From 2b57511f43d247e8bd4d4f1cc3f337e7c4bdaed8 Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Tue, 6 Aug 2024 14:24:26 -0700 Subject: [PATCH 01/27] Organize some stuff --- .vscode/extensions.json | 6 +++++- .vscode/launch.json | 4 ++-- .vscode/tasks.json | 46 +++++++++++++++++++---------------------- .vscodeignore | 8 +++++++ build.mjs | 25 ++++++++++++++++++++++ download-lspjs.sh | 9 ++++---- package.json | 6 +++--- src/constants.ts | 5 ++++- src/lsp.ts | 3 ++- 9 files changed, 75 insertions(+), 37 deletions(-) diff --git a/.vscode/extensions.json b/.vscode/extensions.json index cb9d6949..cb2c8b2c 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -1,3 +1,7 @@ { - "recommendations": ["Semgrep.semgrep", "Tobermory.es6-string-html"] +"recommendations": [ + "Semgrep.semgrep", + "Tobermory.es6-string-html", + "connor4312.esbuild-problem-matchers" +] } diff --git a/.vscode/launch.json b/.vscode/launch.json index 8d23b5eb..e9e956e1 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -8,7 +8,7 @@ "runtimeExecutable": "${execPath}", "args": ["--extensionDevelopmentPath=${workspaceRoot}"], "outFiles": ["${workspaceRoot}/out/**/*.js"], - "preLaunchTask": "watch-build" + "preLaunchTask": "watch" }, { "type": "node", @@ -34,7 +34,7 @@ "outFiles": ["${workspaceRoot}/out/**/*.js"], "preLaunchTask": { "type": "npm", - "script": "test-compile" + "script": "esbuild" } } ] diff --git a/.vscode/tasks.json b/.vscode/tasks.json index 3f149aac..071c6393 100644 --- a/.vscode/tasks.json +++ b/.vscode/tasks.json @@ -2,43 +2,39 @@ "version": "2.0.0", "tasks": [ { - "type": "npm", - "script": "compile", - "group": "build", + "label": "watch", + "dependsOn": ["npm: watch:tsc", "npm: watch:esbuild"], "presentation": { - "panel": "dedicated", "reveal": "never" }, - "problemMatcher": ["$tsc"] + "group": { + "kind": "build", + "isDefault": true + } }, { "type": "npm", - "label": "watch-build", - "script": "esbuild-watch", + "label": "npm: watch:esbuild", + "script": "watch:esbuild", "isBackground": true, - "problemMatcher": { - "owner": "typescript", - "fileLocation": "relative", - "pattern": { - "regexp": "^([^\\s].*)\\((\\d+|\\d+,\\d+|\\d+,\\d+,\\d+,\\d+)\\):\\s+(error|warning|info)\\s+(TS\\d+)\\s*:\\s*(.*)$", - "file": 1, - "location": 2, - "severity": 3, - "code": 4, - "message": 5 - }, - "background": { - "activeOnStart": true, - "beginsPattern": "\\[watch\\] build started.*", - "endsPattern": "\\[watch\\] build finished.*" - } + "problemMatcher": "$esbuild-watch", + "presentation": { + "reveal": "never" }, "group": { "kind": "build", "isDefault": true - }, + } + }, + { + "type": "npm", + "script": "watch:tsc", + "group": "build", + "problemMatcher": "$tsc-watch", + "isBackground": true, + "label": "npm: watch:tsc", "presentation": { - "panel": "dedicated", + "group": "watch", "reveal": "never" } } diff --git a/.vscodeignore b/.vscodeignore index c06f4a7b..b2afb906 100644 --- a/.vscodeignore +++ b/.vscodeignore @@ -2,6 +2,14 @@ .vscode-test/** out/test/** src/** +node_modules/** +.pre-commit-config.yaml +build.mjs +download-lspjs.sh +eslint.config.js +semgrep-version +images/** +.github/** .gitignore vsc-extension-quickstart.md **/tsconfig.json diff --git a/build.mjs b/build.mjs index d4a10ba3..cc2cfa17 100755 --- a/build.mjs +++ b/build.mjs @@ -6,6 +6,8 @@ import { sentryEsbuildPlugin } from "@sentry/esbuild-plugin"; async function buildSentrySourceMap() { esbuild.build({ sourcemap: true, // Source map generation must be turned on + bundle: true, + platform: "node", plugins: [ // Put the Sentry esbuild plugin after all other plugins sentryEsbuildPlugin({ @@ -25,6 +27,7 @@ async function buildExtension(watch) { platform: "node", format: "cjs", external: ["vscode"], + plugins: [esbuildProblemMatcherPlugin], sourcemap: isSourcemap, }; if (watch) { @@ -40,6 +43,7 @@ async function buildWebview(watch) { entryPoints: ["./src/webview-ui/index.tsx"], outfile: "./out/webview.js", bundle: true, + platform: "node", plugins: [cssModulesPlugin()], sourcemap: isSourcemap, }; @@ -54,6 +58,27 @@ async function buildWebview(watch) { const isWatch = process.argv.includes("--watch"); const isSourcemap = process.argv.includes("--sourcemap"); +/** + * @type {import('esbuild').Plugin} + */ +const esbuildProblemMatcherPlugin = { + name: "esbuild-problem-matcher", + + setup(build) { + build.onStart(() => { + console.log("[watch] build started"); + }); + build.onEnd((result) => { + result.errors.forEach(({ text, location }) => { + console.error(`✘ [ERROR] ${text}`); + console.error( + ` ${location.file}:${location.line}:${location.column}:`, + ); + }); + console.log("[watch] build finished"); + }); + }, +}; await Promise.all([ buildExtension(isWatch, isSourcemap), buildWebview(isWatch, isSourcemap), diff --git a/download-lspjs.sh b/download-lspjs.sh index f1dc50d1..1847f50c 100755 --- a/download-lspjs.sh +++ b/download-lspjs.sh @@ -1,12 +1,13 @@ #!/usr/bin/env bash set -eu # Check if lspjs exists and if its a symlink then exit -if [ -L lspjs ]; then +if [ -L dist/lspjs ]; then echo "lspjs symlink exists, not downloading as you are most likely using a local version" exit 0 fi -mkdir -p lspjs/dist -for var in "$@" +mkdir -p dist/lspjs +for var in Main.bc.js language-server-wasm.js semgrep-lsp-bindings.js semgrep-lsp.js do - curl https://static.semgrep.dev/static/turbo/$(cat ./semgrep-version)/language_server/dist/$var -o ./lspjs/dist/$var + echo "Downloading $var" + curl https://static.semgrep.dev/static/turbo/$(cat ./semgrep-version)/language_server/dist/$var -o ./dist/lspjs/$var done diff --git a/package.json b/package.json index d341b81b..485b4554 100644 --- a/package.json +++ b/package.json @@ -282,15 +282,15 @@ "vscode:prepublish": "npm run esbuild-base -- --minify", "esbuild-base": "npm run setup-lspjs && ./build.mjs", "esbuild": "npm run esbuild-base -- --sourcemap", - "esbuild-watch": "npm run esbuild-base -- --sourcemap --watch", - "test-compile": "tsc -p ./ && npm run esbuild", + "watch:esbuild": "npm run esbuild-base -- --sourcemap --watch", + "watch:tsc": "tsc --noEmit --watch --project tsconfig.json", "lint": "eslint src --ext ts", "pretest": "npm run test-compile && npm run lint && cp -rf src/test/fixtures out/src/test", "test-native": "node ./out/src/test/runTest.js", "test-js": "USE_JS=1 node ./out/src/test/runTest.js", "test": "npm run test-native && npm run test-js", "clean": "rm -rf ./out", - "setup-lspjs": "./download-lspjs.sh Main.bc.js language-server-wasm.js semgrep-lsp-bindings.js semgrep-lsp.js", + "setup-lspjs": "./download-lspjs.sh", "install:all": "npm install" }, "devDependencies": { diff --git a/src/constants.ts b/src/constants.ts index 5f8851f6..023c468d 100644 --- a/src/constants.ts +++ b/src/constants.ts @@ -1,3 +1,4 @@ +import path from "path"; import { SemVer } from "semver"; export const SEMGREP_BINARY = "semgrep"; @@ -7,7 +8,9 @@ export const CLIENT_NAME = "Semgrep"; export const DEFAULT_RULESET = "p/r2c"; export const VSCODE_CONFIG_KEY = "semgrep"; export const VSCODE_EXT_NAME = CLIENT_NAME; - +export const DIST_PATH = path.join(__dirname, "../dist"); +export const LSPJS_PATH = path.join(DIST_PATH, "lspjs/semgrep-lsp.js"); +export const DIST_BINARY_PATH = path.join(DIST_PATH, "osemgrep-pro"); export type VersionInfo = { latest: SemVer; min: SemVer; diff --git a/src/lsp.ts b/src/lsp.ts index 48159a2d..383d1ee2 100644 --- a/src/lsp.ts +++ b/src/lsp.ts @@ -29,6 +29,7 @@ import { CLIENT_ID, CLIENT_NAME, DIAGNOSTIC_COLLECTION_NAME, + LSPJS_PATH, } from "./constants"; import { Environment } from "./env"; import { rulesRefreshed, LspErrorParams } from "./lspExtensions"; @@ -140,7 +141,7 @@ async function serverOptionsCli( } function serverOptionsJs(env: Environment): ServerOptions { - const serverModule = path.join(__dirname, "../lspjs/dist/semgrep-lsp.js"); + const serverModule = LSPJS_PATH; const stackSize = env.config.get("stackSizeJS"); const heapSize = env.config.get("heapSizeJS"); const serverOptionsJs = { From cb01c77567bd0a8f208178f5623d877a68ed698d Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Thu, 15 Aug 2024 16:36:45 -0700 Subject: [PATCH 02/27] better debugging and smaller extension size --- .vscode/launch.json | 2 +- .vscodeignore | 2 +- build.mjs | 35 ++++++++++++++++++++++++++++------- package.json | 6 ++++++ src/constants.ts | 2 +- src/env.ts | 3 +++ src/lsp.ts | 9 ++++++--- 7 files changed, 46 insertions(+), 13 deletions(-) diff --git a/.vscode/launch.json b/.vscode/launch.json index e9e956e1..f5aaeada 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -14,7 +14,7 @@ "type": "node", "request": "attach", "name": "Attach to Server", - "port": 6009, + "port": 9229, "restart": true, "outFiles": [ "${workspaceRoot}/lspjs/out/**/*.js", diff --git a/.vscodeignore b/.vscodeignore index b2afb906..9d6bcda7 100644 --- a/.vscodeignore +++ b/.vscodeignore @@ -7,7 +7,7 @@ node_modules/** build.mjs download-lspjs.sh eslint.config.js -semgrep-version +dist/lspjs/** images/** .github/** .gitignore diff --git a/build.mjs b/build.mjs index cc2cfa17..ea836ed2 100755 --- a/build.mjs +++ b/build.mjs @@ -18,7 +18,25 @@ async function buildSentrySourceMap() { ], }); } -async function buildExtension(watch) { +// We should really just do this in the semgrep repo but oh well +async function buildLspJS(watch, minify) { + const options = { + logLevel: "info", + entryPoints: ["./dist/lspjs/semgrep-lsp.js"], + outfile: "./out/semgrep-lsp.js", + bundle: true, + platform: "node", + format: "cjs", + minify, + }; + if (watch) { + let ctx = await esbuild.context(options); + await ctx.watch(); + } else { + await esbuild.build(options); + } +} +async function buildExtension(watch, sourcemap, minify) { const options = { logLevel: "info", entryPoints: ["./src/extension.ts"], @@ -27,8 +45,9 @@ async function buildExtension(watch) { platform: "node", format: "cjs", external: ["vscode"], + sourcemap, plugins: [esbuildProblemMatcherPlugin], - sourcemap: isSourcemap, + minify, }; if (watch) { let ctx = await esbuild.context(options); @@ -37,7 +56,7 @@ async function buildExtension(watch) { await esbuild.build(options); } } -async function buildWebview(watch) { +async function buildWebview(watch, sourcemap, minify) { let options = { logLevel: "info", entryPoints: ["./src/webview-ui/index.tsx"], @@ -45,7 +64,8 @@ async function buildWebview(watch) { bundle: true, platform: "node", plugins: [cssModulesPlugin()], - sourcemap: isSourcemap, + sourcemap, + minify, }; if (watch) { let ctx = await esbuild.context(options); @@ -57,7 +77,7 @@ async function buildWebview(watch) { const isWatch = process.argv.includes("--watch"); const isSourcemap = process.argv.includes("--sourcemap"); - +const isMinify = process.argv.includes("--minify"); /** * @type {import('esbuild').Plugin} */ @@ -80,7 +100,8 @@ const esbuildProblemMatcherPlugin = { }, }; await Promise.all([ - buildExtension(isWatch, isSourcemap), - buildWebview(isWatch, isSourcemap), + buildExtension(isWatch, isSourcemap, isMinify), + buildLspJS(isWatch, isMinify), + buildWebview(isWatch, isSourcemap, isMinify), buildSentrySourceMap(), ]); diff --git a/package.json b/package.json index 485b4554..415a4dd0 100644 --- a/package.json +++ b/package.json @@ -111,6 +111,12 @@ "default": "off", "description": "Traces the communication between VS Code and the language server." }, + "semgrep.trace.lspjsBreakBeforeStart": { + "scope": "window", + "type": "boolean", + "default": false, + "description": "Break before starting the LSP server in the Javascript version of the extension. Warning, this is for debugging purposes and may break things." + }, "semgrep.path": { "description": "Path to the semgrep executable. Note: this is overriden by the semgrep.useJS setting.", "type": "string", diff --git a/src/constants.ts b/src/constants.ts index 023c468d..a3b67e01 100644 --- a/src/constants.ts +++ b/src/constants.ts @@ -9,7 +9,7 @@ export const DEFAULT_RULESET = "p/r2c"; export const VSCODE_CONFIG_KEY = "semgrep"; export const VSCODE_EXT_NAME = CLIENT_NAME; export const DIST_PATH = path.join(__dirname, "../dist"); -export const LSPJS_PATH = path.join(DIST_PATH, "lspjs/semgrep-lsp.js"); +export const LSPJS_ENTRYPOINT = "./semgrep-lsp.js"; export const DIST_BINARY_PATH = path.join(DIST_PATH, "osemgrep-pro"); export type VersionInfo = { latest: SemVer; diff --git a/src/env.ts b/src/env.ts index 850b0287..b9cc82aa 100644 --- a/src/env.ts +++ b/src/env.ts @@ -26,6 +26,9 @@ export class Config { return this.cfg.get("trace.server") == "verbose"; } + get lspjsBreakBeforeStart(): boolean { + return this.cfg.get("trace.lspjsBreakBeforeStart") ?? false; + } get path(): string { return this.cfg.get("path") ?? "semgrep"; } diff --git a/src/lsp.ts b/src/lsp.ts index 383d1ee2..a1f70913 100644 --- a/src/lsp.ts +++ b/src/lsp.ts @@ -29,7 +29,7 @@ import { CLIENT_ID, CLIENT_NAME, DIAGNOSTIC_COLLECTION_NAME, - LSPJS_PATH, + LSPJS_ENTRYPOINT, } from "./constants"; import { Environment } from "./env"; import { rulesRefreshed, LspErrorParams } from "./lspExtensions"; @@ -141,9 +141,12 @@ async function serverOptionsCli( } function serverOptionsJs(env: Environment): ServerOptions { - const serverModule = LSPJS_PATH; + const serverModule = LSPJS_ENTRYPOINT; const stackSize = env.config.get("stackSizeJS"); const heapSize = env.config.get("heapSizeJS"); + const inspectMode = env.config.lspjsBreakBeforeStart + ? "inspect-brk" + : "inspect"; const serverOptionsJs = { run: { module: serverModule, @@ -161,7 +164,7 @@ function serverOptionsJs(env: Environment): ServerOptions { options: { execArgv: [ "--nolazy", - "--inspect=6009", + `--${inspectMode}=9229`, `--stack-size=${stackSize}`, `--max-old-space-size=${heapSize}`, ], From 2245a35d48b39b6945eb7fece956b2d15720bdeb Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Thu, 15 Aug 2024 17:55:48 -0700 Subject: [PATCH 03/27] Download osemgrep and package it --- .github/workflows/publish.yaml | 24 ++++++++++++++----- .gitignore | 2 +- .vscodeignore | 3 ++- build.mjs | 20 +--------------- download-lspjs.sh | 4 +++- download-osemgrep-pro.sh | 24 +++++++++++++++++++ osemgrep-pro-version | 1 + package.json | 8 +++---- src/constants.ts | 2 +- src/lsp.ts | 44 +++++++--------------------------- 10 files changed, 63 insertions(+), 69 deletions(-) create mode 100755 download-osemgrep-pro.sh create mode 100644 osemgrep-pro-version diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 751a9b2a..6b8c9f8b 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -2,27 +2,39 @@ on: push: tags: - "*" - -name: Deploy Extension jobs: - deploy: - runs-on: ubuntu-latest + vsce-test: + strategy: + matrix: + target: [linux-x64, linux-arm64, darwin-x64, darwin-arm64] + name: Deploy Extension + runs-on: ubunut-latest steps: - uses: actions/checkout@v3 - uses: actions/setup-node@v1 with: node-version: 16 - run: npm ci + - uses: "aws-actions/configure-aws-credentials@v1" + with: + role-to-assume: "arn:aws:iam::338683922796:role/returntocorp-semgrep-vscode-deploy-role" + role-duration-seconds: 900, + role-session-name: "semgrep-vscode-deploy" + aws-region: "us-west-2" + - name: download osemgrep pro + run: ./download-osemgrep-pro.sh ${{ matrix.target }} - name: Publish to Open VSX Registry - uses: HaaLeo/publish-vscode-extension@v1 + uses: HaaLeo/publish-vscode-extension@v1.6.2 id: publishToOpenVSX with: # Tied to austin@, lives in 1password, does not expire pat: ${{ secrets.OPEN_VSX_TOKEN }} + target: ${{ matrix.target }} # only for specific platforms - name: Publish to Visual Studio Marketplace - uses: HaaLeo/publish-vscode-extension@v1 + uses: HaaLeo/publish-vscode-extension@v1.6.2 with: # Tied to bence@, lives in 1password expires in may 2024 pat: ${{ secrets.VS_MARKETPLACE_TOKEN }} registryUrl: https://marketplace.visualstudio.com extensionFile: ${{ steps.publishToOpenVSX.outputs.vsixPath }} + target: ${{ matrix.target }} diff --git a/.gitignore b/.gitignore index 5a00b033..704cede6 100644 --- a/.gitignore +++ b/.gitignore @@ -10,7 +10,7 @@ node_modules # Misc .DS_Store -lspjs +dist/* # From testing *_results.json diff --git a/.vscodeignore b/.vscodeignore index 9d6bcda7..4af552c7 100644 --- a/.vscodeignore +++ b/.vscodeignore @@ -1,13 +1,14 @@ .vscode/** .vscode-test/** out/test/** +out/semgrep-lsp.js src/** node_modules/** .pre-commit-config.yaml build.mjs download-lspjs.sh +download-osemgrep-pro.sh