSpan.setAttribute('class', 'codebashing-link'); - codebashingLinkSpan.textContent = 'Learn more at '; - let orangeColorSpan = document.createElement('span'); - orangeColorSpan.setAttribute('class', 'orange-color'); - orangeColorSpan.textContent = '>_'; - let codeBashingSpan = document.createElement('span'); - codeBashingSpan.setAttribute('class', 'codebashing-link-value'); - codeBashingSpan.setAttribute('id', 'cx_codebashing'); - codeBashingSpan.setAttribute('title', "Learn more about " + result.queryName + " using Checkmarx's eLearning platform"); - codeBashingSpan.textContent = 'codebashing'; - codebashingLinkSpan.appendChild(orangeColorSpan); - codebashingLinkSpan.appendChild(codeBashingSpan); - headerItemCodebashingDiv.appendChild(codebashingLinkSpan); - return headerItemCodebashingDiv.outerHTML; - } - return codeBashingSection; - } - - - function riskSection(risk) { - let learnSectionDiv = document.createElement('div'); - learnSectionDiv.setAttribute('class', 'learn-section'); - let learnHeaderPara = document.createElement('p'); - learnHeaderPara.setAttribute('class', 'learn-header'); - learnHeaderPara.textContent = 'Risk'; - let riskPara = document.createElement('p'); - riskPara.innerHTML = risk; - learnSectionDiv.appendChild(learnHeaderPara); - learnSectionDiv.appendChild(riskPara); - return learnSectionDiv.outerHTML; - - } - - function causeSection(cause) { - let learnSectionDiv = document.createElement('div'); - learnSectionDiv.setAttribute('class', 'learn-section'); - let learnHeaderPara = document.createElement('p'); - learnHeaderPara.setAttribute('class', 'learn-header'); - learnHeaderPara.textContent = 'Cause'; - let causePara = document.createElement('p'); - causePara.innerHTML = cause; - learnSectionDiv.appendChild(learnHeaderPara); - learnSectionDiv.appendChild(causePara); - return learnSectionDiv.outerHTML; - } - - function recommendationSection(recommendations) { - let learnSectionDiv = document.createElement('div'); - learnSectionDiv.setAttribute('class', 'learn-section'); - let learnHeaderPara = document.createElement('p'); - learnHeaderPara.setAttribute('class', 'learn-header'); - learnHeaderPara.textContent = 'General Recommendations'; - let recommendationsSpan = document.createElement('span'); - recommendationsSpan.setAttribute('class', 'code-sample'); - recommendationsSpan.innerHTML = recommendations; - learnSectionDiv.appendChild(learnHeaderPara); - learnSectionDiv.appendChild(recommendationsSpan); - return learnSectionDiv.outerHTML; - } - - - // Individual changes - function infoChanges(change) { - let infoDiv = document.createElement("div"); - let severityPara = document.createElement("p"); - let severityClass = change.Severity.length > 0 ? ("select-" + change.Severity.toLowerCase()) : ""; - severityPara.setAttribute('class', severityClass); - var severity = change.Severity.length > 0 ? change.Severity : "No changes in severity."; - severityPara.textContent = severity; - let statePara = document.createElement("p"); - statePara.setAttribute('class', 'state'); - var state = change.State.length > 0 ? change.State.replaceAll("_", " ") : "No changes in state."; - statePara.textContent = state; - infoDiv.appendChild(severityPara); - infoDiv.appendChild(statePara); - if (change.Comment.length > 0) { - let commentPara = document.createElement("p"); - commentPara.setAttribute('class', 'comment'); - commentPara.textContent = change.Comment; - infoDiv.appendChild(commentPara); - } - return infoDiv.outerHTML; - } - - // Generic card for changes - function userCardInfo(username, date, info) { - let historyContainerDiv = document.createElement('div'); - historyContainerDiv.setAttribute('class', 'history-container'); - let historyHeaderDiv = document.createElement('div'); - historyHeaderDiv.setAttribute('class', 'history-header'); - let userNameDiv = document.createElement('div'); - userNameDiv.setAttribute('class', 'username'); - userNameDiv.textContent = username; - let dateDiv = document.createElement('div'); - dateDiv.setAttribute('class', 'date'); - dateDiv.textContent = date; - let textContentDiv = document.createElement('div'); - textContentDiv.setAttribute('class', 'text-content'); - textContentDiv.innerHTML = info; - historyHeaderDiv.appendChild(userNameDiv); - historyHeaderDiv.appendChild(dateDiv); - historyContainerDiv.appendChild(historyHeaderDiv); - historyContainerDiv.appendChild(textContentDiv); - return historyContainerDiv.outerHTML; - } - - function loader() { - let historyContainerLoaderDiv = document.createElement('div'); - historyContainerLoaderDiv.setAttribute('id', 'history-container-loader'); - historyContainerLoaderDiv.setAttribute('class', 'center'); - let historyContainerLoaderPara = document.createElement('p'); - historyContainerLoaderPara.setAttribute('class', 'history-container-loader'); - historyContainerLoaderPara.textContent = 'Loading changes'; - let loaderDiv = document.createElement('div'); - loaderDiv.setAttribute('class', 'loader'); - historyContainerLoaderDiv.appendChild(historyContainerLoaderPara); - historyContainerLoaderDiv.appendChild(loaderDiv); - return historyContainerLoaderDiv.outerHTML; - } - - function updateDisplay(id, display) { - let element = document.getElementById(id); - element.style.display = display; - } - -})(); \ No newline at end of file + } + html += "
"; + return html; + } + + function codeBashingSection(result) { + let codeBashingSection = ""; + if (result.multipleSastNode.nodes.length > 0) { + let headerItemCodebashingDiv = document.createElement("div"); + headerItemCodebashingDiv.setAttribute("id", "cx_header_codebashing"); + headerItemCodebashingDiv.style.marginBottom = "20px"; + let codebashingLinkSpan = document.createElement("span"); + codebashingLinkSpan.setAttribute("class", "codebashing-link"); + codebashingLinkSpan.textContent = "Learn more at "; + let orangeColorSpan = document.createElement("span"); + orangeColorSpan.setAttribute("class", "orange-color"); + orangeColorSpan.textContent = ">_"; + let codeBashingSpan = document.createElement("span"); + codeBashingSpan.setAttribute("class", "codebashing-link-value"); + codeBashingSpan.setAttribute("id", "cx_codebashing"); + codeBashingSpan.setAttribute( + "title", + "Learn more about " + + result.queryName + + " using Checkmarx's eLearning platform" + ); + codeBashingSpan.textContent = "codebashing"; + codebashingLinkSpan.appendChild(orangeColorSpan); + codebashingLinkSpan.appendChild(codeBashingSpan); + headerItemCodebashingDiv.appendChild(codebashingLinkSpan); + return headerItemCodebashingDiv.outerHTML; + } + return codeBashingSection; + } + + function riskSection(risk) { + let learnSectionDiv = document.createElement("div"); + learnSectionDiv.setAttribute("class", "learn-section"); + let learnHeaderPara = document.createElement("p"); + learnHeaderPara.setAttribute("class", "learn-header"); + learnHeaderPara.textContent = "Risk"; + let riskPara = document.createElement("p"); + riskPara.innerHTML = risk; + learnSectionDiv.appendChild(learnHeaderPara); + learnSectionDiv.appendChild(riskPara); + return learnSectionDiv.outerHTML; + } + + function causeSection(cause) { + let learnSectionDiv = document.createElement("div"); + learnSectionDiv.setAttribute("class", "learn-section"); + let learnHeaderPara = document.createElement("p"); + learnHeaderPara.setAttribute("class", "learn-header"); + learnHeaderPara.textContent = "Cause"; + let causePara = document.createElement("p"); + causePara.innerHTML = cause; + learnSectionDiv.appendChild(learnHeaderPara); + learnSectionDiv.appendChild(causePara); + return learnSectionDiv.outerHTML; + } + + function recommendationSection(recommendations) { + let learnSectionDiv = document.createElement("div"); + learnSectionDiv.setAttribute("class", "learn-section"); + let learnHeaderPara = document.createElement("p"); + learnHeaderPara.setAttribute("class", "learn-header"); + learnHeaderPara.textContent = "General Recommendations"; + let recommendationsSpan = document.createElement("span"); + recommendationsSpan.setAttribute("class", "code-sample"); + recommendationsSpan.innerHTML = recommendations; + learnSectionDiv.appendChild(learnHeaderPara); + learnSectionDiv.appendChild(recommendationsSpan); + return learnSectionDiv.outerHTML; + } + + // Individual changes + function infoChanges(change) { + let infoDiv = document.createElement("div"); + let severityPara = document.createElement("p"); + let severityClass = + change.Severity.length > 0 + ? "select-" + change.Severity.toLowerCase() + : ""; + severityPara.setAttribute("class", severityClass); + var severity = + change.Severity.length > 0 ? change.Severity : "No changes in severity."; + severityPara.textContent = severity; + let statePara = document.createElement("p"); + statePara.setAttribute("class", "state"); + var state = + change.State.length > 0 + ? change.State.replaceAll("_", " ") + : "No changes in state."; + statePara.textContent = state; + infoDiv.appendChild(severityPara); + infoDiv.appendChild(statePara); + if (change.Comment.length > 0) { + let commentPara = document.createElement("p"); + commentPara.setAttribute("class", "comment"); + commentPara.textContent = change.Comment; + infoDiv.appendChild(commentPara); + } + return infoDiv.outerHTML; + } + + // Generic card for changes + function userCardInfo(username, date, info) { + let historyContainerDiv = document.createElement("div"); + historyContainerDiv.setAttribute("class", "history-container"); + let historyHeaderDiv = document.createElement("div"); + historyHeaderDiv.setAttribute("class", "history-header"); + let userNameDiv = document.createElement("div"); + userNameDiv.setAttribute("class", "username"); + userNameDiv.textContent = username; + let dateDiv = document.createElement("div"); + dateDiv.setAttribute("class", "date"); + dateDiv.textContent = date; + let textContentDiv = document.createElement("div"); + textContentDiv.setAttribute("class", "text-content"); + textContentDiv.innerHTML = info; + historyHeaderDiv.appendChild(userNameDiv); + historyHeaderDiv.appendChild(dateDiv); + historyContainerDiv.appendChild(historyHeaderDiv); + historyContainerDiv.appendChild(textContentDiv); + return historyContainerDiv.outerHTML; + } + + function loader() { + let historyContainerLoaderDiv = document.createElement("div"); + historyContainerLoaderDiv.setAttribute("id", "history-container-loader"); + historyContainerLoaderDiv.setAttribute("class", "center"); + let historyContainerLoaderPara = document.createElement("p"); + historyContainerLoaderPara.setAttribute( + "class", + "history-container-loader" + ); + historyContainerLoaderPara.textContent = "Loading changes"; + let loaderDiv = document.createElement("div"); + loaderDiv.setAttribute("class", "loader"); + historyContainerLoaderDiv.appendChild(historyContainerLoaderPara); + historyContainerLoaderDiv.appendChild(loaderDiv); + return historyContainerLoaderDiv.outerHTML; + } + + function updateDisplay(id, display) { + let element = document.getElementById(id); + element.style.display = display; + } +})(); diff --git a/src/commands/webViewCommand.ts b/src/commands/webViewCommand.ts index e1967bcb..07ff6a2f 100644 --- a/src/commands/webViewCommand.ts +++ b/src/commands/webViewCommand.ts @@ -2,7 +2,7 @@ import path = require("path"); import * as vscode from "vscode"; import { getCodebashingLink } from "../codebashing/codebashing"; import { Logs } from "../models/logs"; -import { AstResult } from "../models/results"; +import { AstResult } from "../models/astResults/AstResult"; import { getLearnMore } from "../sast/learnMore"; import { getChanges, triageSubmit } from "../utils/triage"; import { applyScaFix } from "../sca/scaFix"; diff --git a/src/models/astResults/AstResult.ts b/src/models/astResults/AstResult.ts new file mode 100644 index 00000000..3a9e78f6 --- /dev/null +++ b/src/models/astResults/AstResult.ts @@ -0,0 +1,216 @@ +import * as vscode from "vscode"; +import * as path from "path"; +import { + StateLevel, + SeverityLevel, + constants, +} from "../../utils/common/constants"; + +// import { KicsAstResult } from "./KicsAstResult"; +// import { SastAstResult } from "./SastAstResult"; +// import { ScaAstResult } from "./ScaAstResult"; +// import { ScsAstResult } from "./ScsAstResult"; +// import { ScaRealtimeAstResult } from "./ScaRealtimeAstResult"; + +export abstract class AstResult { + queryId: string; + queryName: string; + language: string; + cweId: string; + fileName: string; + typeLabel: string; + type: string; + label: string; + id: string; + similarityId: string; + status: string; + state: string; + severity: string; + created: string; + firstFoundAt: string; + foundAt: string; + firstScanId: string; + description: string; + descriptionHTML: string; + comments: any; + declare data: any; + declare vulnerabilityDetails: any; + + constructor(result: any) { + this.type = result.type; // common + this.label = result.data.queryName // vi // common + ? result.data.queryName + : result.id + ? result.id + : result.vulnerabilityDetails.cveName; + this.id = result.id; // vi // common + this.similarityId = result.similarityId; // vi // common + this.status = result.status; // vi // common + this.state = result.state || ""; + this.severity = result.severity; // common + this.created = result.created; // common + this.firstFoundAt = result.firstFoundAt; // common + this.foundAt = result.foundAt; // common + this.firstScanId = result.firstScanId; // common + this.description = result.description; // common + this.descriptionHTML = result.descriptionHTML; // common + this.comments = result.comments; // common; + this.data = result.data; // common + this.vulnerabilityDetails = result.vulnerabilityDetails; // common + this.queryId = result.data?.queryId; + this.typeLabel = this.determineTypeLabel(result); + } + + getKicsValues(): string { + return ""; // Default implementation for non-Kics types + } + + public getqueryId(): string { + return this.queryId; + } + static checkType(result: any): string { + return result.type; + } + + setSeverity(severity: string): void { + this.severity = severity; + } + + // Common setter for state + setState(state: string): void { + this.state = state; + } + + // Abstract methods to be implemented by subclasses + abstract getResultHash(): string; + determineTypeLabel(result: any): string | undefined { + if (result.label) { + return result.label; + } + if (result.type === "scs-secret-detection") { + return "Secret Detection"; + } + return undefined; + } + abstract getHtmlDetails(cxPath: vscode.Uri): string; + abstract getTitle(): string; + + // handleFileNameAndLine(result: any): void; // Abstract method + + // Common utility to shorten filenames + getShortFilename(filename: string): string { + return filename.length > 50 ? "..." + filename.slice(-50) : filename; + } + + getIcon() { + switch (this.severity) { + case constants.criticalSeverity: + return path.join("media", "icons", "critical_untoggle.svg"); + case constants.highSeverity: + return path.join("media", "icons", "high_untoggle.svg"); + case constants.mediumSeverity: + return path.join("media", "icons", "medium_untoggle.svg"); + case constants.infoSeverity: + return path.join("media", "icons", "info_untoggle.svg"); + case constants.lowSeverity: + return path.join("media", "icons", "low_untoggle.svg"); + } + return ""; + } + + getGptIcon() { + return path.join("media", "icons", "gpt.png"); + } + + getCxIcon() { + return path.join("media", "icon.png"); + } + + getCxScaAtackVector() { + return path.join("media", "icons", "attackVector.png"); + } + + getCxScaComplexity() { + return path.join("media", "icons", "complexity.png"); + } + + getCxAuthentication() { + return path.join("media", "icons", "authentication.png"); + } + + getCxConfidentiality() { + return path.join("media", "icons", "confidentiality.png"); + } + + getCxIntegrity() { + return path.join("media", "icons", "integrity.png"); + } + + getCxAvailability() { + return path.join("media", "icons", "availability.png"); + } + + getCxUpgrade() { + return path.join("media", "icons", "upgrade.png"); + } + + getCxUrl() { + return path.join("media", "icons", "url.png"); + } + + getTreeIcon() { + return { + light: path.join(__filename, "..", "..", this.getIcon()), + dark: path.join(__filename, "..", "..", this.getIcon()), + }; + } + + getSeverityCode() { + switch (this.severity) { + case constants.criticalSeverity: + return vscode.DiagnosticSeverity.Error; + case constants.highSeverity: + return vscode.DiagnosticSeverity.Error; + case constants.mediumSeverity: + return vscode.DiagnosticSeverity.Warning; + case constants.infoSeverity: + return vscode.DiagnosticSeverity.Information; + } + return vscode.DiagnosticSeverity.Information; + } + + getSeverity() { + switch (this.severity) { + case constants.criticalSeverity: + return SeverityLevel.critical; + case constants.highSeverity: + return SeverityLevel.high; + case constants.mediumSeverity: + return SeverityLevel.medium; + case constants.infoSeverity: + return SeverityLevel.info; + case constants.lowSeverity: + return SeverityLevel.low; + } + return SeverityLevel.empty; + } + + getState() { + switch (this.state) { + case "NOT_EXPLOITABLE": + return StateLevel.notExploitable; + case "PROPOSED_NOT_EXPLOITABLE": + return StateLevel.proposed; + case "CONFIRMED": + return StateLevel.confirmed; + case "TO_VERIFY": + return StateLevel.toVerify; + case "URGENT": + return StateLevel.urgent; + case "NOT_IGNORED": + return StateLevel.notIgnored; + case "IGNORED": + return StateLevel.ignored; + } + } +} diff --git a/src/models/astResults/AstResultFactory.ts b/src/models/astResults/AstResultFactory.ts new file mode 100644 index 00000000..76c906b5 --- /dev/null +++ b/src/models/astResults/AstResultFactory.ts @@ -0,0 +1,22 @@ +import { AstResult } from "./AstResult"; +import { SastAstResult } from "./SastAstResult"; +import { KicsAstResult } from "./KicsAstResult"; +import { ScaAstResult } from "./ScaAstResult"; +import { ScsAstResult } from "./ScsAstResult"; +import { constants } from "../../utils/common/constants"; + +export class AstResultFactory { + static createInstance(input: any): AstResult { + switch (input.type) { + case constants.sast: + return new SastAstResult(input); + case constants.kics: + return new KicsAstResult(input); + case constants.sca: + return new ScaAstResult(input); + case constants.scsSecretDetection: + return new ScsAstResult(input); + default: + } + } +} diff --git a/src/models/astResults/KicsAstResult.ts b/src/models/astResults/KicsAstResult.ts new file mode 100644 index 00000000..c6f8a5bc --- /dev/null +++ b/src/models/astResults/KicsAstResult.ts @@ -0,0 +1,105 @@ +import { AstResult } from "./AstResult"; +import { KicsNode, KicsSummary } from "../nodes/KicsNode"; +import * as vscode from "vscode"; + +export class KicsAstResult extends AstResult { + kicsNode: KicsNode; + typeLabel = ""; + cweId = ""; + queryId = ""; + + constructor(result: any) { + super(result); + this.kicsNode = new KicsNode( + result.id, + result.description, + result.severity, + result.data.queryId, + result.data.queryName, + result.data.group, + result.data + ); + this.typeLabel = result.label; + this.handleFileNameAndLine(result); + this.queryId = result.data.queryId; + } + + handleFileNameAndLine(result: any): void { + this.cweId = result.vulnerabilityDetails?.cweId; + } + setSeverity(severity: string) { + if (this.kicsNode) { + this.kicsNode.severity = severity; + } + } + + getResultHash(): string { + if (this.kicsNode) { + return this.kicsNode.id; + } + } + + getHtmlDetails(cxPath: vscode.Uri): string { + if (this.kicsNode) { + return this.kicsDetails(); + } + } + + private kicsDetails() { + let html = ""; + html += ` + + +
+ 1. + + ${this.kicsNode?.data.filename} + +
+ + ${this.getShortFilename(this.kicsNode?.data.filename)} [${ + this.kicsNode?.data.line + }:${0}] + + + + `; + return html; + } + + getKicsValues() { + let r = ""; + if (this.kicsNode?.data) { + this.kicsNode.data.value + ? (r += ` +

