Skip to content

feat: add code actions, fix ostest & feature flags [IDE-1493] #1054

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 16 commits into
base: main
Choose a base branch
from
Open

feat: add code actions, fix ostest & feature flags [IDE-1493] #1054

wants to merge 16 commits into from

Conversation

@bastiandoetsch
Copy link
Collaborator

@bastiandoetsch bastiandoetsch commented Nov 13, 2025
edited
Loading

Description

This PR refactors the OSS vulnerability processing and feature flag infrastructure, adds risk score display functionality, and improves code maintainability through better separation of concerns.

OSS Issue Processing Refactoring:

  • Extracted code actions logic: Moved code action generation from inline logic into dedicated addCodeActionsAndLenses() helper function for better testability and reuse
  • Made functions stateless: Converted instance methods on ossIssue to standalone functions (GetExtendedMessage, createCveLink, createCweLink, createFixedIn, CreateIssueURL, GetCodeActions, AddSnykLearnAction, AddQuickFixAction) - removing tight coupling to the ossIssue struct
  • Improved converter architecture:
    • Extracted getAffectedFilePath() helper to reduce code duplication
    • Moved getFileContent() into shared utility function
    • Simplified ProcessScanResults() signature by using context for dependency injection
    • Better error handling and logging throughout conversion pipeline
  • Simplified remediation logic: Removed patchable-specific branches in GetRemediation() - now only handles upgrade paths
  • Context-based dependency injection: Config, learn service, and error reporter now passed via context instead of function parameters

Risk Score Feature (IDE-1493):

  • Added RiskScore field to OssIssueData struct
  • Updated HTML template (details.html) to conditionally display risk score when non-zero
  • Added feature flags UseExperimentalRiskScore and UseExperimentalRiskScoreInCLI to control risk score functionality
  • Risk score properly flows from test API through to issue display

Feature Flag Infrastructure Overhaul:

  • Migrated to imcache: Replaced plain map[string] with imcache.Cache for both feature flags and SAST settings storage
  • Added cache expiration: All cached entries expire after 1 minute to ensure freshness
  • Introduced Option pattern: Added WithProvider() option for cleaner dependency injection and improved testability
  • Thread-safety improvements: Leverages imcache's built-in concurrency handling, reducing manual mutex complexity
  • Automatic persistence: PopulateFolderConfig() now automatically persists folder config via storedconfig.UpdateFolderConfig()
  • Test simplification: All feature flag tests updated to use new New() constructor with options

Test Infrastructure Improvements:

  • Optimized test repo cloning: Modified unified test API smoke test to clone test repository only once and reuse across test runs
  • Fixed comparison test: Updated diagnostic comparison logic to use Code + Range as matching key instead of relying on OssIssueData internal fields
  • Separated dependency injection: Cleaner DI setup for unified test API smoke test
  • Adjusted test expectations: Updated to match new issue structure and findings format

Other Changes:

  • Updated copyright headers to 2025
  • Fixed go.mod/go.sum inconsistencies
  • Minor adjustments to scanner and converter call sites

Files Changed: 26 files (+549/-588 lines)

Checklist

  • Tests added and all succeed
  • Regenerated mocks, etc. (make generate)
  • Linted (make lint-fix)
  • README.md updated, if user-facing
  • License file updated, if new 3rd-party dependency is introduced

@snyk-io
Copy link

snyk-io bot commented Nov 13, 2025
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@bastiandoetsch bastiandoetsch force-pushed the feat/IDE-1493_add-risk-score-and-fix-issues branch from 19fd1c6 to 45337df Compare November 13, 2025 12:26
rrama and others added 4 commits November 14, 2025 06:10
@rrama @bastiandoetsch
test: separate DIs for unified test api smoke test (#1055)
71b13b7 
* test: seperate DIs for TestUnifiedTestApiSmokeTest

Previously di.Init() was being called twice in the test.
The test have been moved to sub-tests, this way each test only calls it once.

* test: make test more robust

* test: refactor out duplicate test logic

* chore: add test generated files to .gitignore

* test: make compare a smoke test

Add more test failed to run diags
@bastiandoetsch
fix: use imcache instead of map for feature flags
7e93c94
@bastiandoetsch
chore: update problem parsing, code-actions
cb17778
@bastiandoetsch
Merge branch 'main' into feat/IDE-1493_add-risk-score-and-fix-issues
9fdadca 
# Conflicts:
#	application/server/unified_test_api_smoke_test.go
@bastiandoetsch bastiandoetsch marked this pull request as ready for review November 14, 2025 09:30
@bastiandoetsch bastiandoetsch requested review from a team as code owners November 14, 2025 09:30
@bastiandoetsch
Merge branch 'main' into feat/IDE-1493_add-risk-score-and-fix-issues
1dcfbf5 
# Conflicts:
#	application/server/server_smoke_test.go
#	infrastructure/oss/cli_scanner.go
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bastiandoetsch @rrama