eslint.config.js -dist/lspjs/** images/** .github/** .gitignore diff --git a/build.mjs b/build.mjs index ea836ed2..6771ac85 100755 --- a/build.mjs +++ b/build.mjs @@ -18,24 +18,7 @@ async function buildSentrySourceMap() { ], }); } -// We should really just do this in the semgrep repo but oh well -async function buildLspJS(watch, minify) { - const options = { - logLevel: "info", - entryPoints: ["./dist/lspjs/semgrep-lsp.js"], - outfile: "./out/semgrep-lsp.js", - bundle: true, - platform: "node", - format: "cjs", - minify, - }; - if (watch) { - let ctx = await esbuild.context(options); - await ctx.watch(); - } else { - await esbuild.build(options); - } -} + async function buildExtension(watch, sourcemap, minify) { const options = { logLevel: "info", @@ -101,7 +84,6 @@ const esbuildProblemMatcherPlugin = { }; await Promise.all([ buildExtension(isWatch, isSourcemap, isMinify), - buildLspJS(isWatch, isMinify), buildWebview(isWatch, isSourcemap, isMinify), buildSentrySourceMap(), ]); diff --git a/download-lspjs.sh b/download-lspjs.sh index 1847f50c..f355571f 100755 --- a/download-lspjs.sh +++ b/download-lspjs.sh @@ -6,8 +6,10 @@ if [ -L dist/lspjs ]; then exit 0 fi mkdir -p dist/lspjs +echo "Downloading lspjs from S3 for version $(cat ./semgrep-version)" for var in Main.bc.js language-server-wasm.js semgrep-lsp-bindings.js semgrep-lsp.js do echo "Downloading $var" - curl https://static.semgrep.dev/static/turbo/$(cat ./semgrep-version)/language_server/dist/$var -o ./dist/lspjs/$var + curl "https://static.semgrep.dev/static/turbo/$(cat ./semgrep-version)/language_server/dist/$var" -o "./dist/lspjs/$var" done +echo "Downloaded lspjs" diff --git a/download-osemgrep-pro.sh b/download-osemgrep-pro.sh new file mode 100755 index 00000000..dd89957c --- /dev/null +++ b/download-osemgrep-pro.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -eu +uname=$1 +case "${uname}" in + linux-x64*) machine=manylinux;; + linux-arm64*) machine=linux-arm64;; + darwin-x64*) machine=osx;; + darwin-arm64) machine=osx-m1;; + *) machine=manylinux;; +esac +# NOT the same as the semgrep version!!!! +OSEMGREP_PRO_VERSION=$(cat ./osemgrep-pro-version) +BINARY=semgrep-core-proprietary-${machine}-${OSEMGREP_PRO_VERSION} +# Check if osemgrep-pro exists and if its a symlink then exit +if [ -L dist/osemgrep-pro ]; then + echo "osemgrep-pro symlink exists, not downloading as you are most likely using a local version" + exit 0 +fi +mkdir -p dist +echo "Downloading osemgrep-pro binary from S3 for version ${machine}-${OSEMGREP_PRO_VERSION}" +aws s3 cp s3://deep-semgrep-artifacts/${BINARY} dist/osemgrep-pro +echo "Downloaded osemgrep-pro binary" +echo "Making osemgrep-pro binary executable" +chmod +x dist/osemgrep-pro diff --git a/osemgrep-pro-version b/osemgrep-pro-version new file mode 100644 index 00000000..22e1f1fc --- /dev/null +++ b/osemgrep-pro-version @@ -0,0 +1 @@ +0.149.0 diff --git a/package.json b/package.json index 415a4dd0..83662f31 100644 --- a/package.json +++ b/package.json @@ -118,9 +118,9 @@ "description": "Break before starting the LSP server in the Javascript version of the extension. Warning, this is for debugging purposes and may break things." }, "semgrep.path": { - "description": "Path to the semgrep executable. Note: this is overriden by the semgrep.useJS setting.", + "description": "Path to the Semgrep executable. If none is set the extension will use the prepackaged version of Semgrep. Note: this has no effect if semgrep.useJS is set", "type": "string", - "default": "semgrep" + "default": "" }, "semgrep.useJS": { "description": "Use the pure Javascript version of the extension. Warning, this is experimental and may break or have performance issues", @@ -286,7 +286,7 @@ }, "scripts": { "vscode:prepublish": "npm run esbuild-base -- --minify", - "esbuild-base": "npm run setup-lspjs && ./build.mjs", + "esbuild-base": "npm run download-lspjs && ./build.mjs", "esbuild": "npm run esbuild-base -- --sourcemap", "watch:esbuild": "npm run esbuild-base -- --sourcemap --watch", "watch:tsc": "tsc --noEmit --watch --project tsconfig.json", @@ -296,7 +296,7 @@ "test-js": "USE_JS=1 node ./out/src/test/runTest.js", "test": "npm run test-native && npm run test-js", "clean": "rm -rf ./out", - "setup-lspjs": "./download-lspjs.sh", + "download-lspjs": "./download-lspjs.sh", "install:all": "npm install" }, "devDependencies": { diff --git a/src/constants.ts b/src/constants.ts index a3b67e01..023c468d 100644 --- a/src/constants.ts +++ b/src/constants.ts @@ -9,7 +9,7 @@ export const DEFAULT_RULESET = "p/r2c"; export const VSCODE_CONFIG_KEY = "semgrep"; export const VSCODE_EXT_NAME = CLIENT_NAME; export const DIST_PATH = path.join(__dirname, "../dist"); -export const LSPJS_ENTRYPOINT = "./semgrep-lsp.js"; +export const LSPJS_PATH = path.join(DIST_PATH, "lspjs/semgrep-lsp.js"); export const DIST_BINARY_PATH = path.join(DIST_PATH, "osemgrep-pro"); export type VersionInfo = { latest: SemVer; diff --git a/src/lsp.ts b/src/lsp.ts index a1f70913..82ec1b6d 100644 --- a/src/lsp.ts +++ b/src/lsp.ts @@ -20,16 +20,14 @@ import { TransportKind, } from "vscode-languageclient/node"; -import * as which from "which"; - import * as vscode from "vscode"; import { - SEMGREP_BINARY, CLIENT_ID, CLIENT_NAME, DIAGNOSTIC_COLLECTION_NAME, - LSPJS_ENTRYPOINT, + DIST_BINARY_PATH, + LSPJS_PATH, } from "./constants"; import { Environment } from "./env"; import { rulesRefreshed, LspErrorParams } from "./lspExtensions"; @@ -43,44 +41,18 @@ import { import { checkCliVersion } from "./utils"; async function findSemgrep(env: Environment): Promise { - let server_path = which.sync(SEMGREP_BINARY, { nothrow: true }); - let env_vars = null; - if (env.config.path !== "semgrep") { + let server_path; + // First, check if the user has set the path to the Semgrep binary, use that always + if (env.config.path.length > 0) { server_path = env.config.path; } + if (!server_path) { - let pip = which.sync("pip", { nothrow: true }); - if (!pip) { - pip = which.sync("pip3", { nothrow: true }); - } - if (!pip) { - vscode.window.showErrorMessage( - "Python 3.7+ required for the Semgrep Extension", - ); - return null; - } - const globalStoragePath = env.globalStoragePath; - const cmd = `PYTHONUSERBASE="${globalStoragePath}" pip install --user --upgrade --ignore-installed semgrep`; - try { - await execShell(cmd); - } catch { - vscode.window.showErrorMessage( - "Semgrep binary could not be installed, please see https://semgrep.dev/docs/getting-started/ for instructions", - ); - return null; - } - server_path = `${globalStoragePath}/bin/semgrep`; - env_vars = { - ...process.env, - PYTHONUSERBASE: globalStoragePath, - }; + server_path = DIST_BINARY_PATH; } return { command: server_path, - options: { - env: env_vars, - }, }; } @@ -141,7 +113,7 @@ async function serverOptionsCli( } function serverOptionsJs(env: Environment): ServerOptions { - const serverModule = LSPJS_ENTRYPOINT; + const serverModule = LSPJS_PATH; const stackSize = env.config.get("stackSizeJS"); const heapSize = env.config.get("heapSizeJS"); const inspectMode = env.config.lspjsBreakBeforeStart From db3378c4db55ed668af68eed9712cb06106326be Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Thu, 15 Aug 2024 17:59:24 -0700 Subject: [PATCH 04/27] dryRun Option --- .github/workflows/publish.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 6b8c9f8b..26feb079 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -2,6 +2,12 @@ on: push: tags: - "*" + workflow_dispatch: + inputs: + dry-run: + description: "Dry run" + required: true + type: boolean jobs: vsce-test: strategy: @@ -30,6 +36,7 @@ jobs: # Tied to austin@, lives in 1password, does not expire pat: ${{ secrets.OPEN_VSX_TOKEN }} target: ${{ matrix.target }} # only for specific platforms + dryRun: ${{ github.event.inputs.dry-run }} - name: Publish to Visual Studio Marketplace uses: HaaLeo/publish-vscode-extension@v1.6.2 with: @@ -38,3 +45,4 @@ jobs: registryUrl: https://marketplace.visualstudio.com extensionFile: ${{ steps.publishToOpenVSX.outputs.vsixPath }} target: ${{ matrix.target }} + dryRun: ${{ github.event.inputs.dry-run }} From 805ff161d8cb7cf327225be9fb98c531c2631052 Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Thu, 15 Aug 2024 18:02:35 -0700 Subject: [PATCH 05/27] Fix? --- .github/workflows/publish.