+ Value: ${this.kicsNode?.data.value} +

+ `) + : (r += ""); + this.kicsNode.data.expectedValue + ? (r += ` +

+ Expected Value: ${this.kicsNode?.data.expectedValue} +

+ `) + : (r += ""); + } + return r; + } + + getTitle(): string { + let r = ""; + if (this.kicsNode) { + r = `

Location

`; + } + return r; + } +} diff --git a/src/models/astResults/SastAstResult.ts b/src/models/astResults/SastAstResult.ts new file mode 100644 index 00000000..5b84021c --- /dev/null +++ b/src/models/astResults/SastAstResult.ts @@ -0,0 +1,125 @@ +import { AstResult } from "./AstResult"; +import { MultipleSastNode } from "../nodes/MultipleSastNode"; +import { SastNode } from "../nodes/SastNode"; +import * as vscode from "vscode"; + +export class SastAstResult extends AstResult { + multipleSastNode: MultipleSastNode; + fileName: string = ""; + cweId: string = ""; + typeLabel = ""; + queryId: string = ""; + + constructor(result: any) { + super(result); + + const sastNodes = result.data?.nodes || []; + this.multipleSastNode = new MultipleSastNode( + sastNodes.map( + (node: any) => + new SastNode( + node.id, + node.column, + node.fileName, + node.fullName, + node.length, + node.line, + node.methodLine, + node.name, + node.domType, + node.method, + node.nodeID, + node.definitions, + node.nodeSystemId, + node.nodeHash + ) + ) + ); + this.typeLabel = result.label; + this.handleFileNameAndLine(result); + this.queryId = result.data.queryId; + } + + handleFileNameAndLine(result: any): void { + if (this.multipleSastNode.getNodes().length > 0) { + const firstNode = this.multipleSastNode.getNodes()[0]; + this.fileName = firstNode.fileName; + + const shortFilename = + this.fileName && this.fileName.includes("/") + ? this.fileName.slice(this.fileName.lastIndexOf("/")) + : ""; + this.label += ` (${ + shortFilename.length && shortFilename.length > 0 + ? shortFilename + : this.fileName + }${ + this.multipleSastNode.getNodes()[0].line > 0 + ? ":" + this.multipleSastNode.getNodes()[0].line + : "" + })`; + } + + this.cweId = result.cweId || result.vulnerabilityDetails?.cweId; + } + + getResultHash(): string { + if (this.multipleSastNode.getNodes().length > 0) { + return this.data.resultHash; + } + return ""; + } + + getHtmlDetails(cxPath: vscode.Uri): string { + return this.getSastDetails(cxPath); + } + + getSastDetails(cxPath: vscode.Uri): string { + let html = ""; + const nodes = this.multipleSastNode.getNodes(); + + if (nodes.length > 0) { + nodes.forEach((node, index) => { + html += ` + + +
+ +
+ +
+
+ ${index + 1}. "${node.name.replaceAll('"', "")}" + + ${this.getShortFilename(node.fileName)} + +
+
+ + `; + }); + } else { + html += ` +

+ No attack vector information. +

`; + } + return html; + } + + getTitle(): string { + let r = ""; + if (this.multipleSastNode.getNodes().length > 0) { + r = `

Attack Vector

`; + } + return r; + } +} diff --git a/src/models/astResults/ScaAstResult.ts b/src/models/astResults/ScaAstResult.ts new file mode 100644 index 00000000..a6c48230 --- /dev/null +++ b/src/models/astResults/ScaAstResult.ts @@ -0,0 +1,413 @@ +import { AstResult } from "./AstResult"; +import { ScaNode } from "../nodes/ScaNode"; +import * as vscode from "vscode"; + +export class ScaAstResult extends AstResult { + scaNode: ScaNode; + typeLabel = ""; + fileName = ""; + scaType = ""; + cweId: string; + + constructor(result: any) { + super(result); + + if (result.data) { + this.scaNode = new ScaNode( + result.id, + result.description, + result.severity, + result.data.packageIdentifier, + result.data.recommendedVersion, + result.data.scaPackageData || {}, + result.data.packageData || [] + // result.data.packageId || [] // ?? + ); + } + this.scaType = result.scaType; + this.type = result.scaType ? "sca" : result.type; + + this.label = result.id ? result.id : result.vulnerabilityDetails.cveName; + this.typeLabel = result.label; + this.cweId = result.vulnerabilityDetails?.cweId; + } + + getResultHash(): string { + return this.scaNode.id; + } + + getHtmlDetails(cxPath: vscode.Uri): string { + if (this.scaNode) { + return this.scaDetails(); + } + return ""; + } + + private scaDetails() { + let html = ""; + if (this.scaNode?.packageData) { + this.scaNode?.packageData.forEach((node, index) => { + html += ` + + + ${index + 1}. + + ${node.comment} + + + `; + }); + } else { + html += ` +

+ No package data information. +

`; + } + return html; + } + + getTitle(): string { + let r = ""; + if (this.scaNode) { + r = `

Package Data

`; + } + return r; + } + + public scaLocations(scaUpgrade) { + let html = ""; + this.scaNode.scaPackageData.dependencyPaths.forEach( + (pathArray: any, indexDependency: number) => { + if (indexDependency === 0) { + html += `
+ + `; + } else { + html += `
+ `; + } + html += ` +
+
+ Package ${pathArray[0].name} is located in: +
+
+
+ `; + pathArray.forEach((path: any, index: number) => { + if (index === 0) { + if (path.locations) { + path.locations.forEach((location: any, index: number) => { + html += ` + + ${location} + + ${ + this.scaNode.recommendedVersion && + this.scaNode.scaPackageData.supportsQuickFix === true && + this.scaNode.scaPackageData.dependencyPaths[0][0].name + ? ` icon` + : "" + } + ${index + 1 < path.locations.length ? ` |  ` : ""} + `; + }); + } else { + html += ` +
+ ${path.name} is unresolved + + +
+ `; + } + } + }); + html += `
+ +
+
`; + } + ); + return html; + } + + public scaReferences() { + let html = ""; + if (this.scaNode.packageData) { + this.scaNode.packageData.forEach((data: any) => { + html += ` + ${data.type} +   `; + }); + } else { + html += `

+ No references available +

`; + } + return html; + } + + public scaPackages(scaUpgrade) { + let html = this.scaLocations(scaUpgrade); + this.scaNode.scaPackageData.dependencyPaths.forEach( + (dependencyArray: any, index: number) => { + if (index === 0) { + html += `
+ + `; + } else { + html += `
+
+ `; + } + dependencyArray.forEach((dependency: any) => { + html += ` + + + `; + }); + html += ` + + +
`; + } + ); + return html; + } + + public scaContent( + result: AstResult, + scaUpgrade: string, + scaUrl: vscode.Uri | string, + scaAtackVector: string, + scaComplexity: string, + scaAuthentication: string, + scaConfidentiality: string, + scaIntegrity: string, + scaAvailability: string + ): string { + // Non-real-time logic only + return ` +
+
+
+ ${ + result.descriptionHTML + ? result.descriptionHTML + : result.description + } +
+
+ ${ + this.scaNode.scaPackageData + ? ` +
+

Remediation

+
+
+ ${this.scaRemediation( + result, + scaUpgrade, + scaUrl, + "non-realtime" + )} +
+
+
+
+
+

Vulnerable Package Paths

+
+ ${this.scaPackages(scaUpgrade)} +
` + : ` +
+

+ No package path information available +

+
` + } +
+

References

+
+ ${this.scaReferences()} +
+
+
`; + } + + private scaRemediation(result, scaUpgrade, scaUrl, type?) { + return ` + ${ + !type + ? `
+ icon +
+
+ +
+

+ Upgrade To Version +

+

+ ${ + result.scaNode.recommendedVersion + ? result.scaNode.recommendedVersion + : "Not available" + } +

+
+
+
+
+
+ icon + ${ + result.scaNode.scaPackageData.fixLink && + result.scaNode.scaPackageData.fixLink !== "" + ? ` +

+ About this vulnerability +

+ ` + : `

+ About this vulnerability +

` + } + +
+
+
+ ` + : `` + }`; + } +} diff --git a/src/models/astResults/ScaRealtimeAstResult.ts b/src/models/astResults/ScaRealtimeAstResult.ts new file mode 100644 index 00000000..cb2de381 --- /dev/null +++ b/src/models/astResults/ScaRealtimeAstResult.ts @@ -0,0 +1,103 @@ +import { ScaAstResult } from "./ScaAstResult"; +import { MultipleSastNode } from "../nodes/MultipleSastNode"; +import { SastNode } from "../nodes/SastNode"; +import * as vscode from "vscode"; + +export class ScaRealtimeAstResult extends ScaAstResult { + multipleSastNode: MultipleSastNode; + + constructor(result: any) { + super(result); + + const sastNodes = result.data?.nodes || []; + this.multipleSastNode = new MultipleSastNode( + sastNodes.map( + (node: any) => + new SastNode( + node.id, + node.column, + node.fileName, + node.fullName, + node.length, + node.line, + node.methodLine, + node.name, + node.domType, + node.method, + node.nodeID, + node.definitions, + node.nodeSystemId, + node.nodeHash + ) + ) + ); + } + + public scaContent( + result: any, + scaUpgrade: string, + scaUrl: string, + scaAtackVector: string, + scaComplexity: string, + scaAuthentication: string, + scaConfidentiality: string, + scaIntegrity: string, + scaAvailability: string + ): string { + return ` +
+
+
+ ${ + result.descriptionHTML + ? result.descriptionHTML + : result.description + } +
+
+ icon +

