feat: code action for OSS via LS in IntelliJ [IDE-284] (#530)

* feat: code action oss

* chore: add CHANGELOG

CHANGELOG.md

@@ -1,6 +1,8 @@
 # Snyk Security Changelog
 
 ## [2.8.8]
+### Added
+- renders code actions and code lenses for OpenSource scans via the LS
 
 ### Fixes
 - change some of the colours used in the HTML panel so it's consistent with designs

src/main/kotlin/snyk/code/annotator/CodeActionIntention.kt

@@ -71,7 +71,13 @@ class CodeActionIntention(
 
     override fun getIcon(p0: Int): Icon {
         return when (product) {
-            ProductType.OSS -> SnykIcons.OPEN_SOURCE_SECURITY
+            ProductType.OSS -> {
+                if (this.codeAction.title.startsWith("Upgrade to")) {
+                    SnykIcons.CHECKMARK_GREEN
+                } else {
+                    SnykIcons.OPEN_SOURCE_SECURITY
+                }
+            }
             ProductType.IAC -> SnykIcons.IAC
             ProductType.CONTAINER -> SnykIcons.CONTAINER
             ProductType.CODE_SECURITY -> SnykIcons.SNYK_CODE
@@ -84,6 +90,7 @@ class CodeActionIntention(
     override fun getPriority(): PriorityAction.Priority {
         return when {
             codeAction.title.contains("fix", ignoreCase = true) -> PriorityAction.Priority.TOP
+            codeAction.title.contains("Upgrade to", ignoreCase = true) -> PriorityAction.Priority.TOP
             else -> issue.getSeverityAsEnum().getQuickFixPriority()
         }
     }

src/main/kotlin/snyk/code/annotator/SnykAnnotator.kt

@@ -20,7 +20,7 @@ import java.util.concurrent.TimeoutException
 
 private const val CODEACTION_TIMEOUT = 2L
 
-abstract class SnykAnnotator(private val product: ProductType): ExternalAnnotator<PsiFile, Unit>() {
+abstract class SnykAnnotator(private val product: ProductType) : ExternalAnnotator<PsiFile, Unit>() {
     val logger = logger<SnykAnnotator>()
 
     // overrides needed for the Annotator to invoke apply(). We don't do anything here
@@ -32,7 +32,11 @@ abstract class SnykAnnotator(private val product: ProductType): ExternalAnnotato
         AnnotatorCommon.prepareAnnotate(psiFile)
     }
 
-    override fun apply(psiFile: PsiFile, annotationResult: Unit, holder: AnnotationHolder) {
+    override fun apply(
+        psiFile: PsiFile,
+        annotationResult: Unit,
+        holder: AnnotationHolder,
+    ) {
         if (!LanguageServerWrapper.getInstance().ensureLanguageServerInitialized()) return
 
         getIssuesForFile(psiFile)
@@ -47,25 +51,27 @@ abstract class SnykAnnotator(private val product: ProductType): ExternalAnnotato
                     return@forEach
                 }
                 if (!textRange.isEmpty) {
-                    val annotationMessage = "${issue.annotationMessage()} (Snyk)"
+                    val annotationMessage = issue.annotationMessage()
                     holder.newAnnotation(highlightSeverity, annotationMessage)
                         .range(textRange)
                         .withFix(ShowDetailsIntentionAction(annotationMessage, issue))
                         .create()
 
