CM-43067 - Add the "Ignore this violation" button for the violation card of SCA (#35)

Author: MarshalX

CHANGELOG.md

@@ -4,6 +4,12 @@
 
 ## [Unreleased]
 
+## [1.8.0] - 2024-12-20
+
+- Add the "Ignore this violation" button for the violation card of SCA
+- Add support of `.gitignore` files for a file excluding from scans
+- Fix "Path to executable" setting reset on empty value
+
 ## [1.7.0] - 2024-12-11
 
 - Add AI remediations for IaC and SAST
@@ -73,6 +79,8 @@
 
 The first public release of the extension.
 
+[1.8.0]: https://github.com/cycodehq/visual-studio-extension/releases/tag/v1.8.0
+
 [1.7.0]: https://github.com/cycodehq/visual-studio-extension/releases/tag/v1.7.0
 
 [1.6.1]: https://github.com/cycodehq/visual-studio-extension/releases/tag/v1.6.1
@@ -103,4 +111,4 @@ The first public release of the extension.
 
 [1.0.0]: https://github.com/cycodehq/visual-studio-extension/releases/tag/v1.0.0
 
-[Unreleased]: https://github.com/cycodehq/visual-studio-extension/compare/v1.7.0...HEAD
+[Unreleased]: https://github.com/cycodehq/visual-studio-extension/compare/v1.8.0...HEAD

src/extension/Cycode.VisualStudio.Extension.14.0-16.0/source.extension.vsixmanifest

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <PackageManifest Version="2.0.0" xmlns="http://schemas.microsoft.com/developer/vsx-schema/2011" xmlns:d="http://schemas.microsoft.com/developer/vsx-schema-design/2011">
     <Metadata>
-        <Identity Id="Cycode.7e1a0714-9b3b-4e0e-9c0a-d23fb20ab86e" Version="1.7.0" Language="en-US" Publisher="cycodehq" />
+        <Identity Id="Cycode.7e1a0714-9b3b-4e0e-9c0a-d23fb20ab86e" Version="1.8.0" Language="en-US" Publisher="cycodehq" />
         <DisplayName>Cycode</DisplayName>
         <Description xml:space="preserve">Cycode for Visual Studio IDE</Description>
         <MoreInfo>https://github.com/cycodehq/visual-studio-extension</MoreInfo>

src/extension/Cycode.VisualStudio.Extension.17.0/source.extension.vsixmanifest

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <PackageManifest Version="2.0.0" xmlns="http://schemas.microsoft.com/developer/vsx-schema/2011" xmlns:d="http://schemas.microsoft.com/developer/vsx-schema-design/2011">
     <Metadata>
-        <Identity Id="Cycode.f2c5020e-67a2-46f8-a888-609412fd59db" Version="1.7.0" Language="en-US" Publisher="cycodehq" />
+        <Identity Id="Cycode.f2c5020e-67a2-46f8-a888-609412fd59db" Version="1.8.0" Language="en-US" Publisher="cycodehq" />
         <DisplayName>Cycode</DisplayName>
         <Description xml:space="preserve">Cycode for Visual Studio IDE</Description>
         <MoreInfo>https://github.com/cycodehq/visual-studio-extension</MoreInfo>

src/extension/Cycode.VisualStudio.Extension.Shared/Cli/DTO/CliIgnoreType.cs

@@ -3,5 +3,6 @@
 public enum CliIgnoreType {
     Value,
     Path,
-    Rule
+    Rule,
+    Cve,
 }

src/extension/Cycode.VisualStudio.Extension.Shared/Cli/DTO/ScanResult/Sca/ScaDetectionDetailsAlert.cs

@@ -14,4 +14,5 @@ public class ScaDetectionDetailsAlert {
 
     public string VulnerableRequirements { get; set; }
     public string FirstPatchedVersion { get; set; }
+    public string CveIdentifier { get; set; }
 }

src/extension/Cycode.VisualStudio.Extension.Shared/Components/ViolationCards/ScaViolationCardControl.xaml

@@ -17,6 +17,8 @@
                 <RowDefinition />
                 <RowDefinition />
                 <RowDefinition />
+                <RowDefinition />
+                <RowDefinition />
             </Grid.RowDefinitions>
             <Grid.ColumnDefinitions>
                 <ColumnDefinition Width="3*" />
@@ -56,6 +58,14 @@
                 x:Name="CycodeGuidelines"
                 Grid.Row="10" Grid.Column="0" Grid.ColumnSpan="2"
                 Title="Cycode Guidelines" />
+
+            <common:Hr Grid.Row="11" Grid.Column="0" Grid.ColumnSpan="2" />
+            <Button Grid.Row="12" Grid.Column="1"
+                    Content="Ignore this violation"
+                    HorizontalAlignment="Right"
+                    VerticalAlignment="Bottom"
+                    Margin="0 0 10 10"
+                    Click="IgnoreButton_OnClickAsync" />
         </Grid>
     </ScrollViewer>
 </UserControl>

src/extension/Cycode.VisualStudio.Extension.Shared/Components/ViolationCards/ScaViolationCardControl.xaml.cs

@@ -1,6 +1,9 @@
+using System.Windows;
+using Cycode.VisualStudio.Extension.Shared.Cli.DTO;
 using Cycode.VisualStudio.Extension.Shared.Cli.DTO.ScanResult.Sca;
 using Cycode.VisualStudio.Extension.Shared.Helpers;
 using Cycode.VisualStudio.Extension.Shared.Icons;
+using Cycode.VisualStudio.Extension.Shared.Services;
 
 namespace Cycode.VisualStudio.Extension.Shared.Components.ViolationCards;
 