+ About this vulnerability +

+
+
+
+ ${this.scaRealtimeNodes(result)} +
+
+

References

+
+ ${this.scaReferences()} +
+
+
`; + } + + public scaRealtimeNodes(result?: any): string { + let html = ""; + this.multipleSastNode.getNodes().forEach((node, index) => { + html += ` + +
+
+ "${result.data.packageIdentifier}" : + + ${node.fileName} + +
+
+ `; + }); + return html; + } +} diff --git a/src/models/astResults/ScsAstResult.ts b/src/models/astResults/ScsAstResult.ts new file mode 100644 index 00000000..770c8c4e --- /dev/null +++ b/src/models/astResults/ScsAstResult.ts @@ -0,0 +1,73 @@ +import { SCSSecretDetectionNode } from "../nodes/SCSSecretDetectionNode"; +import { AstResult } from "./AstResult"; +import { constants } from "../../utils/common/constants"; +import * as vscode from "vscode"; + +export class ScsAstResult extends AstResult { + secretDetectionNode: SCSSecretDetectionNode; + typeLabel = ""; + fileName = ""; + cweId = ""; + + constructor(result: any) { + super(result); + + this.secretDetectionNode = new SCSSecretDetectionNode( + result.id, + result.description, + result.severity, + result.type, + result.status, + result.state, + result.data.ruleName, + result.data.filename, + result.data.line, + result.data.ruleDescription, + result.data.remediation, + result.data.remediationAdditional + ); + this.typeLabel = constants.secretDetection; + this.label = this.formatFilenameLine + ? this.formatFilenameLine(result) + : result.id; + this.handleFileNameAndLine(result); + } + + handleFileNameAndLine(result: any): void { + this.fileName = result.data.fileName; + const shortFilename = + this.fileName && this.fileName.includes("/") + ? this.fileName.slice(this.fileName.lastIndexOf("/")) + : ""; + this.label += ` (${ + shortFilename.length && shortFilename.length > 0 + ? shortFilename + : this.fileName + }${result.data.line > 0 ? ":" + result.data.line : ""})`; + + this.cweId = result.cweId || result.vulnerabilityDetails?.cweId; + } + + formatFilenameLine(result: { + data?: { line?: number; filename?: string; ruleName?: string }; + }): string { + const filename = result.data?.filename?.split("/").pop(); + const line = result.data?.line; + const ruleName = result.data?.ruleName; + if (ruleName && filename && line !== undefined) { + return `${ruleName} (/${filename}:${line})`; + } + } + + getResultHash(): string { + return ""; + } + + getHtmlDetails(cxPath: vscode.Uri): string { + return ""; + } + + getTitle(): string { + return ""; + } +} diff --git a/src/models/gptResult.ts b/src/models/gptResult.ts index e9b8c818..57ff142c 100644 --- a/src/models/gptResult.ts +++ b/src/models/gptResult.ts @@ -1,39 +1,55 @@ import { KicsRealtime } from "./kicsRealtime"; -import { AstResult } from "./results"; +import { AstResult } from "./astResults/AstResult"; +import { KicsAstResult } from "./astResults/KicsAstResult"; +import { constants } from "../utils/common/constants"; import * as vscode from "vscode"; import path = require("path"); export class GptResult { - filename = ""; - line = 0; - severity = ""; - vulnerabilityName = ""; - resultID = ""; - constructor(astResult: AstResult, kicsResult: KicsRealtime) { + filename = ""; + line = 0; + severity = ""; + vulnerabilityName = ""; + resultID = ""; - if (kicsResult !== undefined) { - this.filename = kicsResult.files[0].file_name.toString(); - this.line = kicsResult.files[0].line; - this.severity = kicsResult.severity; - this.vulnerabilityName = kicsResult.query_name; - } - if (astResult !== undefined) { - const workspacePath = vscode.workspace.workspaceFolders; - if (astResult.type === "sast") { - this.filename = workspacePath ? workspacePath[0].uri.fsPath : astResult.fileName; - this.resultID = astResult.id; - } - else { - try{ - this.filename = workspacePath ? path.join(workspacePath[0].uri.fsPath, astResult.kicsNode?.data.filename ?? "") : astResult.kicsNode?.data.filename; - } - catch(e){ - console.log("Could not produce filename. error: ", e); - } - } - this.line = astResult.kicsNode?.data.line; - this.severity = astResult.severity; - this.vulnerabilityName = astResult.label.replaceAll("_", " "); - } - } -} \ No newline at end of file + constructor(astResult: AstResult, kicsResult: KicsRealtime) { + const resultType = AstResult.checkType(astResult); + if (kicsResult !== undefined) { + this.filename = kicsResult.files[0].file_name.toString(); + this.line = kicsResult.files[0].line; + this.severity = kicsResult.severity; + this.vulnerabilityName = kicsResult.query_name; + } + if (astResult !== undefined) { + const workspacePath = vscode.workspace.workspaceFolders; + if (astResult.type === "sast") { + this.filename = workspacePath + ? workspacePath[0].uri.fsPath + : astResult.fileName; + this.resultID = astResult.id; + } else { + if (AstResult.checkType(astResult) === constants.kics) { + const kicsObj = astResult as KicsAstResult; + + try { + this.filename = workspacePath + ? path.join( + workspacePath[0].uri.fsPath, + kicsObj.kicsNode?.data.filename ?? "" + ) + : kicsObj.kicsNode?.data.filename; + } catch (e) { + console.log("Could not produce filename. error: ", e); + } + } + } + if (AstResult.checkType(astResult) === constants.kics) { + const kicsObj = astResult as KicsAstResult; + this.line = kicsObj.kicsNode?.data.line; + } + + this.severity = astResult.severity; + this.vulnerabilityName = astResult.label.replaceAll("_", " "); + } + } +} diff --git a/src/models/nodes/KicsNode.ts b/src/models/nodes/KicsNode.ts new file mode 100644 index 00000000..0c02b539 --- /dev/null +++ b/src/models/nodes/KicsNode.ts @@ -0,0 +1,28 @@ +import { Node } from "./Node"; + +export class KicsNode extends Node { + constructor( + id: string, + description: string, + severity: string, + public queryId: string, + public queryName: string, + public group: string, + public data: any + ) { + super(id, description, severity); + } +} + +export class KicsSummary { + constructor( + // eslint-disable-next-line @typescript-eslint/naming-convention + public HIGH: number, + // eslint-disable-next-line @typescript-eslint/naming-convention + public MEDIUM: number, + // eslint-disable-next-line @typescript-eslint/naming-convention + public LOW: number, + // eslint-disable-next-line @typescript-eslint/naming-convention + public INFO: number + ) {} +} diff --git a/src/models/nodes/MultipleSastNode.ts b/src/models/nodes/MultipleSastNode.ts new file mode 100644 index 00000000..187ad27c --- /dev/null +++ b/src/models/nodes/MultipleSastNode.ts @@ -0,0 +1,34 @@ +import { SastNode } from "./SastNode"; + +export class MultipleSastNode { + private nodes: SastNode[]; + + constructor(nodes: SastNode[]) { + this.nodes = nodes; + } + + getNodes(): SastNode[] { + return this.nodes; + } + + getNode(index: number): SastNode | undefined { + return this.nodes[index]; + } + + addNode(node: SastNode): void { + this.nodes.push(node); + } + + removeNode(index: number): void { + this.nodes.splice(index, 1); + } + + getlength(): number { + return this.nodes.length; + } + + // Additional utility to iterate over nodes + forEach(callback: (node: SastNode, index: number) => void): void { + this.nodes.forEach(callback); + } +} diff --git a/src/models/nodes/Node.ts b/src/models/nodes/Node.ts new file mode 100644 index 00000000..bfba13eb --- /dev/null +++ b/src/models/nodes/Node.ts @@ -0,0 +1,7 @@ +export abstract class Node { + constructor( + public id: string, + public description?: string, + public severity?: string + ) {} +} diff --git a/src/models/nodes/SCSSecretDetectionNode.ts b/src/models/nodes/SCSSecretDetectionNode.ts new file mode 100644 index 00000000..eccf74f8 --- /dev/null +++ b/src/models/nodes/SCSSecretDetectionNode.ts @@ -0,0 +1,20 @@ +import { Node } from "./Node"; + +export class SCSSecretDetectionNode extends Node { + constructor( + id: string, + description: string, + severity: string, + public type: string, + public status: string, + public state: string, + public ruleName: string, + public fileName: string, + public line: number, + public ruleDescription: string, + public remediation: string, + public remediationAdditional: string + ) { + super(id, description, severity); + } +} diff --git a/src/models/nodes/SastNode.ts b/src/models/nodes/SastNode.ts new file mode 100644 index 00000000..0101fc94 --- /dev/null +++ b/src/models/nodes/SastNode.ts @@ -0,0 +1,25 @@ +// SastNode.ts +import { Node } from "./Node"; + +export class SastNode extends Node { + constructor( + id: string, + public column: number, + public fileName: string, + public fullName: string, + public length: number, + public line: number, + public methodLine: number, + public name: string, + public domType: string, + public method: string, + public nodeID: number, + public definitions: number, + public nodeSystemId: string, + public nodeHash: string, + description?: string, + severity?: string + ) { + super(id, description, severity); + } +} diff --git a/src/models/nodes/ScaNode.ts b/src/models/nodes/ScaNode.ts new file mode 100644 index 00000000..c073de90 --- /dev/null +++ b/src/models/nodes/ScaNode.ts @@ -0,0 +1,17 @@ +import { Node } from "./Node"; +import CxPackageData from "@checkmarxdev/ast-cli-javascript-wrapper/dist/main/results/CxPackageData"; +import CxScaPackageData from "@checkmarxdev/ast-cli-javascript-wrapper/dist/main/results/CxScaPackageData"; + +export class ScaNode extends Node { + constructor( + id: string, + description: string, + severity: string, + public packageIdentifier: string, + public recommendedVersion: string, + public scaPackageData: CxScaPackageData, + public packageData: CxPackageData[] // public packageId: CxPackageData[] + ) { + super(id, description, severity); + } +} diff --git a/src/models/results.ts b/src/models/results.ts index ca7caf70..df1f10fc 100644 --- a/src/models/results.ts +++ b/src/models/results.ts @@ -1,1073 +1,1073 @@ -/* eslint-disable @typescript-eslint/ban-types */ -/* eslint-disable @typescript-eslint/no-explicit-any */ -import CxVulnerabilityDetails from "@checkmarxdev/ast-cli-javascript-wrapper/dist/main/results/CxVulnerabilityDetails"; -import path = require("path"); -import * as vscode from "vscode"; -import { - StateLevel, - SeverityLevel, - constants, -} from "../utils/common/constants"; -import { KicsNode } from "./kicsNode"; -import { SastNode } from "./sastNode"; -import { ScaNode } from "./scaNode"; -import { SCSSecretDetectionNode } from "./SCSSecretDetectionNode"; -import CxResult from "@checkmarxdev/ast-cli-javascript-wrapper/dist/main/results/CxResult"; +// /* eslint-disable @typescript-eslint/ban-types */ +// /* eslint-disable @typescript-eslint/no-explicit-any */ +// import CxVulnerabilityDetails from "@checkmarxdev/ast-cli-javascript-wrapper/dist/main/results/CxVulnerabilityDetails"; +// import path = require("path"); +// import * as vscode from "vscode"; +// import { +// StateLevel, +// SeverityLevel, +// constants, +// } from "../utils/common/constants"; +// import { KicsNode } from "./kicsNode"; +// import { SastNode } from "./sastNode"; +// import { ScaNode } from "./scaNode"; +// import { SCSSecretDetectionNode } from "./SCSSecretDetectionNode"; +// import CxResult from "@checkmarxdev/ast-cli-javascript-wrapper/dist/main/results/CxResult"; -export class AstResult extends CxResult { - label = ""; - type = ""; - id = ""; - typeLabel = ""; - scaType = ""; - fileName = ""; - queryName = ""; - severity = ""; - status = ""; - language = ""; - description = ""; - descriptionHTML = ""; - similarityId = ""; - declare data: any; - state = ""; - queryId = ""; - sastNodes: SastNode[] = []; - scaNode: ScaNode | undefined; - kicsNode: KicsNode | undefined; - secretDetectionNode: SCSSecretDetectionNode | undefined; - cweId: string | undefined; - packageIdentifier: string; - declare vulnerabilityDetails: CxVulnerabilityDetails; +// export class AstResult extends CxResult { +// label = ""; +// type = ""; +// id = ""; +// typeLabel = ""; +// scaType = ""; +// fileName = ""; +// queryName = ""; +// severity = ""; +// status = ""; +// language = ""; +// description = ""; +// descriptionHTML = ""; +// similarityId = ""; +// declare data: any; +// state = ""; +// queryId = ""; +// sastNodes: SastNode[] = []; +// scaNode: ScaNode | undefined; +// kicsNode: KicsNode | undefined; +// secretDetectionNode: SCSSecretDetectionNode | undefined; +// cweId: string | undefined; +// packageIdentifier: string; +// declare vulnerabilityDetails: CxVulnerabilityDetails; - setSeverity(severity: string) { - this.severity = severity; - if (this.kicsNode) { - this.kicsNode.severity = severity; - } - } +// constructor(result?: any) { +// super( +// result.scaType ? "sca" : result.type, +// result.data.queryName +// ? result.data.queryName +// : result.id +// ? result.id +// : result.vulnerabilityDetails.cveName, +// result.id, +// result.status, +// result.similarityId, +// result.state, +// result.severity, +// result.created, +// result.firstFoundAt, +// result.foundAt, +// result.firstScanId, +// result.description, +// result.data, +// result.comments, +// result.vulnerabilityDetails, +// result.descriptionHTML +// ); +// this.id = result.id; +// this.type = result.scaType ? "sca" : result.type; +// this.typeLabel = this.determineTypeLabel(result); +// this.scaType = result.scaType; +// this.label = result.data.queryName +// ? result.data.queryName +// : this.formatFilenameLine(result) +// ? this.formatFilenameLine(result) +// : result.id +// ? result.id +// : result.vulnerabilityDetails.cveName; +// this.severity = result.severity; +// this.status = result.status; +// this.language = result.data.languageName; +// this.description = result.description; +// this.descriptionHTML = result.descriptionHTML; +// this.data = result.data; +// this.state = result.state; +// this.similarityId = result.similarityId; +// this.queryName = result.data.queryName; +// this.queryId = result.data.queryId; +// this.vulnerabilityDetails = result.vulnerabilityDetails; - setState(state: string) { - this.state = state; - } +// this.handleFileNameAndLine(result); - constructor(result?: any) { - super( - result.scaType ? "sca" : result.type, - result.data.queryName - ? result.data.queryName - : result.id - ? result.id - : result.vulnerabilityDetails.cveName, - result.id, - result.status, - result.similarityId, - result.state, - result.severity, - result.created, - result.firstFoundAt, - result.foundAt, - result.firstScanId, - result.description, - result.data, - result.comments, - result.vulnerabilityDetails, - result.descriptionHTML - ); - this.id = result.id; - this.type = result.scaType ? "sca" : result.type; - this.typeLabel = this.determineTypeLabel(result); - this.scaType = result.scaType; - this.label = result.data.queryName - ? result.data.queryName - : this.formatFilenameLine(result) - ? this.formatFilenameLine(result) - : result.id - ? result.id - : result.vulnerabilityDetails.cveName; - this.severity = result.severity; - this.status = result.status; - this.language = result.data.languageName; - this.description = result.description; - this.descriptionHTML = result.descriptionHTML; - this.data = result.data; - this.state = result.state; - this.similarityId = result.similarityId; - this.queryName = result.data.queryName; - this.queryId = result.data.queryId; - this.vulnerabilityDetails = result.vulnerabilityDetails; +// if (result.type === constants.sca || result.scaType) { +// this.scaNode = result.data; +// } +// if (result.type === constants.kics) { +// this.kicsNode = result; +// } +// if (result.type === constants.scsSecretDetection) { +// this.secretDetectionNode = result; +// } +// } - this.handleFileNameAndLine(result); +// setSeverity(severity: string) { +// this.severity = severity; +// if (this.kicsNode) { +// this.kicsNode.severity = severity; +// } +// } - if (result.type === constants.sca || result.scaType) { - this.scaNode = result.data; - } - if (result.type === constants.kics) { - this.kicsNode = result; - } - if (result.type === constants.scsSecretDetection) { - this.secretDetectionNode = result; - } - } +// setState(state: string) { +// this.state = state; +// } - formatFilenameLine(result: { - data?: { line?: number; filename?: string; ruleName?: string }; - }): string { - const filename = result.data?.filename?.split("/").pop(); - const line = result.data?.line; - const ruleName = result.data?.ruleName; - if (ruleName && filename && line !== undefined) { - return `${ruleName} (/${filename}:${line})`; - } - } +// formatFilenameLine(result: { +// data?: { line?: number; filename?: string; ruleName?: string }; +// }): string { +// const filename = result.data?.filename?.split("/").pop(); +// const line = result.data?.line; +// const ruleName = result.data?.ruleName; +// if (ruleName && filename && line !== undefined) { +// return `${ruleName} (/${filename}:${line})`; +// } +// } - handleFileNameAndLine(result: any): void { - // Relevant for sast, sca , kicks because , they have the filename inside result.data.nodes - if (result.data.nodes && result.data.nodes[0]) { - this.sastNodes = result.data.nodes; - this.fileName = result.data.nodes[0].fileName; - const shortFilename = - this.fileName && this.fileName.includes("/") - ? this.fileName.slice(this.fileName.lastIndexOf("/")) - : ""; - this.label += ` (${ - shortFilename.length && shortFilename.length > 0 - ? shortFilename - : this.fileName - }${ - result.data.nodes[0].line > 0 ? ":" + result.data.nodes[0].line : "" - })`; - } else if (result.data.fileName) { - //Relevant for scs , because this engine have the filename inside result.data - this.fileName = result.data.fileName; - const shortFilename = - this.fileName && this.fileName.includes("/") - ? this.fileName.slice(this.fileName.lastIndexOf("/")) - : ""; - this.label += ` (${ - shortFilename.length && shortFilename.length > 0 - ? shortFilename - : this.fileName - }${result.data.line > 0 ? ":" + result.data.line : ""})`; - } +// handleFileNameAndLine(result: any): void { +// // Relevant for sast, sca , kicks because , they have the filename inside result.data.nodes +// if (result.data.nodes && result.data.nodes[0]) { +// this.sastNodes = result.data.nodes; +// this.fileName = result.data.nodes[0].fileName; +// const shortFilename = +// this.fileName && this.fileName.includes("/") +// ? this.fileName.slice(this.fileName.lastIndexOf("/")) +// : ""; +// this.label += ` (${ +// shortFilename.length && shortFilename.length > 0 +// ? shortFilename +// : this.fileName +// }${ +// result.data.nodes[0].line > 0 ? ":" + result.data.nodes[0].line : "" +// })`; +// } else if (result.data.fileName) { +// //Relevant for scs , because this engine have the filename inside result.data +// this.fileName = result.data.fileName; +// const shortFilename = +// this.fileName && this.fileName.includes("/") +// ? this.fileName.slice(this.fileName.lastIndexOf("/")) +// : ""; +// this.label += ` (${ +// shortFilename.length && shortFilename.length > 0 +// ? shortFilename +// : this.fileName +// }${result.data.line > 0 ? ":" + result.data.line : ""})`; +// } - this.cweId = result.cweId || result.vulnerabilityDetails?.cweId; - } +// this.cweId = result.cweId || result.vulnerabilityDetails?.cweId; +// } - determineTypeLabel(result: any): string | undefined { - if (result.label) { - return result.label; - } - if (result.type === constants.scsSecretDetection) { - return constants.secretDetection; - } - return undefined; - } +// determineTypeLabel(result: any): string | undefined { +// if (result.label) { +// return result.label; +// } +// if (result.type === constants.scsSecretDetection) { +// return constants.secretDetection; +// } +// return undefined; +// } - getIcon() { - switch (this.severity) { - case constants.criticalSeverity: - return path.join("media", "icons", "critical_untoggle.svg"); - case constants.highSeverity: - return path.join("media", "icons", "high_untoggle.svg"); - case constants.mediumSeverity: - return path.join("media", "icons", "medium_untoggle.svg"); - case constants.infoSeverity: - return path.join("media", "icons", "info_untoggle.svg"); - case constants.lowSeverity: - return path.join("media", "icons", "low_untoggle.svg"); - } - return ""; - } +// getIcon() { +// switch (this.severity) { +// case constants.criticalSeverity: +// return path.join("media", "icons", "critical_untoggle.svg"); +// case constants.highSeverity: +// return path.join("media", "icons", "high_untoggle.svg"); +// case constants.mediumSeverity: +// return path.join("media", "icons", "medium_untoggle.svg"); +// case constants.infoSeverity: +// return path.join("media", "icons", "info_untoggle.svg"); +// case constants.lowSeverity: +// return path.join("media", "icons", "low_untoggle.svg"); +// } +// return ""; +// } - getGptIcon() { - return path.join("media", "icons", "gpt.png"); - } +// getGptIcon() { +// return path.join("media", "icons", "gpt.png"); +// } - getCxIcon() { - return path.join("media", "icon.png"); - } +// getCxIcon() { +// return path.join("media", "icon.png"); +// } - getCxScaAtackVector() { - return path.join("media", "icons", "attackVector.png"); - } +// getCxScaAtackVector() { +// return path.join("media", "icons", "attackVector.png"); +// } - getCxScaComplexity() { - return path.join("media", "icons", "complexity.png"); - } +// getCxScaComplexity() { +// return path.join("media", "icons", "complexity.png"); +// } - getCxAuthentication() { - return path.join("media", "icons", "authentication.png"); - } +// getCxAuthentication() { +// return path.join("media", "icons", "authentication.png"); +// } - getCxConfidentiality() { - return path.join("media", "icons", "confidentiality.png"); - } +// getCxConfidentiality() { +// return path.join("media", "icons", "confidentiality.png"); +// } - getCxIntegrity() { - return path.join("media", "icons", "integrity.png"); - } +// getCxIntegrity() { +// return path.join("media", "icons", "integrity.png"); +// } - getCxAvailability() { - return path.join("media", "icons", "availability.png"); - } +// getCxAvailability() { +// return path.join("media", "icons", "availability.png"); +// } - getCxUpgrade() { - return path.join("media", "icons", "upgrade.png"); - } +// getCxUpgrade() { +// return path.join("media", "icons", "upgrade.png"); +// } - getCxUrl() { - return path.join("media", "icons", "url.png"); - } +// getCxUrl() { +// return path.join("media", "icons", "url.png"); +// } - getTreeIcon() { - return { - light: path.join(__filename, "..", "..", this.getIcon()), - dark: path.join(__filename, "..", "..", this.getIcon()), - }; - } +// getTreeIcon() { +// return { +// light: path.join(__filename, "..", "..", this.getIcon()), +// dark: path.join(__filename, "..", "..", this.getIcon()), +// }; +// } - getSeverityCode() { - switch (this.severity) { - case constants.criticalSeverity: - return vscode.DiagnosticSeverity.Error; - case constants.highSeverity: - return vscode.DiagnosticSeverity.Error; - case constants.mediumSeverity: - return vscode.DiagnosticSeverity.Warning; - case constants.infoSeverity: - return vscode.DiagnosticSeverity.Information; - } - return vscode.DiagnosticSeverity.Information; - } +// getSeverityCode() { +// switch (this.severity) { +// case constants.criticalSeverity: +// return vscode.DiagnosticSeverity.Error; +// case constants.highSeverity: +// return vscode.DiagnosticSeverity.Error; +// case constants.mediumSeverity: +// return vscode.DiagnosticSeverity.Warning; +// case constants.infoSeverity: +// return vscode.DiagnosticSeverity.Information; +// } +// return vscode.DiagnosticSeverity.Information; +// } - getSeverity() { - switch (this.severity) { - case constants.criticalSeverity: - return SeverityLevel.critical; - case constants.highSeverity: - return SeverityLevel.high; - case constants.mediumSeverity: - return SeverityLevel.medium; - case constants.infoSeverity: - return SeverityLevel.info; - case constants.lowSeverity: - return SeverityLevel.low; - } - return SeverityLevel.empty; - } +// getSeverity() { +// switch (this.severity) { +// case constants.criticalSeverity: +// return SeverityLevel.critical; +// case constants.highSeverity: +// return SeverityLevel.high; +// case constants.mediumSeverity: +// return SeverityLevel.medium; +// case constants.infoSeverity: +// return SeverityLevel.info; +// case constants.lowSeverity: +// return SeverityLevel.low; +// } +// return SeverityLevel.empty; +// } - getState() { - switch (this.state) { - case "NOT_EXPLOITABLE": - return StateLevel.notExploitable; - case "PROPOSED_NOT_EXPLOITABLE": - return StateLevel.proposed; - case "CONFIRMED": - return StateLevel.confirmed; - case "TO_VERIFY": - return StateLevel.toVerify; - case "URGENT": - return StateLevel.urgent; - case "NOT_IGNORED": - return StateLevel.notIgnored; - case "IGNORED": - return StateLevel.ignored; - } - } +// getState() { +// switch (this.state) { +// case "NOT_EXPLOITABLE": +// return StateLevel.notExploitable; +// case "PROPOSED_NOT_EXPLOITABLE": +// return StateLevel.proposed; +// case "CONFIRMED": +// return StateLevel.confirmed; +// case "TO_VERIFY": +// return StateLevel.toVerify; +// case "URGENT": +// return StateLevel.urgent; +// case "NOT_IGNORED": +// return StateLevel.notIgnored; +// case "IGNORED": +// return StateLevel.ignored; +// } +// } - getResultHash() { - if (this.sastNodes && this.sastNodes.length > 0) { - return this.data.resultHash; - } - if (this.kicsNode) { - return this.kicsNode.id; - } - if (this.scaNode) { - return this.scaNode.id; - } +// getResultHash() { +// if (this.sastNodes && this.sastNodes.length > 0) { +// return this.data.resultHash; +// } +// if (this.kicsNode) { +// return this.kicsNode.id; +// } +// if (this.scaNode) { +// return this.scaNode.id; +// } - return ""; - } +// return ""; +// } - getHtmlDetails(cxPath: vscode.Uri) { - if (this.sastNodes && this.sastNodes.length > 0) { - return this.getSastDetails(cxPath); - } - if (this.scaNode) { - return this.scaDetails(); - } - if (this.kicsNode) { - return this.kicsDetails(); - } +// getHtmlDetails(cxPath: vscode.Uri) { +// if (this.sastNodes && this.sastNodes.length > 0) { +// return this.getSastDetails(cxPath); +// } +// if (this.scaNode) { +// return this.scaDetails(); +// } +// if (this.kicsNode) { +// return this.kicsDetails(); +// } - return ""; - } +// return ""; +// } - private kicsDetails() { - let html = ""; - html += ` - - -
- 1. - - ${this.kicsNode?.data.filename} - -
- - ${this.getShortFilename(this.kicsNode?.data.filename)} [${ - this.kicsNode?.data.line - }:${0}] - - - - `; - return html; - } +// private kicsDetails() { +// let html = ""; +// html += ` +// +// +//
+// 1. +// +// ${this.kicsNode?.data.filename} +// +//
+// +// ${this.getShortFilename(this.kicsNode?.data.filename)} [${ +// this.kicsNode?.data.line +// }:${0}] +// +// +// +// `; +// return html; +// } - getKicsValues() { - let r = ""; - if (this.kicsNode?.data) { - this.kicsNode.data.value - ? (r += ` -