-                    val params = CodeActionParams(
-                        TextDocumentIdentifier(psiFile.virtualFile.toLanguageServerURL()),
-                        issue.range,
-                        CodeActionContext(emptyList())
-                    )
+                    val params =
+                        CodeActionParams(
+                            TextDocumentIdentifier(psiFile.virtualFile.toLanguageServerURL()),
+                            issue.range,
+                            CodeActionContext(emptyList()),
+                        )
                     val languageServer = LanguageServerWrapper.getInstance().languageServer
-                    val codeActions = try {
-                        languageServer.textDocumentService
-                            .codeAction(params).get(CODEACTION_TIMEOUT, TimeUnit.SECONDS) ?: emptyList()
-                    } catch (ignored: TimeoutException) {
-                        logger.info("Timeout fetching code actions for issue: $issue")
-                        emptyList()
-                    }
+                    val codeActions =
+                        try {
+                            languageServer.textDocumentService
+                                .codeAction(params).get(CODEACTION_TIMEOUT, TimeUnit.SECONDS) ?: emptyList()
+                        } catch (ignored: TimeoutException) {
+                            logger.info("Timeout fetching code actions for issue: $issue")
+                            emptyList()
+                        }
 
                     codeActions
                         .filter { a ->
@@ -78,7 +84,7 @@ abstract class SnykAnnotator(private val product: ProductType): ExternalAnnotato
                             val title = codeAction.title
                             holder.newAnnotation(highlightSeverity, title)
                                 .range(textRange)
-                                .withFix(CodeActionIntention(issue, codeAction, ProductType.CODE_SECURITY))
+                                .withFix(CodeActionIntention(issue, codeAction, product))
                                 .create()
                         }
                 }
@@ -94,7 +100,10 @@ abstract class SnykAnnotator(private val product: ProductType): ExternalAnnotato
             ?: emptySet()
 
     /** Public for Tests only */
-    fun textRange(psiFile: PsiFile, range: Range): TextRange? {
+    fun textRange(
+        psiFile: PsiFile,
+        range: Range,
+    ): TextRange? {
         try {
             val document =
                 psiFile.viewProvider.document ?: throw IllegalArgumentException("No document found for $psiFile")

src/main/kotlin/snyk/common/lsp/LanguageServerSettings.kt

@@ -39,6 +39,7 @@ data class LanguageServerSettings(
     @SerializedName("authenticationMethod") val authenticationMethod: AuthenticationMethod? = null,
     @SerializedName("snykCodeApi") val snykCodeApi: String? = null,
     @SerializedName("enableSnykLearnCodeActions") val enableSnykLearnCodeActions: String? = null,
+    @SerializedName("enableSnykOSSQuickFixCodeActions") val enableSnykOSSQuickFixCodeActions: String? = null,
     @SerializedName("requiredProtocolVersion") val requiredProtocolVersion: String =
         pluginSettings().requiredLsProtocolVersion.toString(),
 )
@@ -47,13 +48,13 @@ data class SeverityFilter(
     @SerializedName("critical") val critical: Boolean?,
     @SerializedName("high") val high: Boolean?,
     @SerializedName("medium") val medium: Boolean?,
-    @SerializedName("low") val low: Boolean?
+    @SerializedName("low") val low: Boolean?,
 )
 
 enum class AuthenticationMethod {
     @SerializedName("token")
     TokenAuthentication,
 
     @SerializedName("oauth")
-    OAuthAuthentication
+    OAuthAuthentication,
 }

src/main/kotlin/snyk/common/lsp/LanguageServerWrapper.kt

@@ -358,6 +358,7 @@ class LanguageServerWrapper(
             scanningMode = if (!ps.scanOnSave) "manual" else "auto",
             integrationName = pluginInfo.integrationName,
             integrationVersion = pluginInfo.integrationVersion,
+            enableSnykOSSQuickFixCodeActions = "true",
         )
     }
 

src/main/kotlin/snyk/common/lsp/Types.kt

@@ -247,12 +247,12 @@ data class ScanIssue(
 
     fun annotationMessage(): String {
         return when (this.additionalData.getProductType()) {
-            ProductType.OSS -> this.title
+            ProductType.OSS -> this.title + " in " + this.additionalData.packageName + " id: " + this.ruleId()
             ProductType.CODE_SECURITY, ProductType.CODE_QUALITY ->
                 this.title.ifBlank {
                     this.additionalData.message.let {
                         if (it.length < 70) it else "${it.take(70)}..."
-                    }
+                    } + " (Snyk)"
                 }
 
             else -> TODO()