search

dotnet / vscode-csharp

Official C# support for Visual Studio Code
MIT License
2.85k stars 667 forks source link

C# Extension throws error on hover over diagnostic from Semgrep Extension. #7505

Open jkinsfather opened 1 week ago

jkinsfather commented 1 week ago

Type: Bug

Issue Description

The C# extension cannot handle code actions when there are diagnostics from the Semgrep Extension included in the request.

Hovering over a Semgrep diagnostic causes the C# extension to throw a Request textDocument/codeAction failed. error.

Steps to Reproduce

  1. Install the C# extension
  2. Install the Semgrep extension
  3. Install the Semgrep CLI tool locally: 'brew install semgrep'

  4. Create a new .cs file with the following contents:

    using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using RazorEngine;
using RazorEngine.Templating;

namespace RazorVulnerableApp.Controllers
{
public class HomeController : Controller
{
    [HttpPost]
    [ValidateInput(false)]
    public ActionResult Index(string inert, string razorTpl)
    {
        // WARNING This code is vulnerable on purpose: do not use in production and do not take it as an example!
        // ruleid: razor-template-injection
        ViewBag.RenderedTemplate = Razor.Parse(razorTpl);
        ViewBag.Template = razorTpl;
        return View();
    }
}
}
  5. Run a Semgrep scan with the VS Code command Semgrep: scan all files in workspace.
  6. Hover over the Semgrep diagnostic on line 19 of the file.
  7. Note the error thrown by the C# extension as a popup in the lower right-hand corner with the message Request textDocument/codeAction failed.

Expected Behavior

The C# extension should not throw an error when hovering over the diagnostic from another extension.

Actual Behavior

The C# extension throws an error when hovering over a diagnostic from the Semgrep extension.

Logs

C# log

[Error - 10:57:41 AM] [LanguageServerHost] System.UriFormatException: Invalid URI: The Authority/Host could not be parsed.
   at System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind, UriCreationOptions& creationOptions)
   at System.Uri..ctor(String uriString)
   at Roslyn.LanguageServer.Protocol.DocumentUriConverter.Read(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options) in /_/src/LanguageServer/Protocol/Protocol/Converters/DocumentUriConverter.cs:line 17
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.Metadata.JsonPropertyInfo`1.ReadJsonAndSetMember(Object obj, ReadStack& state, Utf8JsonReader& reader)
   at System.Text.Json.Serialization.Converters.ObjectDefaultConverter`1.OnTryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value)
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.Metadata.JsonPropertyInfo`1.ReadJsonAndSetMember(Object obj, ReadStack& state, Utf8JsonReader& reader)
   at System.Text.Json.Serialization.Converters.ObjectDefaultConverter`1.OnTryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value)
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.JsonConverter`1.ReadCore(Utf8JsonReader& reader, JsonSerializerOptions options, ReadStack& state)
   at System.Text.Json.JsonSerializer.Read[TValue](Utf8JsonReader& reader, JsonTypeInfo`1 jsonTypeInfo)
   at Roslyn.LanguageServer.Protocol.VSExtensionConverter`2.Read(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options) in /_/src/LanguageServer/Protocol/Protocol/Extensions/Converters/VSExtensionConverter.cs:line 25
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.JsonCollectionConverter`2.OnTryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, TCollection& value)
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.Metadata.JsonPropertyInfo`1.ReadJsonAndSetMember(Object obj, ReadStack& state, Utf8JsonReader& reader)
   at System.Text.Json.Serialization.Converters.ObjectDefaultConverter`1.OnTryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value)
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.JsonConverter`1.ReadCore(Utf8JsonReader& reader, JsonSerializerOptions options, ReadStack& state)
   at System.Text.Json.JsonSerializer.Read[TValue](Utf8JsonReader& reader, JsonTypeInfo`1 jsonTypeInfo)
   at Roslyn.LanguageServer.Protocol.VSExtensionConverter`2.Read(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options) in /_/src/LanguageServer/Protocol/Protocol/Extensions/Converters/VSExtensionConverter.cs:line 25
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.Metadata.JsonPropertyInfo`1.ReadJsonAndSetMember(Object obj, ReadStack& state, Utf8JsonReader& reader)
   at System.Text.Json.Serialization.Converters.ObjectDefaultConverter`1.OnTryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value)
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.JsonConverter`1.ReadCore(Utf8JsonReader& reader, JsonSerializerOptions options, ReadStack& state)
   at System.Text.Json.JsonSerializer.ReadFromSpan[TValue](ReadOnlySpan`1 utf8Json, JsonTypeInfo`1 jsonTypeInfo, Nullable`1 actualByteCount)
   at System.Text.Json.JsonSerializer.Deserialize[TValue](JsonElement element, JsonSerializerOptions options)
   at Microsoft.CommonLanguageServerProtocol.Framework.SystemTextJsonLanguageServer`1.DeserializeRequest[TRequest](Object serializedRequest, RequestHandlerMetadata metadata) in /_/src/LanguageServer/Microsoft.CommonLanguageServerProtocol.Framework/SystemTextJsonLanguageServer.cs:line 30
   at Microsoft.CommonLanguageServerProtocol.Framework.QueueItem`1.TryDeserializeRequest[TRequest](AbstractLanguageServer`1 languageServer, RequestHandlerMetadata requestHandlerMetadata, Boolean isMutating, TRequest& request) in /_/src/LanguageServer/Microsoft.CommonLanguageServerProtocol.Framework/QueueItem.cs:line 117
[Error - 10:57:41 AM] Request textDocument/codeAction failed.
  Message: Invalid URI: The Authority/Host could not be parsed.
  Code: -32000 
[object Object]
[LanguageServerHost] [06:04:19.029][End]textDocument/codeAction
[LanguageServerHost] No request parameters given, using default language handler
[LanguageServerHost] [06:04:31.798][Start]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] [06:04:31.799][End]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] No request parameters given, using default language handler
[LanguageServerHost] [06:04:33.132][Start]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] [06:04:33.133][End]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] No request parameters given, using default language handler
[LanguageServerHost] [06:04:54.962][Start]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] [06:04:54.963][End]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] No request parameters given, using default language handler
[LanguageServerHost] [06:04:56.392][Start]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] [06:04:56.393][End]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] No request parameters given, using default language handler
[LanguageServerHost] [06:05:00.973][Start]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] [06:05:00.974][End]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] Using C# from request text document
[LanguageServerHost] /Users/jkinsfather/repo/apps/dvcsharp-api/semgrep_test.cs found in workspace Host
[LanguageServerHost] [06:05:01.218][Start]textDocument/codeLens
[LanguageServerHost] [06:05:01.220][End]textDocument/codeLens
[LanguageServerHost] Using C# from data text document
[LanguageServerHost] /Users/jkinsfather/repo/apps/dvcsharp-api/semgrep_test.cs found in workspace Host
[LanguageServerHost] [06:05:01.474][Start]codeLens/resolve
[LanguageServerHost] [06:05:01.481][End]codeLens/resolve
[LanguageServerHost] Using C# from request text document

