vscode-csharp icon indicating copy to clipboard operation
vscode-csharp copied to clipboard

Published 20 hours ago verified publisher icon dotnet

C# Extension throws error on hover over diagnostic from Semgrep Extension.

Open jkinsfather opened this issue 1 year ago • 2 comments

Type: Bug

Issue Description

The C# extension cannot handle code actions when there are diagnostics from the Semgrep Extension included in the request.

Hovering over a Semgrep diagnostic causes the C# extension to throw a Request textDocument/codeAction failed. error.

Steps to Reproduce

  1. Install the C# extension
  2. Install the Semgrep extension
  3. Install the Semgrep CLI tool locally: 'brew install semgrep'
  4. Create a new .cs file with the following contents:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using RazorEngine;
using RazorEngine.Templating;

    namespace RazorVulnerableApp.Controllers
{
    public class HomeController : Controller
    {
        [HttpPost]
        [ValidateInput(false)]
        public ActionResult Index(string inert, string razorTpl)
        {
            // WARNING This code is vulnerable on purpose: do not use in production and do not take it as an example!
            // ruleid: razor-template-injection
            ViewBag.RenderedTemplate = Razor.Parse(razorTpl);
            ViewBag.Template = razorTpl;
            return View();
        }
    }
}
  1. Run a Semgrep scan with the VS Code command Semgrep: scan all files in workspace.
  2. Hover over the Semgrep diagnostic on line 19 of the file.
  3. Note the error thrown by the C# extension as a popup in the lower right-hand corner with the message Request textDocument/codeAction failed.

Expected Behavior

The C# extension should not throw an error when hovering over the diagnostic from another extension.

Actual Behavior

The C# extension throws an error when hovering over a diagnostic from the Semgrep extension.

Logs

C# log

[Error - 10:57:41 AM] [LanguageServerHost] System.UriFormatException: Invalid URI: The Authority/Host could not be parsed.
   at System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind, UriCreationOptions& creationOptions)
   at System.Uri..ctor(String uriString)
   at Roslyn.LanguageServer.Protocol.DocumentUriConverter.Read(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options) in /_/src/LanguageServer/Protocol/Protocol/Converters/DocumentUriConverter.cs:line 17
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.Metadata.JsonPropertyInfo`1.ReadJsonAndSetMember(Object obj, ReadStack& state, Utf8JsonReader& reader)
   at System.Text.Json.Serialization.Converters.ObjectDefaultConverter`1.OnTryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value)
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.Metadata.JsonPropertyInfo`1.ReadJsonAndSetMember(Object obj, ReadStack& state, Utf8JsonReader& reader)
   at System.Text.Json.Serialization.Converters.ObjectDefaultConverter`1.OnTryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value)
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.JsonConverter`1.ReadCore(Utf8JsonReader& reader, JsonSerializerOptions options, ReadStack& state)
   at System.Text.Json.JsonSerializer.Read[TValue](Utf8JsonReader& reader, JsonTypeInfo`1 jsonTypeInfo)
   at Roslyn.LanguageServer.Protocol.VSExtensionConverter`2.Read(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options) in /_/src/LanguageServer/Protocol/Protocol/Extensions/Converters/VSExtensionConverter.cs:line 25
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.JsonCollectionConverter`2.OnTryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, TCollection& value)
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.Metadata.JsonPropertyInfo`1.ReadJsonAndSetMember(Object obj, ReadStack& state, Utf8JsonReader& reader)
   at System.Text.Json.Serialization.Converters.ObjectDefaultConverter`1.OnTryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value)
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.JsonConverter`1.ReadCore(Utf8JsonReader& reader, JsonSerializerOptions options, ReadStack& state)
   at System.Text.Json.JsonSerializer.Read[TValue](Utf8JsonReader& reader, JsonTypeInfo`1 jsonTypeInfo)
   at Roslyn.LanguageServer.Protocol.VSExtensionConverter`2.Read(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options) in /_/src/LanguageServer/Protocol/Protocol/Extensions/Converters/VSExtensionConverter.cs:line 25
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.Metadata.JsonPropertyInfo`1.ReadJsonAndSetMember(Object obj, ReadStack& state, Utf8JsonReader& reader)
   at System.Text.Json.Serialization.Converters.ObjectDefaultConverter`1.OnTryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value)
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.JsonConverter`1.ReadCore(Utf8JsonReader& reader, JsonSerializerOptions options, ReadStack& state)
   at System.Text.Json.JsonSerializer.ReadFromSpan[TValue](ReadOnlySpan`1 utf8Json, JsonTypeInfo`1 jsonTypeInfo, Nullable`1 actualByteCount)
   at System.Text.Json.JsonSerializer.Deserialize[TValue](JsonElement element, JsonSerializerOptions options)
   at Microsoft.CommonLanguageServerProtocol.Framework.SystemTextJsonLanguageServer`1.DeserializeRequest[TRequest](Object serializedRequest, RequestHandlerMetadata metadata) in /_/src/LanguageServer/Microsoft.CommonLanguageServerProtocol.Framework/SystemTextJsonLanguageServer.cs:line 30
   at Microsoft.CommonLanguageServerProtocol.Framework.QueueItem`1.TryDeserializeRequest[TRequest](AbstractLanguageServer`1 languageServer, RequestHandlerMetadata requestHandlerMetadata, Boolean isMutating, TRequest& request) in /_/src/LanguageServer/Microsoft.CommonLanguageServerProtocol.Framework/QueueItem.cs:line 117
[Error - 10:57:41 AM] Request textDocument/codeAction failed.
  Message: Invalid URI: The Authority/Host could not be parsed.
  Code: -32000 
[object Object]
[LanguageServerHost] [06:04:19.029][End]textDocument/codeAction
[LanguageServerHost] No request parameters given, using default language handler
[LanguageServerHost] [06:04:31.798][Start]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] [06:04:31.799][End]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] No request parameters given, using default language handler
[LanguageServerHost] [06:04:33.132][Start]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] [06:04:33.133][End]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] No request parameters given, using default language handler
[LanguageServerHost] [06:04:54.962][Start]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] [06:04:54.963][End]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] No request parameters given, using default language handler
[LanguageServerHost] [06:04:56.392][Start]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] [06:04:56.393][End]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] No request parameters given, using default language handler
[LanguageServerHost] [06:05:00.973][Start]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] [06:05:00.974][End]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] Using C# from request text document
[LanguageServerHost] /Users/jkinsfather/repo/apps/dvcsharp-api/semgrep_test.cs found in workspace Host
[LanguageServerHost] [06:05:01.218][Start]textDocument/codeLens
[LanguageServerHost] [06:05:01.220][End]textDocument/codeLens
[LanguageServerHost] Using C# from data text document
[LanguageServerHost] /Users/jkinsfather/repo/apps/dvcsharp-api/semgrep_test.cs found in workspace Host
[LanguageServerHost] [06:05:01.474][Start]codeLens/resolve
[LanguageServerHost] [06:05:01.481][End]codeLens/resolve
[LanguageServerHost] Using C# from request text document

