Merge master into feature/amazonqLSP

aws-toolkit-automation · web-flow · commit 29672aff81c3 · 2025-03-17T15:37:30.000-04:00
diff --git a/packages/amazonq/package.json b/packages/amazonq/package.json
@@ -387,12 +387,12 @@
                 },
                 {
                     "command": "aws.amazonq.openSecurityIssuePanel",
-                    "when": "view == aws.amazonq.SecurityIssuesTree && (viewItem == issueWithoutFix || viewItem == issueWithFix)",
+                    "when": "view == aws.amazonq.SecurityIssuesTree && (viewItem == issueWithoutFix || viewItem == issueWithFix || viewItem == issueWithFixDisabled)",
                     "group": "inline@4"
                 },
                 {
                     "command": "aws.amazonq.security.ignore",
-                    "when": "view == aws.amazonq.SecurityIssuesTree && (viewItem == issueWithoutFix || viewItem == issueWithFix)",
+                    "when": "view == aws.amazonq.SecurityIssuesTree && (viewItem == issueWithoutFix || viewItem == issueWithFix || viewItem == issueWithFixDisabled)",
                     "group": "inline@5"
                 },
                 {
@@ -402,7 +402,7 @@
                 },
                 {
                     "submenu": "aws.amazonq.submenu.securityIssueMoreActions",
-                    "when": "view == aws.amazonq.SecurityIssuesTree && (viewItem == issueWithoutFix || viewItem == issueWithFix)",
+                    "when": "view == aws.amazonq.SecurityIssuesTree && (viewItem == issueWithoutFix || viewItem == issueWithFix || viewItem == issueWithFixDisabled)",
                     "group": "inline@7"
                 }
             ],
diff --git a/packages/amazonq/test/unit/codewhisperer/service/securityIssueTreeViewProvider.test.ts b/packages/amazonq/test/unit/codewhisperer/service/securityIssueTreeViewProvider.test.ts
@@ -12,6 +12,7 @@ import {
     SeverityItem,
     CodeIssueGroupingStrategyState,
     CodeIssueGroupingStrategy,
+    sasRuleId,
 } from 'aws-core-vscode/codewhisperer'
 import { createCodeScanIssue } from 'aws-core-vscode/test'
 import assert from 'assert'
@@ -154,3 +155,23 @@ describe('SecurityIssueTreeViewProvider', function () {
         })
     })
 })
+
+describe('IssueItem', function () {
+    it('has issueWithFix context value for issues with suggested fix', function () {
+        const issueItem = new IssueItem(
+            'file/path',
+            createCodeScanIssue({ suggestedFixes: [{ code: 'fixCode', description: 'fixDescription' }] })
+        )
+        assert.strictEqual(issueItem.contextValue, 'issueWithFix')
+    })
+
+    it('has issueWithoutFix context value for issues without suggested fix', function () {
+        const issueItem = new IssueItem('file/path', createCodeScanIssue({ suggestedFixes: [] }))
+        assert.strictEqual(issueItem.contextValue, 'issueWithoutFix')
+    })
+
+    it('has issueWithFixDisabled context value for SAS findings', function () {
+        const issueItem = new IssueItem('file/path', createCodeScanIssue({ ruleId: sasRuleId }))
+        assert.strictEqual(issueItem.contextValue, 'issueWithFixDisabled')
+    })
+})
diff --git a/packages/core/src/codewhisperer/commands/basicCommands.ts b/packages/core/src/codewhisperer/commands/basicCommands.ts
@@ -673,6 +673,10 @@ export const generateFix = Commands.declare(
             if (!targetIssue) {
                 return
             }
+            if (targetIssue.ruleId === CodeWhispererConstants.sasRuleId) {
+                getLogger().warn('GenerateFix is not available for SAS findings.')
+                return
+            }
             await telemetry.codewhisperer_codeScanIssueGenerateFix.run(async () => {
                 try {
                     await vscode.commands
diff --git a/packages/core/src/codewhisperer/models/constants.ts b/packages/core/src/codewhisperer/models/constants.ts
@@ -334,10 +334,13 @@ export const securityScanLanguageIds = [
     'sh',
     'shell',
     'shellscript',
+    'brazilPackageConfig',
 ] as const
 
 export type SecurityScanLanguageId = (typeof securityScanLanguageIds)[number]
 