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 26feb079..ee61b591 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -5,9 +5,11 @@ on: workflow_dispatch: inputs: dry-run: - description: "Dry run" + default: false + description: Whether a dry-run should be peformed. Actually push images if false. required: true type: boolean + jobs: vsce-test: strategy: @@ -45,4 +47,4 @@ jobs: registryUrl: https://marketplace.visualstudio.com extensionFile: ${{ steps.publishToOpenVSX.outputs.vsixPath }} target: ${{ matrix.target }} - dryRun: ${{ github.event.inputs.dry-run }} + dryRun: ${{ inputs.dry-run }} From 1494c9cda8138b3da464d2d05bd676b1a6c6040c Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Thu, 15 Aug 2024 18:03:29 -0700 Subject: [PATCH 06/27] Package.json fix --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 83662f31..6db49f94 100644 --- a/package.json +++ b/package.json @@ -291,7 +291,7 @@ "watch:esbuild": "npm run esbuild-base -- --sourcemap --watch", "watch:tsc": "tsc --noEmit --watch --project tsconfig.json", "lint": "eslint src --ext ts", - "pretest": "npm run test-compile && npm run lint && cp -rf src/test/fixtures out/src/test", + "pretest": "npm run esbuild && npm run lint && cp -rf src/test/fixtures out/src/test", "test-native": "node ./out/src/test/runTest.js", "test-js": "USE_JS=1 node ./out/src/test/runTest.js", "test": "npm run test-native && npm run test-js", From 6e47840a4c827c13554202ba2926323923776d74 Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Thu, 15 Aug 2024 18:06:26 -0700 Subject: [PATCH 07/27] test compile --- package.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 6db49f94..b9584a37 100644 --- a/package.json +++ b/package.json @@ -291,7 +291,8 @@ "watch:esbuild": "npm run esbuild-base -- --sourcemap --watch", "watch:tsc": "tsc --noEmit --watch --project tsconfig.json", "lint": "eslint src --ext ts", - "pretest": "npm run esbuild && npm run lint && cp -rf src/test/fixtures out/src/test", + "test-compile": "tsc -p ./ && npm run esbuild", + "pretest": "npm run test-compile && npm run lint && cp -rf src/test/fixtures out/src/test", "test-native": "node ./out/src/test/runTest.js", "test-js": "USE_JS=1 node ./out/src/test/runTest.js", "test": "npm run test-native && npm run test-js", From aacd33d529f7bae107790af24fc3370412a19d54 Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Fri, 16 Aug 2024 00:42:35 -0700 Subject: [PATCH 08/27] fix testing issues --- .github/workflows/tests.yml | 12 ++++++++++++ package.json | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 7da802a7..2ac14844 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -30,6 +30,18 @@ jobs: node-version: 16.x - name: install dependencies run: npm ci + - uses: "aws-actions/configure-aws-credentials@v1" + with: + role-to-assume: "arn:aws:iam::338683922796:role/returntocorp-semgrep-vscode-deploy-role" + role-duration-seconds: 900, + role-session-name: "semgrep-vscode-deploy" + aws-region: "us-west-2" + - if: matrix.os == 'macos-latest' + name: download osemgrep pro + run: ./download-osemgrep-pro.sh darwin-arm64 + - if: matrix.os == 'ubuntu-latest' + name: download osemgrep pro + run: ./download-osemgrep-pro.sh linux-x64 - name: pretest run: npm run pretest - name: run native tests (Linux) diff --git a/package.json b/package.json index b9584a37..2c34e81a 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "semgrep", "displayName": "Semgrep", "description": "Security scans in a snap. Speedy SAST with a powerful rule registry for seamless detection and remediation of code vulnerabilities with each save.", - "version": "1.8.2", + "version": "1.8.3", "engines": { "vscode": "^1.86.0" }, From a5e3d08f00eb9763a868720c03007c596f3cf5b6 Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Fri, 16 Aug 2024 10:30:34 -0700 Subject: [PATCH 09/27] Use pre release instead --- .github/workflows/publish.yaml | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index ee61b591..b67b488f 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -1,15 +1,6 @@ on: - push: - tags: - - "*" - workflow_dispatch: - inputs: - dry-run: - default: false - description: Whether a dry-run should be peformed. Actually push images if false. - required: true - type: boolean - + release: + types: [published] jobs: vsce-test: strategy: @@ -38,7 +29,8 @@ jobs: # Tied to austin@, lives in 1password, does not expire pat: ${{ secrets.OPEN_VSX_TOKEN }} target: ${{ matrix.target }} # only for specific platforms - dryRun: ${{ github.event.inputs.dry-run }} + # release pre-release if that's the event + preRelease: ${{github.event.release.prerelease}} - name: Publish to Visual Studio Marketplace uses: HaaLeo/publish-vscode-extension@v1.6.2 with: @@ -47,4 +39,5 @@ jobs: registryUrl: https://marketplace.visualstudio.com extensionFile: ${{ steps.publishToOpenVSX.outputs.vsixPath }} target: ${{ matrix.target }} - dryRun: ${{ inputs.dry-run }} + # release pre-release if that's the event + preRelease: ${{github.event.release.prerelease}} From f038d7e2de6d49fe6792317c205830b5c281da16 Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Fri, 16 Aug 2024 10:38:11 -0700 Subject: [PATCH 10/27] add preRelease --- .github/workflows/publish.yaml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index b67b488f..aa0654a7 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -1,6 +1,19 @@ on: release: types: [published] + workflow_dispatch: + inputs: + preRelease: + description: "Is this a pre-release?" + type: boolean + required: false + default: false + dryRun: + description: "Is this a dry run?" + type: boolean + required: false + default: false + jobs: vsce-test: strategy: @@ -30,7 +43,8 @@ jobs: pat: ${{ secrets.OPEN_VSX_TOKEN }} target: ${{ matrix.target }} # only for specific platforms # release pre-release if that's the event - preRelease: ${{github.event.release.prerelease}} + preRelease: ${{github.event.release.prerelease || inputs.preRelease}} + dryRun: "${{ inputs.dryRun }}" - name: Publish to Visual Studio Marketplace uses: HaaLeo/publish-vscode-extension@v1.6.2 with: @@ -40,4 +54,5 @@ jobs: extensionFile: ${{ steps.publishToOpenVSX.outputs.vsixPath }} target: ${{ matrix.target }} # release pre-release if that's the event - preRelease: ${{github.event.release.prerelease}} + preRelease: ${{github.event.release.prerelease || inputs.preRelease}} + dryRun: "${{ inputs.dryRun }}" From a4394b7a339f2c364ab5dad4bdc7cfb79f87975e Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Fri, 16 Aug 2024 10:56:58 -0700 Subject: [PATCH 11/27] Fix workflow errors --- .github/workflows/publish.yaml | 8 ++++---- .github/workflows/tests.yml | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index aa0654a7..ab18aaef 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -20,14 +20,14 @@ jobs: matrix: target: [linux-x64, linux-arm64, darwin-x64, darwin-arm64] name: Deploy Extension - runs-on: ubunut-latest + runs-on: ubunutu-latest steps: - uses: actions/checkout@v3 - - uses: actions/setup-node@v1 + - uses: actions/setup-node@v4.0.3 with: - node-version: 16 + node-version: lts/* - run: npm ci - - uses: "aws-actions/configure-aws-credentials@v1" + - uses: "aws-actions/configure-aws-credentials@v4.0.2" with: role-to-assume: "arn:aws:iam::338683922796:role/returntocorp-semgrep-vscode-deploy-role" role-duration-seconds: 900, diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 2ac14844..1fe23931 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -25,12 +25,12 @@ jobs: - name: Install Semgrep run: python -m pip install semgrep - name: Setup - uses: actions/setup-node@v1 + uses: actions/setup-node@v4.0.3 with: - node-version: 16.x + node-version: lts/* - name: install dependencies run: npm ci - - uses: "aws-actions/configure-aws-credentials@v1" + - uses: "aws-actions/configure-aws-credentials@v4.0.2" with: role-to-assume: "arn:aws:iam::338683922796:role/returntocorp-semgrep-vscode-deploy-role" role-duration-seconds: 900, @@ -70,9 +70,9 @@ jobs: steps: - uses: actions/checkout@v3 - name: Setup - uses: actions/setup-node@v1 + uses: actions/setup-node@v4.0.3 with: - node-version: 16.x + node-version: lts/* - name: install dependencies run: npm ci # This is needed so download-lspjs.sh can run From d08a84f7f1a5664381b80f28960ec37297a58f9b Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Fri, 16 Aug 2024 10:58:06 -0700 Subject: [PATCH 12/27] I cannot spell --- .github/workflows/publish.