Merge branch 'master' into chore/IDE-579-ai-fix-styles

CHANGELOG.md

@@ -1,25 +1,37 @@
 # Snyk Security Changelog
 
-
-## [2.9.2]
-### Changed
-- Generate fix using Snyk DeepCode AI, Apply fix, Retry generating AI fixes
-
-
-## [2.9.1]
+## [2.10.0]
 ### Changed
 - save git folder config in settings
 - propagate Jetbrains determined runtime environment to language server
 - automatically propagate standard file path for CLI if empty on apply in settings
 - guard base branch setting against being empty
 - better error messaging when unexpected loop occurs during initialization
 - switch downloads to downloads.snyk.io
+- added support for net new scans
+- allow annotations during IntelliJ indexing
+- add gutter icons for Snyk issues
+- add option to switch gutter icons on/off
+- add color and highlighting setting for Snyk issues
+- add dialog to choose reference branch when net new scanning
+- always display info nodes
+- add option in IntelliJ registry to display tooltips with issue information
+- display documentation info when hovering over issue
+- Generate fix using Snyk DeepCode AI, Apply fix, Retry generating AI fixes
 
 ### Fixes
 - add name to code vision provider
 - add flashes for auto-fixable Open Source Issues
 - show code vision for Open Source also, when Snyk Code is still analysing
 - clean-up old open source scan functionality
+- don't print out exceptions during shutdown of the app/plugin
+- if the language server listener is shut down, set initialized to false
+- log error stream of language server to idea.log
+- show error / warn messages if the project is null (e.g. for offline handling)
+
+## [2.9.1]
+### Fixed
+- propagate IntelliJ environment to language server. This should mitigate the issue of not finding package managers during scans.
 
 ## [2.9.0]
 ### Changed

README.md

@@ -2,58 +2,30 @@
 description: Use this documentation to get started with the JetBrains plugin.
 ---
 
-# JetBrains plugins
-<!-- Plugin description start -->
+# JetBrains plugin
 
-Snyk offers IDE integrations that allow you to use the functionality of Snyk in your Integrated Development Environment. This page describes the Snyk JetBrains plugins. For information about all of the IDE plugins and their use, see [Snyk for IDEs](https://docs.snyk.io/ide-tools) in the docs.
+## **Scan early, fix as you develop: elevate your security posture**
 
-Snyk supports JetBrains plugins from version 2020.2 for [IntelliJ IDEA](https://snyk.io/lp/intellij-ide-plugin/) and [WebStorm](https://snyk.io/lp/webstorm-ide-plugin/) as well as Android Studio, AppCode, GoLand, PhpStorm, PyCharm, Rider, and RubyMine.
+Integrating security checks early in your development lifecycle helps you pass security reviews seamlessly and avoid expensive fixes down the line.
 
+The Snyk JetBrains plugin allows you to analyze your code, open-source dependencies, Docker images, and Infrastructure as Code (IaC) configurations. With actionable insights directly in your IDE, you can address issues as they arise.
 
-Snyk uses Python in order to scan and find your dependencies. If you are using multiple Python versions, use the -`-command` option to specify the correct Python command for execution. The plugin does not detect the Python version associated with the project.
+**Key features:**
 
+* **In-line issue highlighting:** Security issues are flagged directly within your code, categorized by type and severity for quick identification and resolution.
+* **Comprehensive scanning:** The extension scans for a wide range of security issues, including:
+  * [**Open Source Security**](https://snyk.io/product/open-source-security-management/)**:** Detects vulnerabilities and license issues in both direct and transitive open-source dependencies. Automated fix suggestions simplify remediation. Explore more in the [Snyk Open Source documentation](https://docs.snyk.io/scan-using-snyk/snyk-open-source).
+  * [**Code Security**](https://snyk.io/product/snyk-code/)**:** Identifies security vulnerabilities in your custom code. Explore more in the [Snyk Code documentation](https://docs.snyk.io/scan-using-snyk/snyk-code).
+  * [**IaC Security**](https://snyk.io/product/infrastructure-as-code-security/)**:** Uncovers configuration issues in your Infrastructure as Code templates (Terraform, Kubernetes, CloudFormation, Azure Resource Manager). Explore more in the [IaC documentation](https://docs.snyk.io/scan-using-snyk/snyk-iac).
+  * [**Container Security**](https://snyk.io/product/container-vulnerability-management/): Finds security vulnerabilities in your base images; supports all the [operating system distributions supported by Snyk Container](https://docs.snyk.io/scan-using-snyk/snyk-container/how-snyk-container-works/operating-system-distributions-supported-by-snyk-container). See also the [Snyk Container](https://docs.snyk.io/scan-using-snyk/snyk-container) docs.
+* **Broad language and framework support:** Snyk Open Source and Snyk Code cover a wide array of package managers, programming languages, and frameworks, with ongoing updates to support the latest technologies. For the most up-to-date information on supported languages, package managers, and frameworks, see the [supported language technologies pages](https://docs.snyk.io/supported-languages-package-managers-and-frameworks).
 