+export const sasRuleId = 'sbom-software-assurance-services'
+
 // wait time for editor to update editor.selection.active (in milliseconds)
 export const vsCodeCursorUpdateDelay = 10
 
diff --git a/packages/core/src/codewhisperer/service/securityIssueTreeViewProvider.ts b/packages/core/src/codewhisperer/service/securityIssueTreeViewProvider.ts
@@ -15,6 +15,7 @@ import {
 import globals from '../../shared/extensionGlobals'
 import { getLogger } from '../../shared/logger/logger'
 import { SecurityIssueProvider } from './securityIssueProvider'
+import { sasRuleId } from '../models/constants'
 
 export type SecurityViewTreeItem = FileItem | IssueItem | SeverityItem
 type CodeScanIssueWithFilePath = CodeScanIssue & { filePath: string }
@@ -118,6 +119,7 @@ enum ContextValue {
     FILE = 'file',
     ISSUE_WITH_FIX = 'issueWithFix',
     ISSUE_WITHOUT_FIX = 'issueWithoutFix',
+    ISSUE_WITH_FIX_DISABLED = 'issueWithFixDisabled',
     SEVERITY = 'severity',
 }
 
@@ -195,9 +197,11 @@ export class IssueItem extends vscode.TreeItem {
     }
 
     private getContextValue() {
-        return this.issue.suggestedFixes.length === 0 || !this.issue.suggestedFixes[0].code
-            ? ContextValue.ISSUE_WITHOUT_FIX
-            : ContextValue.ISSUE_WITH_FIX
+        return this.issue.ruleId === sasRuleId
+            ? ContextValue.ISSUE_WITH_FIX_DISABLED
+            : this.issue.suggestedFixes.length === 0 || !this.issue.suggestedFixes[0].code
+              ? ContextValue.ISSUE_WITHOUT_FIX
+              : ContextValue.ISSUE_WITH_FIX
     }
 
     private getTooltipMarkdown() {
diff --git a/packages/core/src/codewhisperer/service/securityScanHandler.ts b/packages/core/src/codewhisperer/service/securityScanHandler.ts
@@ -76,9 +76,10 @@ export async function listScanResults(
         // Key example: project/src/main/java/com/example/App.java
         const mappedProjectPaths: Set<string> = new Set()
         for (const projectPath of projectPaths) {
-            // We need to remove the project path from the key to get the absolute path to the file
-            // Do not use .. in between because there could be multiple project paths in the same parent dir.
-            const filePath = path.join(projectPath, key.split('/').slice(1).join('/'))
+            // There could be multiple projectPaths with the same parent dir
+            // In that case, make sure to break out of this loop after a filePath is found
+            // or else it might result in duplicate findings.
+            const filePath = path.join(projectPath, '..', key)
             if (existsSync(filePath) && statSync(filePath).isFile()) {
                 mappedProjectPaths.add(filePath)
                 const document = await vscode.workspace.openTextDocument(filePath)
@@ -87,6 +88,7 @@ export async function listScanResults(
                     issues: issues.map((issue) => mapRawToCodeScanIssue(issue, document, jobId, scope)),
                 }
                 aggregatedCodeScanIssueList.push(aggregatedCodeScanIssue)
+                break
             }
         }
         const maybeAbsolutePath = `/${key}`
diff --git a/packages/core/src/codewhisperer/util/securityScanLanguageContext.ts b/packages/core/src/codewhisperer/util/securityScanLanguageContext.ts
@@ -47,6 +47,7 @@ export class SecurityScanLanguageContext {
             sh: 'shell',
             shell: 'shell',
             shellscript: 'shell',
+            brazilPackageConfig: 'plaintext',
         })
     }
 