C# LSP Trace Logs

Environment information

VSCode version: 1.92.2 C# Extension: 2.39.29 Using OmniSharp: false

Dotnet Information .NET SDK: Version: 8.0.401 Commit: 811edcc344 Workload version: 8.0.400-manifests.b6724b7a MSBuild version: 17.11.4+37eb419ad

Runtime Environment: OS Name: Mac OS X OS Version: 14.6 OS Platform: Darwin RID: osx-arm64 Base Path: /usr/local/share/dotnet/sdk/8.0.401/

.NET workloads installed: Configured to use loose manifests when installing new manifests. There are no installed workloads to display.

Host: Version: 8.0.8 Architecture: arm64 Commit: 08338fcaa5

.NET SDKs installed: 8.0.401 [/usr/local/share/dotnet/sdk]

.NET runtimes installed: Microsoft.AspNetCore.App 8.0.8 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App] Microsoft.NETCore.App 8.0.8 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App]

Other architectures found: None

Environment variables: Not set

global.json file: Not found

Learn more: https://aka.ms/dotnet/info

Download .NET: https://aka.ms/dotnet/download

Visual Studio Code Extensions
Extension Author Version Folder Name
black-formatter ms-python 2024.2.0 ms-python.black-formatter-2024.2.0
cmake twxs 0.0.17 twxs.cmake-0.0.17
cmake-tools ms-vscode 1.19.49 ms-vscode.cmake-tools-1.19.49
cpptools ms-vscode 1.21.6 ms-vscode.cpptools-1.21.6-darwin-arm64
cpptools-extension-pack ms-vscode 1.3.0 ms-vscode.cpptools-extension-pack-1.3.0
cpptools-themes ms-vscode 2.0.0 ms-vscode.cpptools-themes-2.0.0
csdevkit ms-dotnettools 1.9.55 ms-dotnettools.csdevkit-1.9.55-darwin-arm64
csharp ms-dotnettools 2.39.29 ms-dotnettools.csharp-2.39.29-darwin-arm64
debugpy ms-python 2024.10.0 ms-python.debugpy-2024.10.0-darwin-arm64
intellicode-api-usage-examples VisualStudioExptTeam 0.2.8 visualstudioexptteam.intellicode-api-usage-examples-0.2.8
java redhat 1.34.0 redhat.java-1.34.0-darwin-arm64
json Meezilla 0.1.2 meezilla.json-0.1.2
json ZainChen 2.0.2 zainchen.json-2.0.2
org-mode tootone 0.5.0 tootone.org-mode-0.5.0
prettify-json mohsen1 0.0.3 mohsen1.prettify-json-0.0.3
preview-vscode searKing 2.3.7 searking.preview-vscode-2.3.7
python ms-python 2024.12.3 ms-python.python-2024.12.3-darwin-arm64
sarif-viewer MS-SarifVSCode 3.4.4 ms-sarifvscode.sarif-viewer-3.4.4
semgrep Semgrep 1.8.2 semgrep.semgrep-1.8.2
sr-jsonnet-extension SR 0.14.0 sr.sr-jsonnet-extension-0.14.0
vscode-ansi iliazeus 1.1.7 iliazeus.vscode-ansi-1.1.7
vscode-dotnet-runtime ms-dotnettools 2.1.5 ms-dotnettools.vscode-dotnet-runtime-2.1.5
vscode-gradle vscjava 3.16.4 vscjava.vscode-gradle-3.16.4
vscode-java-debug vscjava 0.58.0 vscjava.vscode-java-debug-0.58.0
vscode-java-dependency vscjava 0.24.0 vscjava.vscode-java-dependency-0.24.0
vscode-java-pack vscjava 0.29.0 vscjava.vscode-java-pack-0.29.0
vscode-java-test vscjava 0.42.0 vscjava.vscode-java-test-0.42.0
vscode-jsonnet Grafana 0.6.1 grafana.vscode-jsonnet-0.6.1
vscode-maven vscjava 0.44.0 vscjava.vscode-maven-0.44.0
vscode-pylance ms-python 2024.8.2 ms-python.vscode-pylance-2024.8.2
vscode-yaml redhat 1.15.0 redhat.vscode-yaml-1.15.0
vscodeintellicode VisualStudioExptTeam 1.3.1 visualstudioexptteam.vscodeintellicode-1.3.1