-The Snyk JetBrains plugins provide analysis of your code, containers, and Infrastructure as Code configurations. The plugin is based on the Snyk CLI and also uses Snyk APIs. The plugin supports product features in the CLI for Snyk Open Source and Snyk Container as well as for Snyk Code and Snyk IaC with some limitations.
+## How to install and set up the extension
 
-Snyk scans for vulnerabilities and misconfigurations and returns results with security issues categorized by issue type and severity.
 
-For open source, you receive automated algorithm-based fix suggestions for both direct and transitive dependencies. For containers, you can automate upgrades to the most secure base image to quickly resolve numerous vulnerabilities. This single plugin provides a Java vulnerability scanner, a custom code vulnerability scanner, an open-source security scanner, and an application security plugin.
+The latest Snyk JetBrains plugin is supported by all JetBrains IDEs 2023.3 or newer.
 
-Snyk scans for the following types of issues:
-
-[**Open Source Security**](https://snyk.io/product/open-source-security-management/) - security vulnerabilities and license issues in both direct and in-direct (transitive) open-source dependencies pulled into the Snyk Project. See also the [Open Source docs](https://docs.snyk.io/products/snyk-open-source).
-
-[**Code Security**](https://snyk.io/product/snyk-code/) - security vulnerabilities in your code. See also the [Snyk Code docs](https://docs.snyk.io/products/snyk-code).
-
-[**Container Security**](https://snyk.io/product/container-vulnerability-management/) - security vulnerabilities in your base images. See also the [Snyk Container docs](https://docs.snyk.io/products/snyk-container).
-
-[**Infrastructure as Code (IaC) Security**](https://snyk.io/product/infrastructure-as-code-security/) - configuration issues in your IaC templates: Terraform, Kubernetes, CloudFormation, and Azure Resource Manager. See also the [Snyk Infrastructure as Code docs](https://docs.snyk.io/products/snyk-infrastructure-as-code).
-
-The JetBrains plugins also provide the [**Open Source Advisor**](https://snyk.io/advisor/) to help you find the best package for your next project. Information is provided on the package health of the direct dependencies you are using including popularity, maintenance, risk, and community insights.
-
-After you complete the installation steps on this page and the [configuration](https://docs.snyk.io/ide-tools/jetbrains-plugins/configuration-environment-variables-and-proxy-for-the-jetbrains-plugins) and [authentication](https://docs.snyk.io/ide-tools/jetbrains-plugins/authentication-for-the-jetbrains-plugins) steps on the next two pages, continue by following the instructions in the other JetBrains plugins docs:
-
-* [Run an analysis with the JetBrains plugins](https://docs.snyk.io/ide-tools/jetbrains-plugins/run-an-analysis-with-the-jetbrains-plugins)
-* [JetBrains analysis results: Open Source](https://docs.snyk.io/ide-tools/jetbrains-plugins/jetbrains-analysis-results-snyk-open-source)
-* [JetBrains analysis results: Snyk Code](https://docs.snyk.io/ide-tools/jetbrains-plugins/jetbrains-analysis-results-snyk-code)
-* [JetBrains analysis results: Snyk IaC Configuration](https://docs.snyk.io/ide-tools/jetbrains-plugins/jetbrains-analysis-results-snyk-iac-configuration)
-* [JetBrains analysis results: Snyk Container](https://docs.snyk.io/ide-tools/jetbrains-plugins/jetbrains-analysis-results-snyk-container)
-* [How Snyk Container and Kubernetes JetBrains integration works](https://docs.snyk.io/ide-tools/jetbrains-plugins/how-snyk-container-and-kubernetes-jetbrains-integration-works)
-* [Filter JetBrains results](https://docs.snyk.io/ide-tools/jetbrains-plugins/filter-jetbrains-results)
-* [Troubleshooting for the JetBrains plugin](https://docs.snyk.io/ide-tools/jetbrains-plugins/troubleshooting-for-the-jetbrains-plugin)
-
-<!-- Plugin description end -->
-## Supported languages, package managers, and frameworks
-
-* For Snyk Open Source, the JetBrains plugin supports the languages and package managers supported by Snyk Open Source and the CLI. For more information, see [Supported languages, frameworks, and feature availability overview, Open Source section](https://docs.snyk.io/scan-applications/supported-languages-and-frameworks/supported-languages-frameworks-and-feature-availability-overview#open-source-and-licensing-snyk-open-source).
-* For Snyk Code, the JetBrains plugin supports all the languages and frameworks supported by Snyk Code. For more information, see [Supported languages, frameworks, and feature availability overview, Snyk Code section](https://docs.snyk.io/scan-applications/supported-languages-and-frameworks/supported-languages-frameworks-and-feature-availability-overview#code-analysis-snyk-code). Before scanning your repositories with Snyk Code, ensure you have [enabled Snyk Code](../../../scan-with-snyk/snyk-code/configure-snyk-code.md).&#x20;
-* For Snyk Container: the JetBrains plugin supports all the [operating system distributions supported by Snyk Container](https://docs.snyk.io/products/snyk-container/snyk-container-security-basics/supported-operating-system-distributions).
-* For Snyk IaC, the JetBrains plugin supports the following IaC templates: Terraform, Kubernetes, CloudFormation, and Azure Resource Manager.
-
-## Supported operating systems and architecture
-
-
-Snyk Plugins are not supported on any Operating System that has reached End Of Life (EOL) with the distributor.
+An older plugin version is supported by JetBrains IDEs 2020.3 or newer.
 