C# LSP Trace Logs

Environment information

VSCode version: 1.92.2 C# Extension: 2.39.29 Using OmniSharp: false

Dotnet Information .NET SDK: Version: 8.0.401 Commit: 811edcc344 Workload version: 8.0.400-manifests.b6724b7a MSBuild version: 17.11.4+37eb419ad Runtime Environment: OS Name: Mac OS X OS Version: 14.6 OS Platform: Darwin RID: osx-arm64 Base Path: /usr/local/share/dotnet/sdk/8.0.401/ .NET workloads installed: Configured to use loose manifests when installing new manifests. There are no installed workloads to display. Host: Version: 8.0.8 Architecture: arm64 Commit: 08338fcaa5 .NET SDKs installed: 8.0.401 [/usr/local/share/dotnet/sdk] .NET runtimes installed: Microsoft.AspNetCore.App 8.0.8 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App] Microsoft.NETCore.App 8.0.8 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App] Other architectures found: None Environment variables: Not set global.json file: Not found Learn more: https://aka.ms/dotnet/info Download .NET: https://aka.ms/dotnet/download
Visual Studio Code Extensions |Extension|Author|Version|Folder Name| |---|---|---|---| |black-formatter|ms-python|2024.2.0|ms-python.black-formatter-2024.2.0| |cmake|twxs|0.0.17|twxs.cmake-0.0.17| |cmake-tools|ms-vscode|1.19.49|ms-vscode.cmake-tools-1.19.49| |cpptools|ms-vscode|1.21.6|ms-vscode.cpptools-1.21.6-darwin-arm64| |cpptools-extension-pack|ms-vscode|1.3.0|ms-vscode.cpptools-extension-pack-1.3.0| |cpptools-themes|ms-vscode|2.0.0|ms-vscode.cpptools-themes-2.0.0| |csdevkit|ms-dotnettools|1.9.55|ms-dotnettools.csdevkit-1.9.55-darwin-arm64| |csharp|ms-dotnettools|2.39.29|ms-dotnettools.csharp-2.39.29-darwin-arm64| |debugpy|ms-python|2024.10.0|ms-python.debugpy-2024.10.0-darwin-arm64| |intellicode-api-usage-examples|VisualStudioExptTeam|0.2.8|visualstudioexptteam.intellicode-api-usage-examples-0.2.8| |java|redhat|1.34.0|redhat.java-1.34.0-darwin-arm64| |json|Meezilla|0.1.2|meezilla.json-0.1.2| |json|ZainChen|2.0.2|zainchen.json-2.0.2| |org-mode|tootone|0.5.0|tootone.org-mode-0.5.0| |prettify-json|mohsen1|0.0.3|mohsen1.prettify-json-0.0.3| |preview-vscode|searKing|2.3.7|searking.preview-vscode-2.3.7| |python|ms-python|2024.12.3|ms-python.python-2024.12.3-darwin-arm64| |sarif-viewer|MS-SarifVSCode|3.4.4|ms-sarifvscode.sarif-viewer-3.4.4| |semgrep|Semgrep|1.8.2|semgrep.semgrep-1.8.2| |sr-jsonnet-extension|SR|0.14.0|sr.sr-jsonnet-extension-0.14.0| |vscode-ansi|iliazeus|1.1.7|iliazeus.vscode-ansi-1.1.7| |vscode-dotnet-runtime|ms-dotnettools|2.1.5|ms-dotnettools.vscode-dotnet-runtime-2.1.5| |vscode-gradle|vscjava|3.16.4|vscjava.vscode-gradle-3.16.4| |vscode-java-debug|vscjava|0.58.0|vscjava.vscode-java-debug-0.58.0| |vscode-java-dependency|vscjava|0.24.0|vscjava.vscode-java-dependency-0.24.0| |vscode-java-pack|vscjava|0.29.0|vscjava.vscode-java-pack-0.29.0| |vscode-java-test|vscjava|0.42.0|vscjava.vscode-java-test-0.42.0| |vscode-jsonnet|Grafana|0.6.1|grafana.vscode-jsonnet-0.6.1| |vscode-maven|vscjava|0.44.0|vscjava.vscode-maven-0.44.0| |vscode-pylance|ms-python|2024.8.2|ms-python.vscode-pylance-2024.8.2| |vscode-yaml|redhat|1.15.0|redhat.vscode-yaml-1.15.0| |vscodeintellicode|VisualStudioExptTeam|1.3.1|visualstudioexptteam.vscodeintellicode-1.3.1|;

