fix: show most severe vulnerability action is displayed (#402)

Signed-off-by: Bastian Doetsch <[email protected]>
snyk · Nov 29, 2023 · 44c0e41 · 44c0e41
1 parent 274027a
commit 44c0e41
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 29 deletions.
diff --git a/src/snyk/snykOss/providers/ossCodeActionsProvider.ts b/src/snyk/snykOss/providers/ossCodeActionsProvider.ts
@@ -10,6 +10,7 @@ import { ICodeActionAdapter, ICodeActionKindAdapter } from '../../common/vscode/
 import { IVSCodeLanguages } from '../../common/vscode/languages';
 import { CodeActionContext } from '../../common/vscode/types';
 import { DIAGNOSTICS_OSS_COLLECTION_NAME_LS } from '../../snykCode/constants/analysis';
+import { getOssIssueCommandArg } from './ossIssueCommandHelper';
 
 export class OssCodeActionsProvider extends CodeActionsProvider<OssIssueData> {
   constructor(
@@ -38,7 +39,7 @@ export class OssCodeActionsProvider extends CodeActionsProvider<OssIssueData> {
       return;
     }
 
-    const mostSevereVulnerability = this.getMostSevereVulnerability(vulnerabilities);
+    const mostSevereVulnerability = this.getMostSevereVulnerability(vulnerabilities, folderPath);
     if (!mostSevereVulnerability) {
       return;
     }
@@ -142,7 +143,10 @@ export class OssCodeActionsProvider extends CodeActionsProvider<OssIssueData> {
     return vulnerabilities;
   }
 
-  private getMostSevereVulnerability(vulnerabilities: Issue<OssIssueData>[]): Issue<OssIssueData> | undefined {
+  private getMostSevereVulnerability(
+    vulnerabilities: Issue<OssIssueData>[],
+    folderPath: string,
+  ): Issue<OssIssueData> | undefined {
     // iterate vulnerabilities and get the most severe one
     // if there are multiple of the same severity, get the first one
     let highestSeverity = this.issueSeverityToRanking(IssueSeverity.Low);
@@ -155,6 +159,10 @@ export class OssCodeActionsProvider extends CodeActionsProvider<OssIssueData> {
       }
     }
 
-    return mostSevereVulnerability;
+    if (!mostSevereVulnerability) {
+      return;
+    }
+
+    return getOssIssueCommandArg(mostSevereVulnerability, folderPath, vulnerabilities);
   }
 }
diff --git a/src/snyk/snykOss/providers/ossIssueCommandHelper.ts b/src/snyk/snykOss/providers/ossIssueCommandHelper.ts
@@ -0,0 +1,26 @@
+import marked from 'marked';
+import { Issue, OssIssueData } from '../../common/languageServer/types';
+import { OssIssueCommandArg } from '../interfaces';
+
+export function getOssIssueCommandArg(
+  vuln: Issue<OssIssueData>,
+  folderPath: string,
+  filteredVulns: Issue<OssIssueData>[],
+): OssIssueCommandArg {
+  const matchingIdVulnerabilities = filteredVulns.filter(v => v.id === vuln.id);
+  let overviewHtml = '';
+
+  try {
+    // TODO: marked.parse does not sanitize the HTML. See: https://marked.js.org/#usage
+    overviewHtml = marked.parse(vuln.additionalData.description);
+  } catch (error) {
+    overviewHtml = '<p>There was a problem rendering the vulnerability overview</p>';
+  }
+
+  return {
+    ...vuln,
+    matchingIdVulnerabilities,
+    overviewHtml,
+    folderPath,
+  };
+}
diff --git a/src/snyk/snykOss/providers/ossVulnerabilityTreeProvider.ts b/src/snyk/snykOss/providers/ossVulnerabilityTreeProvider.ts
@@ -1,5 +1,4 @@
 import _ from 'lodash';
-import * as marked from 'marked';
 import { Command, Uri } from 'vscode';
 import { OpenCommandIssueType, OpenIssueCommandArg } from '../../common/commands/types';
 import { IConfiguration } from '../../common/configuration/configuration';
@@ -14,7 +13,7 @@ import { ProductIssueTreeProvider } from '../../common/views/issueTreeProvider';
 import { TreeNode } from '../../common/views/treeNode';
 import { IVSCodeLanguages } from '../../common/vscode/languages';
 import { messages } from '../constants/messages';
-import { OssIssueCommandArg } from '../interfaces';
+import { getOssIssueCommandArg } from './ossIssueCommandHelper';
 
 export default class OssIssueTreeProvider extends ProductIssueTreeProvider<OssIssueData> {
   constructor(
@@ -195,32 +194,9 @@ export default class OssIssueTreeProvider extends ProductIssueTreeProvider<OssIs
       arguments: [
         {
           issueType: OpenCommandIssueType.OssVulnerability,
-          issue: this.getOssIssueCommandArg(issue, folderPath, filteredIssues),
+          issue: getOssIssueCommandArg(issue, folderPath, filteredIssues),
         } as OpenIssueCommandArg,
       ],
     };
   }
-
-  getOssIssueCommandArg(
-    vuln: Issue<OssIssueData>,
-    folderPath: string,
-    filteredVulns: Issue<OssIssueData>[],
-  ): OssIssueCommandArg {
-    const matchingIdVulnerabilities = filteredVulns.filter(v => v.id === vuln.id);
-    let overviewHtml = '';
-
-    try {
-      // TODO: marked.parse does not sanitize the HTML. See: https://marked.js.org/#usage
-      overviewHtml = marked.parse(vuln.additionalData.description);
-    } catch (error) {
-      overviewHtml = '<p>There was a problem rendering the vulnerability overview</p>';
-    }
-
-    return {
-      ...vuln,
-      matchingIdVulnerabilities,
-      overviewHtml,
-      folderPath,
-    };
-  }
 }