 
 You can use the Snyk JetBrains plugin in the following environments:
@@ -63,23 +35,19 @@ You can use the Snyk JetBrains plugin in the following environments:
 * Windows: 386, AMD64, and ARM64
 * MacOS: AMD64 and ARM64
 
-## **Install the JetBrains plugin**
+Install the plugin at any time free of charge from the [JetBrains marketplace](https://plugins.jetbrains.com/plugin/10972-snyk-vulnerability-scanner) and use it with any Snyk account, including the Free plan. For more information, see the [IDEA plugin installation guide](https://www.jetbrains.com/help/idea/managing-plugins.html).
 
-The Snyk JetBrains plugin is available for installation on the [JetBrains marketplace](https://plugins.jetbrains.com/plugin/10972-snyk-vulnerability-scanner).
+When the extension is installed, it automatically downloads the  [Snyk CLI,](https://docs.snyk.io/snyk-cli) which includes the [Language Server](https://docs.snyk.io/scm-ide-and-ci-cd-integrations/snyk-ide-plugins-and-extensions/snyk-language-server).
 
-Install using the IDE plugins library:
+Continue by following the instructions in the other JetBrains plugin docs:
 
-1. Open the **Preferences** window in the IDE.
-2. Navigate to the **Plugins** tab.
-3. In the **Plugins** tab, search for **Snyk**.
-4. Select the **Snyk vulnerability scanning** plugin.
-5. Click on the **Install** button.
-6. When the installation is complete, restart the IDE.
-
-<figure><img src="https://github.com/snyk/user-docs/raw/HEAD/docs/.gitbook/assets/Screen Shot 2022-03-09 at 5.06.13 PM (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1 (7).png" alt="Select the Snyk vulnerability scanning plugin"><figcaption><p>Select the Snyk vulnerability scanning plugin</p></figcaption></figure>
-
-Continue with the steps on the JetBrains [configuration](https://docs.snyk.io/ide-tools/jetbrains-plugins/configuration-environment-variables-and-proxy-for-the-jetbrains-plugins) page.
+* [Configuration, environment variables, and proxy for the JetBrains plugins](https://docs.snyk.io/scm-ide-and-ci-cd-integrations/snyk-ide-plugins-and-extensions/jetbrains-plugins/configuration-environment-variables-and-proxy-for-the-jetbrains-plugins)
+* [JetBrains plugin authentication](https://docs.snyk.io/scm-ide-and-ci-cd-integrations/snyk-ide-plugins-and-extensions/jetbrains-plugins/authentication-for-the-jetbrains-plugins)
+* [JetBrains plugin folder trust](https://docs.snyk.io/scm-ide-and-ci-cd-integrations/snyk-ide-plugins-and-extensions/jetbrains-plugins/jetbrains-plugin-folder-trust)
+* [Run an analysis with the JetBrains plugins](https://docs.snyk.io/scm-ide-and-ci-cd-integrations/snyk-ide-plugins-and-extensions/jetbrains-plugins/run-an-analysis-with-the-jetbrains-plugins)
 