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index ab18aaef..d84db231 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -20,7 +20,7 @@ jobs: matrix: target: [linux-x64, linux-arm64, darwin-x64, darwin-arm64] name: Deploy Extension - runs-on: ubunutu-latest + runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: actions/setup-node@v4.0.3 From df8e02d3865d6282848e362c0e5ac54835005ca5 Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Fri, 16 Aug 2024 10:59:06 -0700 Subject: [PATCH 13/27] One more --- .github/workflows/tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 1fe23931..01eece12 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -95,8 +95,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: actions/setup-node@v1 + - uses: actions/setup-node@v4.0.3 with: - node-version: 16 + node-version: lts/* - run: npm ci - run: npm run vscode:prepublish From 94dffa3ac35deff7b4a5665f77b4da82521b2ead Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Fri, 16 Aug 2024 13:02:10 -0700 Subject: [PATCH 14/27] Fix version check issue --- src/lsp.ts | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/src/lsp.ts b/src/lsp.ts index 82ec1b6d..a20ce16a 100644 --- a/src/lsp.ts +++ b/src/lsp.ts @@ -2,9 +2,9 @@ import * as fs from "fs"; import * as path from "path"; import * as cp from "child_process"; import * as semver from "semver"; -const execShell = (cmd: string, env?: any) => +const execShell = (cmd: string, args: string[]) => new Promise((resolve, reject) => { - cp.exec(cmd, { env: env }, (err, out) => { + cp.execFile(cmd, args, (err, out) => { if (err) { return reject(err); } @@ -41,18 +41,18 @@ import { import { checkCliVersion } from "./utils"; async function findSemgrep(env: Environment): Promise { - let server_path; + let serverPath; // First, check if the user has set the path to the Semgrep binary, use that always if (env.config.path.length > 0) { - server_path = env.config.path; + serverPath = env.config.path; } - if (!server_path) { - server_path = DIST_BINARY_PATH; + if (!serverPath) { + serverPath = DIST_BINARY_PATH; } return { - command: server_path, + command: serverPath, }; } @@ -96,9 +96,11 @@ async function serverOptionsCli( if (server.options) { server.options.cwd = cwd; } - if (!env.config.cfg.get("ignoreCliVersion")) { - const cmd = `"${server.command}" --version`; - const version = await execShell(cmd, server.options?.env); + + // Only check the version if we're not using the packaged version + // This is to avoid us releasing a new version of the extension late and then people get annoying popups + if (!env.config.cfg.get("ignoreCliVersion") && env.config.path.length > 0) { + const version = await execShell(server.command, ["--version"]); const semVersion = new semver.SemVer(version); checkCliVersion(semVersion); env.semgrepVersion = version; From 88a46b75eb45550e1ca6e8aac34e0db9fc622b5f Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Fri, 16 Aug 2024 13:04:14 -0700 Subject: [PATCH 15/27] Update aws role --- .github/workflows/publish.yaml | 4 ++-- .github/workflows/tests.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index d84db231..4f197805 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -29,9 +29,9 @@ jobs: - run: npm ci - uses: "aws-actions/configure-aws-credentials@v4.0.2" with: - role-to-assume: "arn:aws:iam::338683922796:role/returntocorp-semgrep-vscode-deploy-role" + role-to-assume: "arn:aws:iam::338683922796:role/semgrep-ide-integration-deploy-role" role-duration-seconds: 900, - role-session-name: "semgrep-vscode-deploy" + role-session-name: "semgrep-ide-integration-deploy" aws-region: "us-west-2" - name: download osemgrep pro run: ./download-osemgrep-pro.sh ${{ matrix.target }} diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 01eece12..64ac153f 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -32,9 +32,9 @@ jobs: run: npm ci - uses: "aws-actions/configure-aws-credentials@v4.0.2" with: - role-to-assume: "arn:aws:iam::338683922796:role/returntocorp-semgrep-vscode-deploy-role" + role-to-assume: "arn:aws:iam::338683922796:role/semgrep-ide-integration-deploy-role" role-duration-seconds: 900, - role-session-name: "semgrep-vscode-deploy" + role-session-name: "semgrep-ide-integration-deploy" aws-region: "us-west-2" - if: matrix.os == 'macos-latest' name: download osemgrep pro From 86dd54cd888a3f0676216e09e2589a89bd0d9545 Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Fri, 16 Aug 2024 13:24:08 -0700 Subject: [PATCH 16/27] Fix version check stuff --- src/constants.ts | 1 + src/lsp.ts | 36 ++++++++++++++++++++++++++---------- 2 files changed, 27 insertions(+), 10 deletions(-) diff --git a/src/constants.ts b/src/constants.ts index 023c468d..ba9d47e3 100644 --- a/src/constants.ts +++ b/src/constants.ts @@ -11,6 +11,7 @@ export const VSCODE_EXT_NAME = CLIENT_NAME; export const DIST_PATH = path.join(__dirname, "../dist"); export const LSPJS_PATH = path.join(DIST_PATH, "lspjs/semgrep-lsp.js"); export const DIST_BINARY_PATH = path.join(DIST_PATH, "osemgrep-pro"); +export const VERSION_PATH = path.join(__dirname, "../semgrep-version"); export type VersionInfo = { latest: SemVer; min: SemVer; diff --git a/src/lsp.ts b/src/lsp.ts index a20ce16a..cf035d91 100644 --- a/src/lsp.ts +++ b/src/lsp.ts @@ -28,6 +28,7 @@ import { DIAGNOSTIC_COLLECTION_NAME, DIST_BINARY_PATH, LSPJS_PATH, + VERSION_PATH, } from "./constants"; import { Environment } from "./env"; import { rulesRefreshed, LspErrorParams } from "./lspExtensions"; @@ -39,16 +40,41 @@ import { captureLspError, } from "./telemetry/sentry"; import { checkCliVersion } from "./utils"; +import which from "which"; async function findSemgrep(env: Environment): Promise { let serverPath; // First, check if the user has set the path to the Semgrep binary, use that always if (env.config.path.length > 0) { serverPath = env.config.path; + // check if the path exists + if (!fs.existsSync(serverPath)) { + // try checking if its a binary in the PATH + serverPath = which.sync("semgrep", { nothrow: true }); + } + // Only check the version if we're not using the packaged version + // This is to avoid us releasing a new version of the extension late and then people get annoying popups + if (!env.config.cfg.get("ignoreCliVersion") && serverPath) { + const version = await execShell(serverPath, ["--version"]); + const semVersion = new semver.SemVer(version); + checkCliVersion(semVersion); + env.semgrepVersion = version; + await env.reloadConfig(); + } } if (!serverPath) { serverPath = DIST_BINARY_PATH; + // Read version from extension's shipped version file + // This is hacky, we should instead exec the binary with --version like we did previously, but that is currently off by one release always + const version = fs + .readFileSync(VERSION_PATH) + .toString() + .trim() + .replace("release-", ""); + env.semgrepVersion = version; + env.logger.log(`Semgrep version: ${version}`); + await env.reloadConfig(); } return { @@ -97,16 +123,6 @@ async function serverOptionsCli( server.options.cwd = cwd; } - // Only check the version if we're not using the packaged version - // This is to avoid us releasing a new version of the extension late and then people get annoying popups - if (!env.config.cfg.get("ignoreCliVersion") && env.config.path.length > 0) { - const version = await execShell(server.command, ["--version"]); - const semVersion = new semver.SemVer(version); - checkCliVersion(semVersion); - env.semgrepVersion = version; - await env.reloadConfig(); - } - const serverOptions: ServerOptions = server; env.logger.log( `Semgrep LSP server configuration := ${JSON.stringify(server, null, 2)}`, From 0eee00ac2f78073f638f4b9aa3941b9a07e7110e Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Fri, 16 Aug 2024 14:50:08 -0700 Subject: [PATCH 17/27] remove log statement --- src/lsp.