- Value: ${this.kicsNode?.data.value} -

- `) - : (r += ""); - this.kicsNode.data.expectedValue - ? (r += ` -

- Expected Value: ${this.kicsNode?.data.expectedValue} -

- `) - : (r += ""); - } - return r; - } +// getKicsValues() { +// let r = ""; +// if (this.kicsNode?.data) { +// this.kicsNode.data.value +// ? (r += ` +//

+// Value: ${this.kicsNode?.data.value} +//

+// `) +// : (r += ""); +// this.kicsNode.data.expectedValue +// ? (r += ` +//

+// Expected Value: ${this.kicsNode?.data.expectedValue} +//

+// `) +// : (r += ""); +// } +// return r; +// } - getSastDetails(cxPath: vscode.Uri) { - let html = ""; //this.getBflTips(cxPath); - if (this.sastNodes) { - this.sastNodes.forEach((node, index) => { - html += ` - - -
- -
- -
-
- ${index + 1}. "${node.name.replaceAll('"', "")}" - - ${this.getShortFilename(node.fileName)} - -
-
- - `; - }); - } else { - html += ` -

- No attack vector information. -

`; - } - return html; - } +// getSastDetails(cxPath: vscode.Uri) { +// let html = ""; //this.getBflTips(cxPath); +// if (this.sastNodes) { +// this.sastNodes.forEach((node, index) => { +// html += ` +// +// +//
+// +//
+// +//
+//
+// ${index + 1}. "${node.name.replaceAll('"', "")}" +// +// ${this.getShortFilename(node.fileName)} +// +//
+//
+// +// `; +// }); +// } else { +// html += ` +//

+// No attack vector information. +//

`; +// } +// return html; +// } - getBflTips(cxPath: vscode.Uri) { - return ` -
-
-

- points to the best fix location in the code - Make remediation much quicker! -

-

- Loading best fix location -

- `; - } +// getBflTips(cxPath: vscode.Uri) { +// return ` +//
+//
+//

+// points to the best fix location in the code - Make remediation much quicker! +//

+//

+// Loading best fix location +//

+// `; +// } - getShortFilename(filename: string) { - let r; - filename.length > 50 ? (r = "..." + filename.slice(-50)) : (r = filename); - return r; - } +// getShortFilename(filename: string) { +// let r; +// filename.length > 50 ? (r = "..." + filename.slice(-50)) : (r = filename); +// return r; +// } - getTitle() { - let r = ""; - if (this.sastNodes && this.sastNodes.length > 0) { - r = `

Attack Vector

`; - } - if (this.scaNode) { - r = `

Package Data

`; - } - if (this.kicsNode) { - r = `

Location

`; - } - return r; - } +// getTitle() { +// let r = ""; +// if (this.sastNodes && this.sastNodes.length > 0) { +// r = `