@@ -11,9 +14,16 @@ public partial class ScaViolationCardControl {
     private const int _summaryRowIndex = 8;
     private const int _customRemediationGuidelinesRowIndex = 9;
     private const int _cycodeRemediationGuidelinesRowIndex = 10;
+    private const int _actionsButtonHrRowIndex = 11;
+    private const int _ignoreThisViolationButtonRowIndex = 12;
+    
+    private readonly ICycodeService _cycodeService = ServiceLocator.GetService<ICycodeService>();
+
+    private readonly ScaDetection _detection;
 
     public ScaViolationCardControl(ScaDetection detection) {
         InitializeComponent();
+        _detection = detection;
 
         Header.Icon.Source = ExtensionIcons.GetCardSeverityBitmapSource(detection.Severity);
         Header.Title.Text = detection.DetectionDetails.Alert?.Summary ?? detection.Message;
@@ -64,5 +74,16 @@ public ScaViolationCardControl(ScaDetection detection) {
             CycodeGuidelines.Markdown = detection.DetectionDetails.RemediationGuidelines;
             GridHelper.ShowRow(Grid, _cycodeRemediationGuidelinesRowIndex);
         }
+        
+        if (string.IsNullOrEmpty(detection.DetectionDetails.Alert?.CveIdentifier)) {
+            GridHelper.HideRow(Grid, _actionsButtonHrRowIndex);
+            GridHelper.HideRow(Grid, _ignoreThisViolationButtonRowIndex);
+        }
+    }
+    
+    private async void IgnoreButton_OnClickAsync(object sender, RoutedEventArgs e) {
+        await _cycodeService.ApplyDetectionIgnoreAsync(
+            CliScanType.Sca, CliIgnoreType.Cve, _detection.DetectionDetails.Alert?.CveIdentifier
+        );
     }
 }

src/extension/Cycode.VisualStudio.Extension.Shared/Constants.cs

@@ -4,7 +4,7 @@ namespace Cycode.VisualStudio.Extension.Shared;
 
 public static class Constants {
     public const string AppName = "visual_studio_extension";
-    public const string RequiredCliVersion = "2.1.0";
+    public const string RequiredCliVersion = "2.2.0";
 
     public const string CycodeDomain = "cycode.com";
 

src/extension/Cycode.VisualStudio.Extension.Shared/Options/General.cs

@@ -20,6 +20,12 @@ protected override void OnApply(PageApplyEventArgs e) {
                 return;
             }
 
+            if (string.IsNullOrEmpty(general.CliPath)) {
+                general.CliPath = Constants.DefaultCliPath;
+                base.OnApply(e);
+                return;
+            }
+
             if (!File.Exists(general.CliPath)) {
                 VS.MessageBox.ShowError(
                     "The specified executable path does not exist. Please provide a valid path to the executable file."

src/extension/Cycode.VisualStudio.Extension.Shared/Services/CliService.cs

@@ -268,6 +268,7 @@ private static string MapIgnoreTypeToOptionName(CliIgnoreType type) {
             CliIgnoreType.Value => "--by-value",
             CliIgnoreType.Rule => "--by-rule",
             CliIgnoreType.Path => "--by-path",
+            CliIgnoreType.Cve => "--by-cve",
             _ => throw new ArgumentException("Invalid CliIgnoreType")
         };
     }

src/extension/Cycode.VisualStudio.Extension.Shared/Services/CycodeService.cs

@@ -196,9 +196,11 @@ private async Task ApplyDetectionIgnoreInUiAsync(CliIgnoreType ignoreType, strin
                 scanResultsService.ExcludeResultsByValue(value);
                 break;
             case CliIgnoreType.Path:
-                break;
             case CliIgnoreType.Rule:
                 break;
+            case CliIgnoreType.Cve:
+                scanResultsService.ExcludeResultsByCve(value);
+                break;
             default:
                 throw new ArgumentOutOfRangeException(nameof(ignoreType), ignoreType, null);
         }

src/extension/Cycode.VisualStudio.Extension.Shared/Services/ScanResultsService.cs

@@ -21,6 +21,7 @@ public interface IScanResultsService {
     void SaveDetectedSegment(CliScanType scanType, TextRange textRange, string value);
     string GetDetectedSegment(CliScanType scanType, TextRange textRange);
     void ExcludeResultsByValue(string value);
+    void ExcludeResultsByCve(string value);
 }
 
 public class ScanResultsService : IScanResultsService {
@@ -106,6 +107,11 @@ public void ExcludeResultsByValue(string value) {
         _secretScanDetections.RemoveAll(detection => detection.DetectionDetails.DetectedValue == value);
     }
 
+    public void ExcludeResultsByCve(string cve) {
+        // we have cve only in SCA results
+        _scaScanDetections.RemoveAll(detection => detection.DetectionDetails.Alert?.CveIdentifier == cve);
+    }
+
     private void ClearDetectedSegments(CliScanType? scanType = null) {
         if (scanType == null) {
             _detectedSegments.Clear();

src/extension/Cycode.VisualStudio.Extension.Shared/source.extension.cs

@@ -3,5 +3,5 @@ namespace Cycode.VisualStudio.Extension.Shared;
 internal sealed class Vsix {
     public const string Name = "Cycode";
     public const string Description = "Cycode for Visual Studio IDE";
-    public const string Version = "1.7.0";
+    public const string Version = "1.8.0";
 }