diff --git a/packages/core/src/codewhisperer/views/securityIssue/vue/root.vue b/packages/core/src/codewhisperer/views/securityIssue/vue/root.vue
@@ -80,12 +80,19 @@
             v-if="!isFixAvailable"
             @click="generateFix"
             class="mr-8 button-theme-primary"
-            :disabled="isGenerateFixLoading"
+            :disabled="isGenerateFixLoading || isGenerateFixDisabled"
         >
             Generate Fix
         </button>
         <button v-if="isFixAvailable" @click="applyFix" class="mr-8 button-theme-primary">Accept Fix</button>
-        <button v-if="isFixAvailable" @click="regenerateFix" class="mr-8 button-theme-secondary">Regenerate Fix</button>
+        <button
+            v-if="isFixAvailable"
+            @click="regenerateFix"
+            class="mr-8 button-theme-secondary"
+            :disabled="isGenerateFixDisabled"
+        >
+            Regenerate Fix
+        </button>
         <button @click="explainWithQ" class="mr-8 button-theme-secondary">Explain</button>
         <button @click="ignoreIssue" class="mr-8 button-theme-secondary">Ignore</button>
         <button @click="ignoreAllIssues" class="mr-8 button-theme-secondary">Ignore All</button>
@@ -104,6 +111,7 @@ import criticalSeverity from '../../../../../resources/images/severity-critical.
 import markdownIt from 'markdown-it'
 import hljs from 'highlight.js'
 import { CodeScanIssue } from '../../../models/model'
+import { sasRuleId } from '../../../models/constants'
 
 const client = WebviewClientFactory.create<SecurityIssueWebview>()
 const severityImages: Record<string, string> = {
@@ -197,6 +205,7 @@ export default defineComponent({
             fixedCode: '',
             referenceText: '',
             referenceSpan: [0, 0],
+            isGenerateFixDisabled: false,
         }
     },
     created() {
@@ -277,6 +286,7 @@ export default defineComponent({
             this.endLine = issue.endLine
             this.isFixAvailable = false
             this.isFixDescriptionAvailable = false
+            this.isGenerateFixDisabled = issue.ruleId === sasRuleId
             if (suggestedFix) {
                 this.isFixAvailable = !!suggestedFix.code && suggestedFix.code?.trim() !== ''
                 this.suggestedFix = suggestedFix.code ?? ''
diff --git a/packages/core/src/shared/utilities/commentUtils.ts b/packages/core/src/shared/utilities/commentUtils.ts
@@ -47,6 +47,7 @@ const languageCommentConfig: Record<SecurityScanLanguageId, CommentConfig | unde
     sh: { lineComment: '#', blockComment: [": '", "'"] },
     shell: { lineComment: '#', blockComment: [": '", "'"] },
     shellscript: { lineComment: '#', blockComment: [": '", "'"] },
+    brazilPackageConfig: { lineComment: '#' },
 }
 