Attack Vector

`; +// } +// if (this.scaNode) { +// r = `

Package Data

`; +// } +// if (this.kicsNode) { +// r = `

Location

`; +// } +// return r; +// } - private scaDetails() { - let html = ""; - if (this.scaNode?.packageData) { - this.scaNode?.packageData.forEach((node, index) => { - html += ` - - - ${index + 1}. - - ${node.comment} - - - `; - }); - } else { - html += ` -

- No package data information. -

`; - } - return html; - } +// private scaDetails() { +// let html = ""; +// if (this.scaNode?.packageData) { +// this.scaNode?.packageData.forEach((node, index) => { +// html += ` +// +// +// ${index + 1}. +// +// ${node.comment} +// +// +// `; +// }); +// } else { +// html += ` +//

+// No package data information. +//

`; +// } +// return html; +// } - public scaLocations(scaUpgrade) { - let html = ""; - this.scaNode.scaPackageData.dependencyPaths.forEach( - (pathArray: any, indexDependency: number) => { - if (indexDependency === 0) { - html += `
- - `; - } else { - html += `
- `; - } - html += ` -
-
- Package ${pathArray[0].name} is located in: -
-
-
- `; - pathArray.forEach((path: any, index: number) => { - if (index === 0) { - if (path.locations) { - path.locations.forEach((location: any, index: number) => { - html += ` - - ${location} - - ${ - this.scaNode.recommendedVersion && - this.scaNode.scaPackageData.supportsQuickFix === true && - this.scaNode.scaPackageData.dependencyPaths[0][0].name - ? ` icon` - : "" - } - ${index + 1 < path.locations.length ? ` |  ` : ""} - `; - }); - } else { - html += ` -
- ${path.name} is unresolved - - -
- `; - } - } - }); - html += `
- -
-
`; - } - ); - return html; - } +// public scaLocations(scaUpgrade) { +// let html = ""; +// this.scaNode.scaPackageData.dependencyPaths.forEach( +// (pathArray: any, indexDependency: number) => { +// if (indexDependency === 0) { +// html += `
+// +// `; +// } else { +// html += `
+// `; +// } +// html += ` +//
+//
+// Package ${pathArray[0].name} is located in: +//
+//
+//
+// `; +// pathArray.forEach((path: any, index: number) => { +// if (index === 0) { +// if (path.locations) { +// path.locations.forEach((location: any, index: number) => { +// html += ` +// +// ${location} +// +// ${ +// this.scaNode.recommendedVersion && +// this.scaNode.scaPackageData.supportsQuickFix === true && +// this.scaNode.scaPackageData.dependencyPaths[0][0].name +// ? ` icon` +// : "" +// } +// ${index + 1 < path.locations.length ? ` |  ` : ""} +// `; +// }); +// } else { +// html += ` +//
+// ${path.name} is unresolved +// +// +//
+// `; +// } +// } +// }); +// html += `
+// +//
+//
`; +// } +// ); +// return html; +// } - public scaReferences() { - let html = ""; - if (this.scaNode.packageData) { - this.scaNode.packageData.forEach((data: any) => { - html += ` - ${data.type} -   `; - }); - } else { - html += `

- No references available -

`; - } - return html; - } +// public scaReferences() { +// let html = ""; +// if (this.scaNode.packageData) { +// this.scaNode.packageData.forEach((data: any) => { +// html += ` +// ${data.type} +//   `; +// }); +// } else { +// html += `

+// No references available +//

`; +// } +// return html; +// } - public scaRealtimeNodes(result) { - let html = ""; - this.sastNodes.forEach((node, index) => { - html += ` - -
-
- "${result.data.packageIdentifier}" : - - ${node.fileName} - -
-
- - `; - }); - return html; - } +// public scaRealtimeNodes(result) { +// let html = ""; +// this.sastNodes.forEach((node, index) => { +// html += ` +// +//
+//
+// "${result.data.packageIdentifier}" : +// +// ${node.fileName} +// +//
+//
+// +// `; +// }); +// return html; +// } - public scaPackages(scaUpgrade) { - let html = this.scaLocations(scaUpgrade); - this.scaNode.scaPackageData.dependencyPaths.forEach( - (dependencyArray: any, index: number) => { - if (index === 0) { - html += `
- - `; - } else { - html += `
-
- `; - } - dependencyArray.forEach((dependency: any) => { - html += ` - - - `; - }); - html += ` - - -
`; - } - ); - return html; - } +// public scaPackages(scaUpgrade) { +// let html = this.scaLocations(scaUpgrade); +// this.scaNode.scaPackageData.dependencyPaths.forEach( +// (dependencyArray: any, index: number) => { +// if (index === 0) { +// html += `
+// +// `; +// } else { +// html += `
+//
+// `; +// } +// dependencyArray.forEach((dependency: any) => { +// html += ` +// +// +// `; +// }); +// html += ` +// +// +//
`; +// } +// ); +// return html; +// } - public scaContent( - result: AstResult, - scaUpgrade, - scaUrl, - scaAtackVector, - scaComplexity, - scaAuthentication, - scaConfidentiality, - scaIntegrity, - scaAvailability, - type - ) { - return ` -
-
-
- ${ - result.descriptionHTML ? result.descriptionHTML : result.description - } -
- ${ - type === "realtime" - ? ` -
- icon -

- About this vulnerability -

-
` - : "" - } -
- ${ - result.scaNode.scaPackageData - ? ` -
- ${ - !type - ? `

- Remediation -

` - : "" - } - ${ - !type - ? ` -
-
- ${result.scaRemediation(result, scaUpgrade, scaUrl, type)} -
-
- ` - : "" - } -
-
-
-

- ${!type ? "Vulnerable Package Paths" : "Vulnerable Package"} -

-
- ${ - result.scaNode.scaPackageData.dependencyPaths - ? ` -
- -

1/${ - result.scaNode.scaPackageData.dependencyPaths.length - }

- -
- ${result.scaPackages(scaUpgrade)} -
` - : !type - ? ` -
-

- No package path information available -

-
-
- ` - : ` -
- ${result.scaRealtimeNodes(result)} -
- - ` - } -
-

- References -

-
- ${result.scaReferences()} -
-
- - ` - : ` -
-

- No more information available -

-
- - ` - } -
- ${ - result.vulnerabilityDetails.cvss && - result.vulnerabilityDetails.cvss.version - ? ` -
-
- -
-
- ` - : ` -
-
- -
-
- ` - } -
-
-
-

- Score -

-

- ${ - result.vulnerabilityDetails && - result.vulnerabilityDetails.cvssScore - ? result.vulnerabilityDetails.cvssScore.toFixed(1) - : "N/A" - } -

-
-
-

- ${result.severity} -

-
-
-
-
-
-
-
-
-
-
-

- Attack Vector -

-

- ${ - result.vulnerabilityDetails.cvss && - result.vulnerabilityDetails.cvss.attackVector - ? result.vulnerabilityDetails.cvss.attackVector - : "No information" - } -

-
-
- icon -
-
-
-
-
-
-

- Attack Complexity -

-

- ${ - result.vulnerabilityDetails.cvss && - result.vulnerabilityDetails.cvss.attackComplexity - ? result.vulnerabilityDetails.cvss.attackComplexity - : "No information" - } -

-
-
- icon -
-
-
- ${ - result.vulnerabilityDetails.cvss && - result.vulnerabilityDetails.cvss.privilegesRequired - ? ` -
-
-
-

- Privileges Required -

-

- ${ - result.vulnerabilityDetails.cvss.privilegesRequired - ? result.vulnerabilityDetails.cvss.privilegesRequired - : "No information" - } -

-
-
- icon -
-
-
` - : `` - } -
-
-
-

- Confidentiality Impact -

-

- ${ - result.vulnerabilityDetails.cvss && - result.vulnerabilityDetails.cvss.confidentiality - ? result.vulnerabilityDetails.cvss.confidentiality - : "No information" - } -

-
-
- icon -
-
-
- ${ - result.vulnerabilityDetails.cvss && - result.vulnerabilityDetails.cvss.integrityImpact - ? ` -
-
-
-

- Integrity Impact -

-

- ${ - result.vulnerabilityDetails.cvss.integrityImpact - ? result.vulnerabilityDetails.cvss.integrityImpact - : "No information" - } -

-
-
- icon -
-
-
` - : `` - } -
-
-
-

- Availability Impact -

-

- ${ - result.vulnerabilityDetails.cvss && - result.vulnerabilityDetails.cvss.availability - ? result.vulnerabilityDetails.cvss.availability - : "No information" - } -

-
-
- icon -
-
-
-
`; - } +// public scaContent( +// result: AstResult, +// scaUpgrade, +// scaUrl, +// scaAtackVector, +// scaComplexity, +// scaAuthentication, +// scaConfidentiality, +// scaIntegrity, +// scaAvailability, +// type +// ) { +// return ` +//
+//
+//
+// ${ +// result.descriptionHTML ? result.descriptionHTML : result.description +// } +//
+// ${ +// type === "realtime" +// ? ` +//
+// icon +//

+// About this vulnerability +//

+//
` +// : "" +// } +//
+// ${ +// result.scaNode.scaPackageData +// ? ` +//
+// ${ +// !type +// ? `

+// Remediation +//

` +// : "" +// } +// ${ +// !type +// ? ` +//
+//
+// ${result.scaRemediation(result, scaUpgrade, scaUrl, type)} +//
+//
+// ` +// : "" +// } +//
+//
+//
+//

+// ${!type ? "Vulnerable Package Paths" : "Vulnerable Package"} +//

+//
+// ${ +// result.scaNode.scaPackageData.dependencyPaths +// ? ` +//
+// +//

1/${ +// result.scaNode.scaPackageData.dependencyPaths.length +// }

+// +//
+// ${result.scaPackages(scaUpgrade)} +//
` +// : !type +// ? ` +//
+//

+// No package path information available +//

+//
+//
+// ` +// : ` +//
+// ${result.scaRealtimeNodes(result)} +//
+// +// ` +// } +//
+//

