DevSkim icon indicating copy to clipboard operation
DevSkim copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Bump to .NET 6 and Rewrite VS Code

Open gfs opened this issue 3 years ago • 5 comments

Changes

Rewrite VS Code to leverage the .NET CLI. Add additional functionality to .NET CLI to support this use case - the extension uses the new --useStdin which listens for the contents of a single file followed by EOF and then runs analysis on the provided data. Create a VS2022 extension (WIP) #343. This PR Creates it but does not set up the pipeline for publishing it yet. RuleProcessor now takes a RuleProcessorOptions object as an optional parameter. Version change to 0.7. Adds BOM gathering.

Fix #344 Fix #303

To build the VS Code Extension

Checkout the code. Get Node (I downloaded the left one currently 16 something). https://nodejs.org/en/ Get .NET 6 SDK. https://dotnet.microsoft.com/en-us/download Open your favorite shell. Go to the DevSkim-VSCode-Plugin folder. Run npm run pack-ext.

Open VS Code, Go to Extensions Tab, Click the ... and choose "Install from VSIX." and select the vsix you built above. This should also automatically install the .NET helper extension.

image

Known Issues

Visual Studio

  • Both VS 2019 and VS 2022 extensions are crashing when attempting to apply a fix because the spans provided are newer than the ones in the error list. It is unclear what is causing this desync.
  • The VS 2022 extension is very slow.
  • The VS Extension Options xaml has gone missing.
  • Considering switching to language server model but the sample project only works with VS 2017.

VS Code

  • None.

gfs avatar Jan 26 '22 02:01 gfs

The code is now working (when the files get placed in the right location).

Remaining issue is getting the build to work properly.

Hoping to wrap this up by tomorrow.

gfs avatar Jan 27 '22 21:01 gfs

Known issues:

~The pattern for the fix is ignored and instead the match is replaced with the replacement text. Instead it looks like the match from the finding should be checked against the pattern object in the fix and then anything that matches that pattern, inside the finding, is replaced. Requires either adding a "calculate-fixed" to the dotnet CLI or reimplementing the pattern matching behavior in typescript.~

Now fixed. Fixes for the VSCode version are generated using the RuleProcessor.Fix method which was previously used for both the sarif output and the VS Extension.

gfs avatar Jan 28 '22 23:01 gfs

@daalcant for signing this vsix should we sign the .NET dlls then embed them or just present the whole vsix to be signed?

gfs avatar Jan 29 '22 03:01 gfs

The extension currently behaves differently in VS 2019 and 2022. Debugging the 2022 version is very slow, while the 2019 version is tolerable.

In this PR in both versions if you attempt to apply a fix the errors will be out of date with the current spans and it will throw an exception.

gfs avatar Jan 31 '22 22:01 gfs

Reverted to a draft. Am going to take a different approach to create a single Language Server written in C# that leverages the DevSkim library and use that for both VS Code and VS 2022 and 2019. Will be returning to work on this next week.

gfs avatar Feb 16 '22 21:02 gfs

Reimplementing in a different branch.

gfs avatar Oct 07 '22 02:10 gfs