Merge pull request #8 from GitGuardian/salomevoltz/scrt-4847-declare-fp-update-gitguardianyaml

feat(ignore_fp): Add option to ignore one secret

Author: salome-voltz

src/extension.ts

@@ -2,6 +2,7 @@ import {
   ggshieldAuthStatus,
   ggshieldScanFile,
   ignoreLastFound,
+  ignoreSecret,
   loginGGShield,
   showAPIQuota,
 } from "./lib/ggshield-api";
@@ -23,9 +24,13 @@ import {
   StatusBarAlignment,
 } from "vscode";
 import { GGShieldResolver } from "./lib/ggshield-resolver";
-import { isGitInstalled } from "./utils";
+import { getCurrentFile, isGitInstalled } from "./utils";
 import { GitGuardianWebviewProvider } from "./ggshield-webview/gitguardian-webview-view";
 import { StatusBarStatus, updateStatusBarItem } from "./status-bar-utils";
+import {
+  generateSecretName,
+  GitGuardianSecretHoverProvider,
+} from "./gitguardian-hover-provider";
 
 /**
  * Extension diagnostic collection
@@ -129,6 +134,10 @@ export function activate(context: ExtensionContext) {
   registerOpenViewsCommands(context, outputChannel);
   context.subscriptions.push(statusBar);
 
+  context.subscriptions.push(
+    languages.registerHoverProvider("*", new GitGuardianSecretHoverProvider())
+  );
+
   ggshieldResolver
     .checkGGShieldConfiguration()
     .then(() => {
@@ -176,6 +185,24 @@ export function activate(context: ExtensionContext) {
             cleanUpFileDiagnostics(window.activeTextEditor?.document.uri);
           }
         }),
+        commands.registerCommand(
+          "gitguardian.ignoreSecret",
+          (diagnosticData) => {
+            let currentFile = getCurrentFile();
+            let secretName = generateSecretName(currentFile, diagnosticData);
+
+            ignoreSecret(
+              ggshieldResolver.configuration,
+              diagnosticData.secretSha,
+              secretName
+            );
+            scanFile(
+              currentFile,
+              Uri.file(currentFile),
+              ggshieldResolver.configuration
+            );
+          }
+        ),
         commands.registerCommand("gitguardian.authenticate", async () => {
           const isAuthenticated = await loginGGShield(
             ggshieldResolver.configuration,

src/gitguardian-hover-provider.ts

@@ -0,0 +1,71 @@
+import * as vscode from "vscode";
+
+export class GitGuardianSecretHoverProvider implements vscode.HoverProvider {
+  public provideHover(
+    document: vscode.TextDocument,
+    position: vscode.Position,
+    token: vscode.CancellationToken
+  ): vscode.ProviderResult<vscode.Hover> {
+    const diagnostics = vscode.languages.getDiagnostics(document.uri);
+
+    for (const diagnostic of diagnostics) {
+      if (
+        diagnostic.range.contains(position) &&
+        diagnostic.source === "gitguardian"
+      ) {
+        const hoverMessage = new vscode.MarkdownString();
+        hoverMessage.isTrusted = true;
+
+        const diagnosticData = diagnosticToJSON(diagnostic);
+        const encodedDiagnosticData = encodeURIComponent(diagnosticData);
+
+        hoverMessage.appendMarkdown(
+          `[GitGuardian: Ignore Secret](command:gitguardian.ignoreSecret?${encodedDiagnosticData} "Click to ignore this incident")`
+        );
+        return new vscode.Hover(hoverMessage, diagnostic.range);
+      }
+    }
+
+    return null;
+  }
+}
+
+function diagnosticToJSON(diagnostic: vscode.Diagnostic) {
+  // Extract the infos useful to generate the secret name
+  const { detector, secretSha } = extractInfosFromMessage(diagnostic.message);
+
+  const diagnosticObject = {
+    startLine: diagnostic.range.start.line,
+    detector: detector,
+    secretSha: secretSha,
+  };
+
+  // Convert the object to a JSON string
+  return JSON.stringify(diagnosticObject);
+}
+
+function extractInfosFromMessage(message: string): {
+  detector: string;
+  secretSha: string;
+} {
+  const regexDetectorPattern = /Secret detected: ([a-zA-Z ]+)/;
+  const regexShaPattern = /Secret SHA: ([a-zA-Z0-9]+)/;
+
+  const matchDetector = message.match(regexDetectorPattern);
+  const matchSha = message.match(regexShaPattern);
+
+  if (matchDetector && matchSha) {
+    const detector = matchDetector[1].trim();
+    const secretSha = matchSha[1].trim();
+    return { detector, secretSha };
+  } else {
+    throw new Error("No match found");
+  }
+}
+
+export function generateSecretName(
+  currentFile: string,
+  uriDiagnostic: any
+): string {
+  return `${uriDiagnostic.detector} - ${currentFile}:l.${uriDiagnostic.startLine}`;
+}

src/lib/ggshield-api.ts

@@ -94,6 +94,32 @@ export function ignoreLastFound(
   }
 }
 
+/**
+ * Ignore one secret.
+ *
+ * Show error message on failure
+ */
+export function ignoreSecret(
+  configuration: GGShieldConfiguration,
+  secretSha: string,
+  secretName: string
+): boolean {
+  const proc = runGGShieldCommand(configuration, [
+    "secret",
+    "ignore",
+    secretSha,
+    "--name",
+    secretName,
+  ]);
+  if (proc.stderr || proc.error) {
+    console.log(proc.stderr);
+    return false;
+  } else {
+    console.log(proc.stdout);
+    return true;
+  }
+}
+
 /**
  * Scan a file using ggshield CLI application
  *

src/lib/ggshield-results-parser.ts

@@ -62,6 +62,8 @@ Incident URL: ${incident.incident_url || "N/A"}
 Secret SHA: ${incident.ignore_sha}`,
               DiagnosticSeverity.Warning
             );
+
+            diagnostic.source = "gitguardian";
             diagnostics.push(diagnostic);
           });
         });

src/utils.ts

@@ -1,4 +1,6 @@
+import * as vscode from "vscode";
 import { spawnSync } from "child_process";
+import path = require("path");
 
 export async function isGitInstalled(): Promise<boolean> {
   return new Promise((resolve) => {
@@ -11,3 +13,12 @@ export async function isGitInstalled(): Promise<boolean> {
     }
   });
 }
+
+export function getCurrentFile(): string {
+  const activeEditor = vscode.window.activeTextEditor;
+  if (activeEditor) {
+    return activeEditor.document.fileName;
+  } else {
+    return "";
+  }
+}