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/src/lsp.ts b/src/lsp.ts index cf035d91..cfe68a5a 100644 --- a/src/lsp.ts +++ b/src/lsp.ts @@ -73,7 +73,6 @@ async function findSemgrep(env: Environment): Promise { .trim() .replace("release-", ""); env.semgrepVersion = version; - env.logger.log(`Semgrep version: ${version}`); await env.reloadConfig(); } From b3d4e1dcbda635620a6ad9c461eef2edd500ed2b Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Tue, 20 Aug 2024 12:44:07 -0700 Subject: [PATCH 18/27] Address tom's comments --- .github/workflows/publish.yaml | 6 +++--- download-lspjs.sh | 9 +++++---- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 4f197805..14fce7e6 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -15,7 +15,7 @@ on: default: false jobs: - vsce-test: + vscode-extension-publish: strategy: matrix: target: [linux-x64, linux-arm64, darwin-x64, darwin-arm64] @@ -44,7 +44,7 @@ jobs: target: ${{ matrix.target }} # only for specific platforms # release pre-release if that's the event preRelease: ${{github.event.release.prerelease || inputs.preRelease}} - dryRun: "${{ inputs.dryRun }}" + dryRun: ${{ inputs.dryRun }} - name: Publish to Visual Studio Marketplace uses: HaaLeo/publish-vscode-extension@v1.6.2 with: @@ -55,4 +55,4 @@ jobs: target: ${{ matrix.target }} # release pre-release if that's the event preRelease: ${{github.event.release.prerelease || inputs.preRelease}} - dryRun: "${{ inputs.dryRun }}" + dryRun: ${{ inputs.dryRun }} diff --git a/download-lspjs.sh b/download-lspjs.sh index f355571f..64720bdf 100755 --- a/download-lspjs.sh +++ b/download-lspjs.sh @@ -6,10 +6,11 @@ if [ -L dist/lspjs ]; then exit 0 fi mkdir -p dist/lspjs -echo "Downloading lspjs from S3 for version $(cat ./semgrep-version)" -for var in Main.bc.js language-server-wasm.js semgrep-lsp-bindings.js semgrep-lsp.js +SEMGREP_VERSION=$(cat ./semgrep-version) +echo "Downloading lspjs from S3 for version $SEMGREP_VERSION" +for filename in Main.bc.js language-server-wasm.js semgrep-lsp-bindings.js semgrep-lsp.js do - echo "Downloading $var" - curl "https://static.semgrep.dev/static/turbo/$(cat ./semgrep-version)/language_server/dist/$var" -o "./dist/lspjs/$var" + echo "Downloading $filename" + curl "https://static.semgrep.dev/static/turbo/$SEMGREP_VERSION/language_server/dist/$filename" -o "./dist/lspjs/$filename" done echo "Downloaded lspjs" From 1456f633252bb1c74de418d75b59c627f93411c9 Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Wed, 21 Aug 2024 10:36:14 -0700 Subject: [PATCH 19/27] add missing perms field --- .github/workflows/publish.yaml | 3 +++ .github/workflows/tests.yml | 13 ++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 14fce7e6..a3c9023d 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -13,6 +13,9 @@ on: type: boolean required: false default: false +permissions: + id-token: write + contents: read jobs: vscode-extension-publish: diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 64ac153f..a46f49d0 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -10,6 +10,9 @@ on: - master paths-ignore: - "**.md" +permissions: + id-token: write + contents: read jobs: vsce-test: @@ -33,7 +36,7 @@ jobs: - uses: "aws-actions/configure-aws-credentials@v4.0.2" with: role-to-assume: "arn:aws:iam::338683922796:role/semgrep-ide-integration-deploy-role" - role-duration-seconds: 900, + role-duration-seconds: 60, role-session-name: "semgrep-ide-integration-deploy" aws-region: "us-west-2" - if: matrix.os == 'macos-latest' @@ -98,5 +101,13 @@ jobs: - uses: actions/setup-node@v4.0.3 with: node-version: lts/* + - uses: "aws-actions/configure-aws-credentials@v4.0.2" + with: + role-to-assume: "arn:aws:iam::338683922796:role/semgrep-ide-integration-deploy-role" + role-duration-seconds: 900, + role-session-name: "semgrep-ide-integration-deploy" + aws-region: "us-west-2" + - name: download osemgrep pro + run: ./download-osemgrep-pro.sh linux-x64 - run: npm ci - run: npm run vscode:prepublish From 08761ecc713e6b5642f8de743547eb6eecf16aca Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Wed, 21 Aug 2024 10:38:43 -0700 Subject: [PATCH 20/27] Fix timeout --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a46f49d0..eb7328b0 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -36,7 +36,7 @@ jobs: - uses: "aws-actions/configure-aws-credentials@v4.0.2" with: role-to-assume: "arn:aws:iam::338683922796:role/semgrep-ide-integration-deploy-role" - role-duration-seconds: 60, + role-duration-seconds: 3600, role-session-name: "semgrep-ide-integration-deploy" aws-region: "us-west-2" - if: matrix.os == 'macos-latest' From 8bccad6d2231d4919ac0a9a8329dab9e606aeda2 Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Wed, 21 Aug 2024 10:41:16 -0700 Subject: [PATCH 21/27] fix duration to normal --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index eb7328b0..8ac81cff 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -36,7 +36,7 @@ jobs: - uses: "aws-actions/configure-aws-credentials@v4.0.2" with: role-to-assume: "arn:aws:iam::338683922796:role/semgrep-ide-integration-deploy-role" - role-duration-seconds: 3600, + role-duration-seconds: 900, role-session-name: "semgrep-ide-integration-deploy" aws-region: "us-west-2" - if: matrix.os == 'macos-latest' From b9f5281dc548aca5194525c41ea9c791991d212e Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Wed, 21 Aug 2024 14:58:08 -0700 Subject: [PATCH 22/27] fix dispose issues? --- src/commands.ts | 387 ++++++++++++++++++----------------- src/env.ts | 1 + src/extension.ts | 13 +- src/test/suite/basic.test.ts | 2 +- 4 files changed, 208 insertions(+), 195 deletions(-) diff --git a/src/commands.ts b/src/commands.ts index 21dc0944..dd4de57e 100644 --- a/src/commands.ts +++ b/src/commands.ts @@ -15,6 +15,7 @@ import { encodeUri } from "./showAstDocument"; import { ViewResults } from "./webview-ui/src/types/results"; import { applyFixAndSave, replaceAll } from "./utils"; import { handleSearch } from "./search"; +import { Disposable } from "vscode-languageclient"; /*****************************************************************************/ /* Prelude */ @@ -53,203 +54,209 @@ async function replaceAndOpenUriContent( /* Commands */ /*****************************************************************************/ -export function registerCommands(env: Environment): void { - /************/ - /* LOGIN */ - /************/ - - vscode.commands.registerCommand("semgrep.login", async () => { - const result = await env.client?.sendRequest(login); - if (result) { - vscode.env.openExternal(vscode.Uri.parse(result.url)); - env.client?.sendNotification(loginFinish, result); - } - }); - - vscode.commands.registerCommand("semgrep.logout", async () => { - await env.client?.sendNotification(logout); - env.loggedIn = false; - }); - - vscode.commands.registerCommand("semgrep.loginStatus", async () => { - const result = await env.client?.sendRequest(loginStatus); - if (result) { - env.loggedIn = result.loggedIn; - } - }); - - vscode.commands.registerCommand("semgrep.loginNudge", async () => { - if (!env.loggedIn && env.showNudges) { - const resp = await vscode.window.showInformationMessage( - "Sign in to use your team's shared Semgrep rule configuration", - "Sign in", - "Do not show again", - ); - if (resp == "Sign in") { - vscode.commands.executeCommand("semgrep.login"); - } else if (resp == "Do not show again") { - env.showNudges = false; +export function registerCommands(env: Environment): Disposable[] { + return [ + /************/ + /* LOGIN */ + /************/ + + vscode.commands.registerCommand("semgrep.login", async () => { + const result = await env.client?.sendRequest(login); + if (result) { + vscode.env.openExternal(vscode.Uri.parse(result.url)); + env.client?.sendNotification(loginFinish, result); + } + }), + + vscode.commands.registerCommand("semgrep.logout", async () => { + await env.client?.sendNotification(logout); + env.loggedIn = false; + }), + + vscode.commands.registerCommand("semgrep.loginStatus", async () => { + const result = await env.client?.sendRequest(loginStatus); + if (result) { + env.loggedIn = result.loggedIn; } - } - }); + }), - /************/ - /* SCANNING */ - /************/ + vscode.commands.registerCommand("semgrep.loginNudge", async () => { + if (!env.loggedIn && env.showNudges) { + const resp = await vscode.window.showInformationMessage( + "Sign in to use your team's shared Semgrep rule configuration", + "Sign in", + "Do not show again", + ); + if (resp == "Sign in") { + vscode.commands.executeCommand("semgrep.login"); + } else if (resp == "Do not show again") { + env.showNudges = false; + } + } + }), + + /************/ + /* SCANNING */ + /************/ + + vscode.commands.registerCommand("semgrep.scanWorkspace", async () => { + const onlyGitDirty = env.config.onlyGitDirty; + if (!onlyGitDirty) { + vscode.window.showInformationMessage( + 'Semgrep is now only scanning files and lines that have been changed since the last commit. You can disable this in settings by unchecking "Only Git Dirty", or by running "Scan all files in workspace"', + ); + // This will always restart the LS, since the LS restarts on config change + // And on startup we always refresh rules + env.config.onlyGitDirty = true; + env.onRulesRefreshed( + () => env.client?.sendNotification(scanWorkspace, { full: false }), + true, + ); + } else { + env.client?.sendNotification(scanWorkspace, { full: false }); + } + }), - vscode.commands.registerCommand("semgrep.scanWorkspace", async () => { - const onlyGitDirty = env.config.onlyGitDirty; - if (!onlyGitDirty) { + vscode.commands.registerCommand("semgrep.scanWorkspaceFull", async () => { + const onlyGitDirty = env.config.onlyGitDirty; + if (onlyGitDirty) { + vscode.window.showInformationMessage( + 'Semgrep is now always scanning all files and lines regardless of if they have been changed since the last commit. You can disable this in settings by checking "Only Git Dirty", or by running "Scan changed files in workspace"', + ); + // This will always restart the LS, since the LS restarts on config change + // And on startup we always refresh rules + env.config.onlyGitDirty = false; + env.onRulesRefreshed( + () => env.client?.sendNotification(scanWorkspace, { full: true }), + true, + ); + } else { + env.client?.sendNotification(scanWorkspace, { full: true }); + } + }), + + vscode.commands.registerCommand("semgrep.refreshRules", async () => { + await env.client?.sendNotification(refreshRules); + return "Refreshed rules"; + }), + + /************/ + /* SHOW AST */ + /************/ + + vscode.commands.registerCommand("semgrep.showAstNamed", async () => { + if (vscode.window.activeTextEditor == null) { + return; + } + if (env.client) { + const ast_text = await env.client.sendRequest(showAst, { + named: true, + uri: vscode.window.activeTextEditor?.document.uri.fsPath, + }); + const uri = encodeUri(vscode.window.activeTextEditor.document.uri); + replaceAndOpenUriContent(uri, ast_text, vscode.window.activeTextEditor); + } + }), + vscode.commands.registerCommand("semgrep.showAst", async () => { + if (vscode.window.activeTextEditor == null) { + return; + } + if (env.client) { + const ast_text = await env.client.sendRequest(showAst, { + named: false, + uri: vscode.window.activeTextEditor?.document.uri.fsPath, + }); + const uri = encodeUri(vscode.window.activeTextEditor.document.uri); + replaceAndOpenUriContent(uri, ast_text, vscode.window.activeTextEditor); + } + }), + + /**********/ + /* SEARCH */ + /**********/ + + vscode.commands.registerCommand( + "semgrep.search", + async (searchParams: SearchParams) => { + await handleSearch(env, searchParams); + }, + ), + + vscode.commands.registerCommand("semgrep.search.clear", () => { + env.provider?.sendMessageToWebview({ + command: "extension/semgrep/clear", + }); + }), + + vscode.commands.registerCommand( + "semgrep.search.replaceAll", + async (matches: ViewResults) => { + const selection = await vscode.window.showWarningMessage( + `Really apply fix to ${matches.locations.length} files?`, + "Yes", + "No", + ); + if (selection === "Yes") { + replaceAll(matches); + } + }, + ), + + vscode.commands.registerCommand( + "semgrep.search.replace", + async ({ + uri, + fix, + range, + }: { + uri: string; + fix: string; + range: vscode.Range; + }) => { + const edit = new vscode.WorkspaceEdit(); + edit.replace(vscode.Uri.parse(uri), range, fix); + await applyFixAndSave(edit); + }, + ), + + /********/ + /* MISC */ + /********/ + + vscode.commands.registerCommand("semgrep.search.exportRule", () => { + env.provider?.sendMessageToWebview({ + command: "extension/semgrep/exportRuleRequest", + }); + }), + + vscode.commands.registerCommand("semgrep.restartLanguageServer", () => { vscode.window.showInformationMessage( - 'Semgrep is now only scanning files and lines that have been changed since the last commit. You can disable this in settings by unchecking "Only Git Dirty", or by running "Scan all files in workspace"', + "Restarting Semgrep Language Server", ); - // This will always restart the LS, since the LS restarts on config change - // And on startup we always refresh rules - env.config.onlyGitDirty = true; - env.onRulesRefreshed( - () => env.client?.sendNotification(scanWorkspace, { full: false }), - true, - ); - } else { - env.client?.sendNotification(scanWorkspace, { full: false }); - } - }); - - vscode.commands.registerCommand("semgrep.scanWorkspaceFull", async () => { - const onlyGitDirty = env.config.onlyGitDirty; - if (onlyGitDirty) { + restartLsp(env); vscode.window.showInformationMessage( - 'Semgrep is now always scanning all files and lines regardless of if they have been changed since the last commit. You can disable this in settings by checking "Only Git Dirty", or by running "Scan changed files in workspace"', + "Semgrep Language Server has finished restarting", + ); + }), + + vscode.commands.registerCommand("semgrep.showDemoFile", async () => { + const path = env.context.asAbsolutePath( + "walkthrough/semgrep-extension.demo.py", ); - // This will always restart the LS, since the LS restarts on config change - // And on startup we always refresh rules - env.config.onlyGitDirty = false; - env.onRulesRefreshed( - () => env.client?.sendNotification(scanWorkspace, { full: true }), - true, + const content = await vscode.workspace.fs.readFile( + vscode.Uri.parse(path), ); - } else { - env.client?.sendNotification(scanWorkspace, { full: true }); - } - }); - - vscode.commands.registerCommand("semgrep.refreshRules", async () => { - await env.client?.sendNotification(refreshRules); - return "Refreshed rules"; - }); - - /************/ - /* SHOW AST */ - /************/ - - vscode.commands.registerCommand("semgrep.showAstNamed", async () => { - if (vscode.window.activeTextEditor == null) { - return; - } - if (env.client) { - const ast_text = await env.client.sendRequest(showAst, { - named: true, - uri: vscode.window.activeTextEditor?.document.uri.fsPath, - }); - const uri = encodeUri(vscode.window.activeTextEditor.document.uri); - replaceAndOpenUriContent(uri, ast_text, vscode.window.activeTextEditor); - } - }); - vscode.commands.registerCommand("semgrep.showAst", async () => { - if (vscode.window.activeTextEditor == null) { - return; - } - if (env.client) { - const ast_text = await env.client.sendRequest(showAst, { - named: false, - uri: vscode.window.activeTextEditor?.document.uri.fsPath, - }); - const uri = encodeUri(vscode.window.activeTextEditor.document.uri); - replaceAndOpenUriContent(uri, ast_text, vscode.window.activeTextEditor); - } - }); - - /**********/ - /* SEARCH */ - /**********/ - - vscode.commands.registerCommand( - "semgrep.search", - async (searchParams: SearchParams) => { - await handleSearch(env, searchParams); - }, - ); - - vscode.commands.registerCommand("semgrep.search.clear", () => { - env.provider?.sendMessageToWebview({ - command: "extension/semgrep/clear", - }); - }); - - vscode.commands.registerCommand( - "semgrep.search.replaceAll", - async (matches: ViewResults) => { - const selection = await vscode.window.showWarningMessage( - `Really apply fix to ${matches.locations.length} files?