microsoft / sarif-visualstudio-extension

SARIF Microsoft Visual Studio Viewer Extension
MIT License
46 stars 19 forks source link

Adding the ability to query from the DevCanvas endpoint #599

Closed edkazcarlson-ms closed 1 year ago

edkazcarlson-ms commented 1 year ago

This PR introduces the DevCanvas plugin which will allow users to query data from the endpoint, making it so that users will see insights related to their code that we have cooked. This also adds the ability for result source service's to query based on files open as a whole as currently it only queries based on the project opened at the start.

What is NOT included in this PR:

Currently I have a try catch in SarifErrorListItem that helps silently catch an exception that occurs from some strange sarif parsing. Currently in our sarif log response there is a driver under runs[].tools where we describe the tool, and then in the results we have a reporting descriptor under results[].rule where we have the name and guid of the tool. Looking at the code for result.GetRule(run) it seems to only search under tool.extensions and throws an exception when it fails to find, but the difference between the toolComponent for tool.driver and tool.extensions seems unclear and I'm not sure if I need to change the response our API sends or if there is a change we should make in the Sarif SDK itself.

Even once this gets approved I will not be merging. Instead I'll be using this as a feature branch which I'll branch off of when doing other smaller changes (explanations for the auth window, filtering to only ms users, etc).

ShiningMassXAcc commented 1 year ago

We need to restrict who gets the auth popups. Chris has a menu option to opt-in - ideally, we have this figured out automatically.

ShiningMassXAcc commented 1 year ago

Do we want to think about at least a short-term hack to prevent double show for people that have both extensions?

edkazcarlson-ms commented 1 year ago

@ShiningMassXAcc

We need to restrict who gets the auth popups. Chris has a menu option to opt-in - ideally, we have this figured out automatically.

Thought of some ways of doing it but they're all hacky.

@edkazcarlson-ms

edkazcarlson-ms commented 1 year ago

Note: Will put this in description too, but even once this gets approved I will not be merging. Instead I'll be using this as a feature branch which I'll branch off of when doing other smaller changes (explanations for the auth window, filtering to only ms users, etc).