 ## Support
 
+For troubleshooting and known issues, see [Troubleshooting for the JetBrains plugin](https://docs.snyk.io/scm-ide-and-ci-cd-integrations/snyk-ide-plugins-and-extensions/jetbrains-plugins/troubleshooting-for-the-jetbrains-plugin).
+
 If you need help, submit a [request](https://support.snyk.io/hc/en-us/requests/new) to Snyk Support.

build.gradle.kts

@@ -175,7 +175,7 @@ tasks {
         untilBuild.set(properties("pluginUntilBuild"))
 
         val content = File("$projectDir/README.md").readText()
-        val startIndex = content.indexOf("# JetBrains plugins")
+        val startIndex = content.indexOf("# JetBrains plugin")
         val descriptionFromReadme = content.substring(startIndex).lines().joinToString("\n").run { markdownToHTML(this) }
         pluginDescription.set(descriptionFromReadme)
 

src/main/kotlin/io/snyk/plugin/Severity.kt

@@ -72,15 +72,6 @@ enum class Severity {
         private const val SEVERITY_MEDIUM = "medium"
         private const val SEVERITY_LOW = "low"
 
-        fun getFromIndex(index: Int): Severity =
-            when (index) {
-                4 -> CRITICAL
-                3 -> HIGH
-                2 -> MEDIUM
-                1 -> LOW
-                else -> UNKNOWN
-            }
-
         fun getFromName(name: String): Severity =
             when (name) {
                 SEVERITY_CRITICAL -> CRITICAL

src/main/kotlin/io/snyk/plugin/SnykPostStartupActivity.kt

@@ -86,7 +86,7 @@ class SnykPostStartupActivity : ProjectActivity {
         }
 
         if (!settings.token.isNullOrBlank() && settings.scanOnSave) {
-            getSnykTaskQueueService(project)?.scan(true)
+            getSnykTaskQueueService(project)?.scan()
         }
 
         ExtensionPointsUtil.controllerManager.extensionList.forEach {

src/main/kotlin/io/snyk/plugin/SnykProjectManagerListener.kt

@@ -28,8 +28,10 @@ class SnykProjectManagerListener : ProjectManagerListener {
                             ls.updateWorkspaceFolders(emptySet(), ls.getWorkspaceFolders(project))
                         }
                     }.get(TIMEOUT, TimeUnit.SECONDS)
-                } catch (ignored: RuntimeException) {
-                    logger<SnykProjectManagerListener>().info("Project closing clean up took too long", ignored)
+                } catch (ignored: Exception) {
+                    val logger = logger<SnykProjectManagerListener>()
+                    logger.warn("Project closing clean up took longer than $TIMEOUT seconds")
+                    logger.debug(ignored)
                 }
             }
         }

src/main/kotlin/io/snyk/plugin/Utils.kt

@@ -58,14 +58,9 @@ import java.io.File
 import java.io.FileNotFoundException
 import java.net.URI
 import java.nio.file.Path
-import java.security.KeyStore
 import java.util.Objects.nonNull
 import java.util.SortedSet
 import java.util.concurrent.TimeUnit
-import javax.net.ssl.SSLContext
-import javax.net.ssl.TrustManager
-import javax.net.ssl.TrustManagerFactory
-import javax.net.ssl.X509TrustManager
 import javax.swing.JComponent
 
 private val logger = Logger.getInstance("#io.snyk.plugin.UtilsKt")
@@ -223,6 +218,8 @@ fun isFileListenerEnabled(): Boolean = pluginSettings().fileListenerEnabled
 fun isSnykIaCLSEnabled(): Boolean = false
 