+// References +//

+//
+// ${result.scaReferences()} +//
+//
+// +// ` +// : ` +//
+//

+// No more information available +//

+//
+// +// ` +// } +//
+// ${ +// result.vulnerabilityDetails.cvss && +// result.vulnerabilityDetails.cvss.version +// ? ` +//
+//
+// +//
+//
+// ` +// : ` +//
+//
+// +//
+//
+// ` +// } +//
+//
+//
+//

+// Score +//

+//

+// ${ +// result.vulnerabilityDetails && +// result.vulnerabilityDetails.cvssScore +// ? result.vulnerabilityDetails.cvssScore.toFixed(1) +// : "N/A" +// } +//

+//
+//
+//

+// ${result.severity} +//

+//
+//
+//
+//
+//
+//
+//
+//
+//
+//
+//

+// Attack Vector +//

+//

+// ${ +// result.vulnerabilityDetails.cvss && +// result.vulnerabilityDetails.cvss.attackVector +// ? result.vulnerabilityDetails.cvss.attackVector +// : "No information" +// } +//

+//
+//
+// icon +//
+//
+//
+//
+//
+//
+//

+// Attack Complexity +//

+//

+// ${ +// result.vulnerabilityDetails.cvss && +// result.vulnerabilityDetails.cvss.attackComplexity +// ? result.vulnerabilityDetails.cvss.attackComplexity +// : "No information" +// } +//

+//
+//
+// icon +//
+//
+//
+// ${ +// result.vulnerabilityDetails.cvss && +// result.vulnerabilityDetails.cvss.privilegesRequired +// ? ` +//
+//
+//
+//

+// Privileges Required +//

+//

+// ${ +// result.vulnerabilityDetails.cvss.privilegesRequired +// ? result.vulnerabilityDetails.cvss.privilegesRequired +// : "No information" +// } +//

+//
+//
+// icon +//
+//
+//
` +// : `` +// } +//
+//
+//
+//

+// Confidentiality Impact +//

+//

+// ${ +// result.vulnerabilityDetails.cvss && +// result.vulnerabilityDetails.cvss.confidentiality +// ? result.vulnerabilityDetails.cvss.confidentiality +// : "No information" +// } +//

+//
+//
+// icon +//
+//
+//
+// ${ +// result.vulnerabilityDetails.cvss && +// result.vulnerabilityDetails.cvss.integrityImpact +// ? ` +//
+//
+//
+//

+// Integrity Impact +//

+//

+// ${ +// result.vulnerabilityDetails.cvss.integrityImpact +// ? result.vulnerabilityDetails.cvss.integrityImpact +// : "No information" +// } +//

+//
+//
+// icon +//
+//
+//
` +// : `` +// } +//
+//
+//
+//

+// Availability Impact +//

+//

+// ${ +// result.vulnerabilityDetails.cvss && +// result.vulnerabilityDetails.cvss.availability +// ? result.vulnerabilityDetails.cvss.availability +// : "No information" +// } +//

+//
+//
+// icon +//
+//
+//
+//
`; +// } - private scaRemediation(result, scaUpgrade, scaUrl, type?) { - return ` - ${ - !type - ? `
- icon -
-
- -
-

- Upgrade To Version -

-

- ${ - result.scaNode.recommendedVersion - ? result.scaNode.recommendedVersion - : "Not available" - } -

-
-
-
-
-
- icon - ${ - result.scaNode.scaPackageData.fixLink && - result.scaNode.scaPackageData.fixLink !== "" - ? ` -

- About this vulnerability -

- ` - : `

- About this vulnerability -

` - } - -
-
-
- ` - : `` - }`; - } -} +// private scaRemediation(result, scaUpgrade, scaUrl, type?) { +// return ` +// ${ +// !type +// ? `
+// icon +//
+//
+ +//
+//

+// Upgrade To Version +//

+//

+// ${ +// result.scaNode.recommendedVersion +// ? result.scaNode.recommendedVersion +// : "Not available" +// } +//

+//
+//
+//
+//
+//
+// icon +// ${ +// result.scaNode.scaPackageData.fixLink && +// result.scaNode.scaPackageData.fixLink !== "" +// ? ` +//

+// About this vulnerability +//

+// ` +// : `

+// About this vulnerability +//

` +// } + +//
+//
+//
+// ` +// : `` +// }`; +// } +// } diff --git a/src/models/utils/constants.ts b/src/models/utils/constants.ts new file mode 100644 index 00000000..0b29da43 --- /dev/null +++ b/src/models/utils/constants.ts @@ -0,0 +1,33 @@ +export enum StateLevel { + NOT_EXPLOITABLE = "NOT_EXPLOITABLE", + PROPOSED_NOT_EXPLOITABLE = "PROPOSED_NOT_EXPLOITABLE", + CONFIRMED = "CONFIRMED", + TO_VERIFY = "TO_VERIFY", + URGENT = "URGENT", + NOT_IGNORED = "NOT_IGNORED", + IGNORED = "IGNORED", +} + +export enum SeverityLevel { + CRITICAL = "critical", + HIGH = "high", + MEDIUM = "medium", + LOW = "low", + INFO = "info", + EMPTY = "empty", +} + +export const constants = { + criticalSeverity: "critical", + highSeverity: "high", + mediumSeverity: "medium", + lowSeverity: "low", + infoSeverity: "info", + + sca: "sca", + sast: "sast", + kics: "kics", + scsSecretDetection: "scs", + + secretDetection: "Secret Detection", +}; diff --git a/src/sast/bfl.ts b/src/sast/bfl.ts index 4a322637..f385fafc 100644 --- a/src/sast/bfl.ts +++ b/src/sast/bfl.ts @@ -3,14 +3,15 @@ import { Logs } from "../models/logs"; import { SastNode } from "../models/sastNode"; import { messages } from "../utils/common/messages"; import path = require("path"); -import { AstResult } from "../models/results"; +import { AstResult } from "../models/astResults/AstResult"; +import { SastAstResult } from "../models/astResults/SastAstResult"; import { constants } from "../utils/common/constants"; import { getFromState } from "../utils/common/globalState"; export async function getBfl( scanId: string, queryId: string, - resultNodes: SastNode[], + resultNodes: SastNode[] | any, logs: Logs ) { try { @@ -18,10 +19,7 @@ export async function getBfl( console.log("bfl"); const bflIndex = await this.getResultsBfl(scanId, queryId, resultNodes); if (bflIndex < 0) { - logs.log( - "INFO", - messages.bflNoLocation - ); + logs.log("INFO", messages.bflNoLocation); } return bflIndex; } catch (err) { @@ -43,20 +41,23 @@ export async function getResultsBfl( path.join("media", "icon.png") ); if (scanId) { - getBfl(scanId, result.queryId, result.sastNodes, logs) - .then((index) => { - detailsPanel?.webview.postMessage({ - command: "loadBfl", - index: { index: index, logo: cxPath }, + if (AstResult.checkType(result) === constants.sast) { + const sastObj = result as SastAstResult; + getBfl(scanId, sastObj.queryId, sastObj.multipleSastNode.getNodes(), logs) + .then((index) => { + detailsPanel?.webview.postMessage({ + command: "loadBfl", + index: { index: index, logo: cxPath }, + }); + }) + .catch(() => { + detailsPanel?.webview.postMessage({ + command: "loadBfl", + index: { index: -1, logo: cxPath }, + }); }); - }) - .catch(() => { - detailsPanel?.webview.postMessage({ - command: "loadBfl", - index: { index: -1, logo: cxPath }, - }); - }); + } } else { logs.error(messages.scanIdUndefined); } -} \ No newline at end of file +} diff --git a/src/sast/learnMore.ts b/src/sast/learnMore.ts index 8aab37c5..c8e57f8c 100644 --- a/src/sast/learnMore.ts +++ b/src/sast/learnMore.ts @@ -1,6 +1,6 @@ import * as vscode from "vscode"; import { Logs } from "../models/logs"; -import { AstResult } from "../models/results"; +import { AstResult } from "../models/astResults/AstResult"; import { cx } from "../cx"; export async function getLearnMore( @@ -9,15 +9,21 @@ export async function getLearnMore( result: AstResult, detailsPanel: vscode.WebviewPanel ) { - cx.learnMore(result.queryId) + cx.learnMore(result.getqueryId()) .then((learn) => { - detailsPanel?.webview.postMessage({ command: "loadLearnMore", learn, result }); + detailsPanel?.webview.postMessage({ + command: "loadLearnMore", + learn, + result, + }); + console.log("Posted message to webview Learn", learn); + console.log("Posted message to webview Result", result); }) .catch((err) => { detailsPanel?.webview.postMessage({ command: "loadLearnMore", learn: [], - result: result + result: result, }); logs.error(err); }); diff --git a/src/utils/interface/details.ts b/src/utils/interface/details.ts index 808a64d4..f577d1f9 100644 --- a/src/utils/interface/details.ts +++ b/src/utils/interface/details.ts @@ -1,4 +1,6 @@ -import { AstResult } from "../../models/results"; +// import { AstResult } from "../../models/results"; +import { AstResult } from "../../models/astResults/AstResult"; +import { ScaAstResult } from "../../models/astResults/ScaAstResult"; import * as vscode from "vscode"; import * as os from "os"; import { constants } from "../common/constants"; @@ -127,6 +129,7 @@ export class Details { scaUrl: vscode.Uri, type?: string ) { + const scaObj = this.result as ScaAstResult; return `
@@ -135,15 +138,11 @@ export class Details { ${this.result.label}

- ${ - this.result.scaNode.packageIdentifier - ? this.result.scaNode.packageIdentifier - : "" - } + ${scaObj.scaNode.packageIdentifier ? scaObj.scaNode.packageIdentifier : ""}

- ${this.result.scaContent( + ${scaObj.scaContent( this.result, scaUpgrade, scaUrl, @@ -152,8 +151,7 @@ export class Details { scaAuthentication, scaConfidentiality, scaIntegrity, - scaAvailability, - type + scaAvailability )}
@@ -358,6 +356,7 @@ export class Details {
import { messages } from '../common/messages'; +import { ScaAstResult } from '../../models/astResults/ScaAstResult';