Extension version: 2.39.29 VS Code version: Code 1.92.2 (Universal) (fee1edb8d6d72a0ddff41e5f71a671c23ed924b9, 2024-08-14T17:29:30.058Z) OS version: Darwin arm64 23.6.0 Modes:

System Info
Item Value
CPUs Apple M2 Pro (10 x 2400)
GPU Status 2d_canvas: enabled
canvas_oop_rasterization: enabled_on
direct_rendering_display_compositor: disabled_off_ok
gpu_compositing: enabled
multiple_raster_threads: enabled_on
opengl: enabled_on
rasterization: enabled
raw_draw: disabled_off_ok
skia_graphite: disabled_off
video_decode: enabled
video_encode: enabled
webgl: enabled
webgl2: enabled
webgpu: enabled
webnn: disabled_off
Load (avg) 3, 3, 3
Memory (System) 16.00GB (0.06GB free)
Process Argv --crash-reporter-id 830ea1cb-5cd9-4878-9098-4764a60399f9
Screen Reader no
VM 0%
A/B Experiments 
vsliv368cf:30146710
vspor879:30202332
vspor708:30202333
vspor363:30204092
vscod805cf:30301675
binariesv615:30325510
vsaa593:30376534
py29gd2263:31024239
c4g48928:30535728
azure-dev_surveyone:30548225
a9j8j154:30646983
962ge761:30959799
pythongtdpath:30769146
welcomedialog:30910333
pythonnoceb:30805159
asynctok:30898717
pythonregdiag2:30936856
pythonmypyd1:30879173
h48ei257:31000450
pythontbext0:30879054
accentitlementst:30995554
dsvsc016:30899300
dsvsc017:30899301
dsvsc018:30899302
cppperfnew:31000557
dsvsc020:30976470
pythonait:31006305
dsvsc021:30996838
g316j359:31013175
pythoncenvpt:31062603
a69g1124:31058053
dvdeprecation:31068756
dwnewjupytercf:31046870
newcmakeconfigv2:31071590
impr_priority:31102340
refactort:31108082
pythonrstrctxt:31112756
flightc:31119335
wkspc-onlycs-t:31111718
wkspc-ranged-t:31125599
fje88620:31121564
aajjf12562cf:31125794

jkinsfather avatar Sep 03 '24 18:09 jkinsfather

@jkinsfather if you have it, could you also include the full JSON of the failing code action request? It should be in the 'C# LSP Trace Logs' output window when dotnet.server.trace is set to Trace (looks like you have that enabled).

I suspect that the semgrep diagnostic has an invalid URI somewhere in it, which is getting serialized in the code action request.

dibarbet avatar Sep 03 '24 18:09 dibarbet

@dibarbet here is a zip of the 'C# LSP Trace Logs' 7-C# LSP Trace Logs.log.zip

Is this the correct JSON?

[Trace - 1:08:33 PM] Sending request 'textDocument/codeAction - (2)'.
Params: {
    "textDocument": {
        "uri": "file:///Users/jkinsfather/repo/apps/dvcsharp-api/semgrep_test.cs"
    },
    "range": {
        "start": {
            "line": 9,
            "character": 1
        },
        "end": {
            "line": 9,
            "character": 1
        }
    },
    "context": {
        "diagnostics": [],
        "triggerKind": 2
    }
}

[Trace - 1:08:33 PM] Received response 'textDocument/codeAction - (2)' in 62ms. Request failed: The task was cancelled. (-32800).

jkinsfather avatar Sep 03 '24 20:09 jkinsfather