 
+fun isDocumentationHoverEnabled(): Boolean = Registry.get("snyk.isDocumentationHoverEnabled").asBoolean()
+
 fun getWaitForResultsTimeout(): Long =
     Registry.intValue(
         "snyk.timeout.results.waiting",
@@ -233,51 +230,41 @@ const val DEFAULT_TIMEOUT_FOR_SCAN_WAITING_MIN = 12L
 val DEFAULT_TIMEOUT_FOR_SCAN_WAITING_MS =
     TimeUnit.MILLISECONDS.convert(DEFAULT_TIMEOUT_FOR_SCAN_WAITING_MIN, TimeUnit.MINUTES).toInt()
 
-fun getSSLContext(): SSLContext {
-    val trustManager = getX509TrustManager()
-    val sslContext = SSLContext.getInstance("TLSv1.2")
-    sslContext.init(null, arrayOf<TrustManager>(trustManager), null)
-    return sslContext
-}
-
-fun getX509TrustManager(): X509TrustManager {
-    val trustManagerFactory: TrustManagerFactory = TrustManagerFactory.getInstance(
-        TrustManagerFactory.getDefaultAlgorithm()
-    )
-    trustManagerFactory.init(null as KeyStore?)
-    val trustManagers: Array<TrustManager> = trustManagerFactory.trustManagers
-    check(!(trustManagers.size != 1 || trustManagers[0] !is X509TrustManager)) {
-        ("Unexpected default trust managers:${trustManagers.contentToString()}")
-    }
-    return trustManagers[0] as X509TrustManager
-}
-
-fun findPsiFileIgnoringExceptions(virtualFile: VirtualFile, project: Project): PsiFile? =
-    if (!virtualFile.isValid || project.isDisposed) {
+fun findPsiFileIgnoringExceptions(virtualFile: VirtualFile, project: Project): PsiFile? {
+    return if (!virtualFile.isValid || project.isDisposed) {
         null
     } else {
         try {
-            PsiManager.getInstance(project).findFile(virtualFile)
+            var psiFile : PsiFile? = null
+            ReadAction.run<RuntimeException> {
+                psiFile = PsiManager.getInstance(project).findFile(virtualFile)
+            }
+            return psiFile
         } catch (ignored: Throwable) {
             null
         }
     }
+}
 
 fun refreshAnnotationsForOpenFiles(project: Project) {
     if (project.isDisposed || ApplicationManager.getApplication().isDisposed) return
-    VirtualFileManager.getInstance().asyncRefresh()
+    runAsync {
+        VirtualFileManager.getInstance().asyncRefresh()
 
-    val openFiles = FileEditorManager.getInstance(project).openFiles
+        val openFiles = FileEditorManager.getInstance(project).openFiles
 
-    ApplicationManager.getApplication().invokeLater {
-        if (!project.isDisposed) {
-            project.service<CodeVisionHost>().invalidateProvider(CodeVisionHost.LensInvalidateSignal(null))
+        ApplicationManager.getApplication().invokeLater {
+            if (!project.isDisposed) {
+                project.service<CodeVisionHost>().invalidateProvider(CodeVisionHost.LensInvalidateSignal(null))
+            }
         }
-    }
-    openFiles.forEach {
-        val psiFile = findPsiFileIgnoringExceptions(it, project)
-        if (psiFile != null) {
-            DaemonCodeAnalyzer.getInstance(project).restart(psiFile)
+        openFiles.forEach {
+            val psiFile = findPsiFileIgnoringExceptions(it, project)
+            if (psiFile != null) {
+                invokeLater {
+                    DaemonCodeAnalyzer.getInstance(project).restart(psiFile)
+                }
+            }
         }
     }
 }

src/main/kotlin/io/snyk/plugin/extensions/SnykControllerImpl.kt

@@ -13,7 +13,7 @@ class SnykControllerImpl(val project: Project) : SnykController {
      * scan enqueues a scan of the project for vulnerabilities.
      */
     override fun scan() {
-        getSnykTaskQueueService(project)?.scan(false)
+        getSnykTaskQueueService(project)?.scan()
     }
 
     /**