Extension version: 2.39.29 VS Code version: Code 1.92.2 (Universal) (fee1edb8d6d72a0ddff41e5f71a671c23ed924b9, 2024-08-14T17:29:30.058Z) OS version: Darwin arm64 23.6.0 Modes:

System Info |Item|Value| |---|---| |CPUs|Apple M2 Pro (10 x 2400)| |GPU Status|2d_canvas: enabled
canvas_oop_rasterization: enabled_on
direct_rendering_display_compositor: disabled_off_ok
gpu_compositing: enabled
multiple_raster_threads: enabled_on
opengl: enabled_on
rasterization: enabled
raw_draw: disabled_off_ok
skia_graphite: disabled_off
video_decode: enabled
video_encode: enabled
webgl: enabled
webgl2: enabled
webgpu: enabled
webnn: disabled_off| |Load (avg)|3, 3, 3| |Memory (System)|16.00GB (0.06GB free)| |Process Argv|--crash-reporter-id 830ea1cb-5cd9-4878-9098-4764a60399f9| |Screen Reader|no| |VM|0%|
A/B Experiments ``` vsliv368cf:30146710 vspor879:30202332 vspor708:30202333 vspor363:30204092 vscod805cf:30301675 binariesv615:30325510 vsaa593:30376534 py29gd2263:31024239 c4g48928:30535728 azure-dev_surveyone:30548225 a9j8j154:30646983 962ge761:30959799 pythongtdpath:30769146 welcomedialog:30910333 pythonnoceb:30805159 asynctok:30898717 pythonregdiag2:30936856 pythonmypyd1:30879173 h48ei257:31000450 pythontbext0:30879054 accentitlementst:30995554 dsvsc016:30899300 dsvsc017:30899301 dsvsc018:30899302 cppperfnew:31000557 dsvsc020:30976470 pythonait:31006305 dsvsc021:30996838 g316j359:31013175 pythoncenvpt:31062603 a69g1124:31058053 dvdeprecation:31068756 dwnewjupytercf:31046870 newcmakeconfigv2:31071590 impr_priority:31102340 refactort:31108082 pythonrstrctxt:31112756 flightc:31119335 wkspc-onlycs-t:31111718 wkspc-ranged-t:31125599 fje88620:31121564 aajjf12562cf:31125794 ```
dibarbet commented 1 week ago

@jkinsfather if you have it, could you also include the full JSON of the failing code action request? It should be in the 'C# LSP Trace Logs' output window when dotnet.server.trace is set to Trace (looks like you have that enabled).

I suspect that the semgrep diagnostic has an invalid URI somewhere in it, which is getting serialized in the code action request.

jkinsfather commented 1 week ago

@dibarbet here is a zip of the 'C# LSP Trace Logs' 7-C# LSP Trace Logs.log.zip

Is this the correct JSON?

[Trace - 1:08:33 PM] Sending request 'textDocument/codeAction - (2)'.
Params: {
    "textDocument": {
        "uri": "file:///Users/jkinsfather/repo/apps/dvcsharp-api/semgrep_test.cs"
    },
    "range": {
        "start": {
            "line": 9,
            "character": 1
        },
        "end": {
            "line": 9,
            "character": 1
        }
    },
    "context": {
        "diagnostics": [],
        "triggerKind": 2
    }
}

[Trace - 1:08:33 PM] Received response 'textDocument/codeAction - (2)' in 62ms. Request failed: The task was cancelled. (-32800).