I'm using weAudit in a multi-root workspace, and struggling a bit to keep findings and filepaths from breaking.
I can probably work around it by skipping the workspace, and working directly from the root folder instead, but that means having to work without certain other useful extensions. I thought I'd share an example, if someone wants to take a stab at improving support for multi-root workspaces.
Steps to reproduce
Create and save a new workspace (File → Save Workspace As...)
Add two or more directories (e.g. api & frontend) (File → Add Folder to Workspace...)
Create a weAudit finding in each directory
weAudit creates the .vscode dir in the topmost directory
Navigating and editing the findings works exactly as expected
Close and reopen the workspace
weAudit fails to load the findings, and shows an error about findings outside the workspace
Analysis
Opening the *.weaudit file, we see that .treeEntries[].locations[].path are relative to the first directory, api:
When loading, it gets tripped up on the fact that the finding is outside the "workspace path", i.e. the directory containing .vscode/, even though the file is in fact part of the current workspace.
I don't know if the VSCode API allows for easily checking "is this file part of the workspace". I suppose it could be as straightforward as looping through vscode.workspace.workspaceFolders and doing the same check for each..?
Hi, thanks for releasing a really useful tool!
I'm using weAudit in a multi-root workspace, and struggling a bit to keep findings and filepaths from breaking.
I can probably work around it by skipping the workspace, and working directly from the root folder instead, but that means having to work without certain other useful extensions. I thought I'd share an example, if someone wants to take a stab at improving support for multi-root workspaces.
Steps to reproduce
api
&frontend
) (File → Add Folder to Workspace...).vscode
dir in the topmost directoryAnalysis
Opening the
*.weaudit
file, we see that.treeEntries[].locations[].path
are relative to the first directory,api
:When loading, it gets tripped up on the fact that the finding is outside the "workspace path", i.e. the directory containing
.vscode/
, even though the file is in fact part of the current workspace.https://github.com/trailofbits/vscode-weaudit/blob/74efbc2a2f65134367cdf920ad17cb435d09b092/src/codeMarker.ts#L1621-L1623
I don't know if the VSCode API allows for easily checking "is this file part of the workspace". I suppose it could be as straightforward as looping through
vscode.workspace.workspaceFolders
and doing the same check for each..?