 export function getLanguageCommentConfig(languageId: string): CommentConfig {
diff --git a/packages/core/src/test/codewhisperer/commands/basicCommands.test.ts b/packages/core/src/test/codewhisperer/commands/basicCommands.test.ts
@@ -8,7 +8,7 @@ import assert from 'assert'
 import * as sinon from 'sinon'
 import * as CodeWhispererConstants from '../../../codewhisperer/models/constants'
 import { createCodeScanIssue, createMockDocument, resetCodeWhispererGlobalVariables } from '../testUtil'
-import { assertTelemetry, assertTelemetryCurried, tryRegister } from '../../testUtil'
+import { assertNoTelemetryMatch, assertTelemetry, assertTelemetryCurried, tryRegister } from '../../testUtil'
 import {
     toggleCodeSuggestions,
     showSecurityScan,
@@ -902,6 +902,20 @@ def execute_input_compliant():
                 reasonDesc: 'Unexpected error',
             })
         })
+
+        it('exits early for SAS findings', async function () {
+            targetCommand = testCommand(generateFix, mockClient, mockExtContext)
+            codeScanIssue = createCodeScanIssue({
+                ruleId: CodeWhispererConstants.sasRuleId,
+            })
+            issueItem = new IssueItem(filePath, codeScanIssue)
+            await targetCommand.execute(codeScanIssue, filePath, 'webview')
+            assert.ok(updateSecurityIssueWebviewMock.notCalled)
+            assert.ok(startCodeFixGenerationStub.notCalled)
+            assert.ok(updateIssueMock.notCalled)
+            assert.ok(refreshTreeViewMock.notCalled)
+            assertNoTelemetryMatch('codewhisperer_codeScanIssueGenerateFix')
+        })
     })
 
     describe('rejectFix', function () {

Original file line number	Diff line number	Diff line change
`@@ -387,12 +387,12 @@`
`387`	`387`	`},`
`388`	`388`	`{`
`389`	`389`	`"command": "aws.amazonq.openSecurityIssuePanel",`
`390`		`- "when": "view == aws.amazonq.SecurityIssuesTree && (viewItem == issueWithoutFix \|\| viewItem == issueWithFix)",`
	`390`	`+ "when": "view == aws.amazonq.SecurityIssuesTree && (viewItem == issueWithoutFix \|\| viewItem == issueWithFix \|\| viewItem == issueWithFixDisabled)",`
`391`	`391`	`"group": "inline@4"`
`392`	`392`	`},`
`393`	`393`	`{`
`394`	`394`	`"command": "aws.amazonq.security.ignore",`
`395`		`- "when": "view == aws.amazonq.SecurityIssuesTree && (viewItem == issueWithoutFix \|\| viewItem == issueWithFix)",`
	`395`	`+ "when": "view == aws.amazonq.SecurityIssuesTree && (viewItem == issueWithoutFix \|\| viewItem == issueWithFix \|\| viewItem == issueWithFixDisabled)",`
`396`	`396`	`"group": "inline@5"`
`397`	`397`	`},`
`398`	`398`	`{`
`@@ -402,7 +402,7 @@`
`402`	`402`	`},`
`403`	`403`	`{`
`404`	`404`	`"submenu": "aws.amazonq.submenu.securityIssueMoreActions",`
`405`		`- "when": "view == aws.amazonq.SecurityIssuesTree && (viewItem == issueWithoutFix \|\| viewItem == issueWithFix)",`
	`405`	`+ "when": "view == aws.amazonq.SecurityIssuesTree && (viewItem == issueWithoutFix \|\| viewItem == issueWithFix \|\| viewItem == issueWithFixDisabled)",`
`406`	`406`	`"group": "inline@7"`
`407`	`407`	`}`
`408`	`408`	`],`
Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,7 @@ export class SecurityScanLanguageContext {`
`47`	`47`	`sh: 'shell',`
`48`	`48`	`shell: 'shell',`
`49`	`49`	`shellscript: 'shell',`
	`50`	`+ brazilPackageConfig: 'plaintext',`
`50`	`51`	`})`
`51`	`52`	`}`
`52`	`53`
Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,7 @@ const languageCommentConfig: Record<SecurityScanLanguageId, CommentConfig \| unde`
`47`	`47`	`sh: { lineComment: '#', blockComment: [": '", "'"] },`
`48`	`48`	`shell: { lineComment: '#', blockComment: [": '", "'"] },`
`49`	`49`	`shellscript: { lineComment: '#', blockComment: [": '", "'"] },`
	`50`	`+ brazilPackageConfig: { lineComment: '#' },`
`50`	`51`	`}`
`51`	`52`
`52`	`53`	`export function getLanguageCommentConfig(languageId: string): CommentConfig {`