`, - "Yes", - "No", + let dir = vscode.Uri.joinPath( + env.context.globalStorageUri, + "demo-workspace", ); - if (selection === "Yes") { - replaceAll(matches); - } - }, - ); - - vscode.commands.registerCommand( - "semgrep.search.replace", - async ({ - uri, - fix, - range, - }: { - uri: string; - fix: string; - range: vscode.Range; - }) => { - const edit = new vscode.WorkspaceEdit(); - edit.replace(vscode.Uri.parse(uri), range, fix); - await applyFixAndSave(edit); - }, - ); - - /********/ - /* MISC */ - /********/ - - vscode.commands.registerCommand("semgrep.search.exportRule", () => { - env.provider?.sendMessageToWebview({ - command: "extension/semgrep/exportRuleRequest", - }); - }); - - vscode.commands.registerCommand("semgrep.restartLanguageServer", () => { - vscode.window.showInformationMessage("Restarting Semgrep Language Server"); - restartLsp(env); - vscode.window.showInformationMessage( - "Semgrep Language Server has finished restarting", - ); - }); - - vscode.commands.registerCommand("semgrep.showDemoFile", async () => { - const path = env.context.asAbsolutePath( - "walkthrough/semgrep-extension.demo.py", - ); - const content = await vscode.workspace.fs.readFile(vscode.Uri.parse(path)); - let dir = vscode.Uri.joinPath( - env.context.globalStorageUri, - "demo-workspace", - ); - dir = vscode.Uri.parse(dir.fsPath); // So dumb - await vscode.workspace.fs.createDirectory(dir); - const file = vscode.Uri.joinPath(dir, "demo.py"); - await vscode.workspace.fs.writeFile(file, content); - const demoDoc = await vscode.workspace.openTextDocument(file); - vscode.workspace.updateWorkspaceFolders(0, 0, { uri: dir }); - await vscode.window.showTextDocument(demoDoc); - }); + dir = vscode.Uri.parse(dir.fsPath); // So dumb + await vscode.workspace.fs.createDirectory(dir); + const file = vscode.Uri.joinPath(dir, "demo.py"); + await vscode.workspace.fs.writeFile(file, content); + const demoDoc = await vscode.workspace.openTextDocument(file); + vscode.workspace.updateWorkspaceFolders(0, 0, { uri: dir }); + await vscode.window.showTextDocument(demoDoc); + }), + ]; } diff --git a/src/env.ts b/src/env.ts index b9cc82aa..d585bca4 100644 --- a/src/env.ts +++ b/src/env.ts @@ -165,5 +165,6 @@ export class Environment { dispose(): void { this.channel.dispose(); + this.client?.dispose(); } } diff --git a/src/extension.ts b/src/extension.ts index 8d17f46c..375d23ca 100644 --- a/src/extension.ts +++ b/src/extension.ts @@ -26,6 +26,8 @@ async function createOrUpdateEnvironment( } async function afterClientStart(context: ExtensionContext, env: Environment) { + context.subscriptions.push(env); + if (!env.client) { vscode.window.showErrorMessage( "Semgrep Extension failed to activate, please check output", @@ -33,7 +35,8 @@ async function afterClientStart(context: ExtensionContext, env: Environment) { return; } const statusBar = createStatusBar(); - registerCommands(env); + context.subscriptions.push(statusBar); + registerCommands(env).forEach((d) => context.subscriptions.push(d)); statusBar.show(); // register stuff for search webview @@ -49,9 +52,11 @@ async function afterClientStart(context: ExtensionContext, env: Environment) { env.provider = provider; // register content provider for the AST showing document - vscode.workspace.registerTextDocumentContentProvider( - SemgrepDocumentProvider.scheme, - env.documentView, + context.subscriptions.push( + vscode.workspace.registerTextDocumentContentProvider( + SemgrepDocumentProvider.scheme, + env.documentView, + ), ); // Handle configuration changes context.subscriptions.push( diff --git a/src/test/suite/basic.test.ts b/src/test/suite/basic.test.ts index 84a0c6e7..c1ceee2b 100644 --- a/src/test/suite/basic.test.ts +++ b/src/test/suite/basic.test.ts @@ -10,7 +10,6 @@ import { PublishDiagnosticsParams, } from "vscode-languageclient/node"; import path = require("path"); -import { restartLsp } from "../../lsp"; const SCAN_TIMEOUT = 180000; const USE_JS = process.env["USE_JS"]; @@ -55,6 +54,7 @@ if (USE_JS || process.platform === "win32") { "lib/startup/validatePreconditions.ts", "routes/redirect.ts", "routes/search.ts", + "cli/src/semgrep/commands/install.py", ]; SKIPPED_FILES = SKIPPED_FILES.concat(additional_skipped_files); } From 899126a320dd856b9503cf5759afb4e5fb7ad31b Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Wed, 21 Aug 2024 15:15:08 -0700 Subject: [PATCH 23/27] revert file removal --- src/test/suite/basic.test.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/src/test/suite/basic.test.ts b/src/test/suite/basic.test.ts index c1ceee2b..710d0d4f 100644 --- a/src/test/suite/basic.test.ts +++ b/src/test/suite/basic.test.ts @@ -54,7 +54,6 @@ if (USE_JS || process.platform === "win32") { "lib/startup/validatePreconditions.ts", "routes/redirect.ts", "routes/search.ts", - "cli/src/semgrep/commands/install.py", ]; SKIPPED_FILES = SKIPPED_FILES.concat(additional_skipped_files); } From c67e7342682d4955b570cb188c5792e1ba7ddd7e Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Wed, 21 Aug 2024 15:28:20 -0700 Subject: [PATCH 24/27] node version??? --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 8ac81cff..09c7527e 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -30,7 +30,7 @@ jobs: - name: Setup uses: actions/setup-node@v4.0.3 with: - node-version: lts/* + node-version: 16 - name: install dependencies run: npm ci - uses: "aws-actions/configure-aws-credentials@v4.0.2" From 6c9621f9aa9232d079668cf32a9cd237e79da602 Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Wed, 21 Aug 2024 15:49:42 -0700 Subject: [PATCH 25/27] also remove binary? --- .github/workflows/tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 09c7527e..5b9d83ee 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -30,7 +30,7 @@ jobs: - name: Setup uses: actions/setup-node@v4.0.3 with: - node-version: 16 + node-version: lts/* - name: install dependencies run: npm ci - uses: "aws-actions/configure-aws-credentials@v4.0.2" @@ -54,7 +54,7 @@ jobs: if: matrix.os == 'macos-latest' run: npm run test-native - name: uninstall semgrep - run: python -m pip uninstall -y semgrep + run: python -m pip uninstall -y semgrep && rm dist/osemgrep-pro - name: run js tests (Linux) if: matrix.os == 'ubuntu-latest' run: xvfb-run -a npm run test-js From 630ad334bc3b0031e2546cebd7caf3fd0157bf53 Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Wed, 21 Aug 2024 16:18:51 -0700 Subject: [PATCH 26/27] try env? --- src/lsp.ts | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/lsp.ts b/src/lsp.ts index cfe68a5a..05e75acb 100644 --- a/src/lsp.ts +++ b/src/lsp.ts @@ -210,7 +210,11 @@ async function lspOptions( }; let serverOptions; - if (process.platform === "win32" || env.config.get("useJS")) { + if ( + process.platform === "win32" || + env.config.get("useJS") || + process.env["USE_JS"] + ) { serverOptions = serverOptionsJs(env); } else { // Don't call this before as it can crash the extension on windows From 49b511aa6e2267531ddf8d261be5f86259a805cf Mon Sep 17 00:00:00 2001 From: ajbt200128 Date: Wed, 21 Aug 2024 16:24:46 -0700 Subject: [PATCH 27/27] try less ugly fix --- src/lsp.ts | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/src/lsp.ts b/src/lsp.ts index 05e75acb..d1428fda 100644 --- a/src/lsp.ts +++ b/src/lsp.ts @@ -76,9 +76,14 @@ async function findSemgrep(env: Environment): Promise { await env.reloadConfig(); } - return { - command: serverPath, - }; + // one last check to see if the binary exists + if (fs.existsSync(serverPath)) { + return { + command: serverPath, + }; + } else { + return null; + } } function semgrepCmdLineOpts(env: Environment): string[] { @@ -210,21 +215,12 @@ async function lspOptions( }; let serverOptions; - if ( - process.platform === "win32" || - env.config.get("useJS") || - process.env["USE_JS"] - ) { - serverOptions = serverOptionsJs(env); - } else { - // Don't call this before as it can crash the extension on windows + // if we're not on windows or not using JS, we can use the CLI + if (process.platform !== "win32") { serverOptions = await serverOptionsCli(env); - if (!serverOptions) { - vscode.window.showErrorMessage( - "Semgrep Extension failed to activate, please check output", - ); - return [null, null]; - } + } + if (!serverOptions || env.config.get("useJS")) { + serverOptions = serverOptionsJs(env); } return [serverOptions, clientOptions];