From 3fb71e1b7506229714b8b8de9808fb54a283124b Mon Sep 17 00:00:00 2001 From: Chanan Merari <cmerari@paloaltonetworks.com> Date: Sun, 13 Oct 2024 14:40:11 +0300 Subject: [PATCH] [PCSUP-24970] - When using the Prisma Cloud VS Code Extension, CVE fixes are not applied to the file // Worley Parsons --- CHANGELOG.md | 1 + src/services/fixService.ts | 22 ++++++++++------------ src/types/checkov.ts | 1 + 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3c6004f..bc78393 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ - Fixed an issue where an error log wasn't triggered on extension activation failure - Fixed an issue where trailing slashes on Prisma URl configuration caused scan issues +- Fixed an issue where clicking fix on an SCA finding showed the wrong message ## [1.0.21] - 2024-09-15 diff --git a/src/services/fixService.ts b/src/services/fixService.ts index 9534eaa..63e2283 100644 --- a/src/services/fixService.ts +++ b/src/services/fixService.ts @@ -4,12 +4,12 @@ import * as vscode from 'vscode'; import { CONFIG } from '../config'; import { CHECKOV_RESULT_CATEGORY } from '../constants'; +import { CategoriesService, CheckovExecutor } from '../services'; import { CheckovResult } from '../types'; -import { CategoriesService, CheckovExecutor, ResultsService } from '../services'; +import { isPipInstall, isWindows } from '../utils'; import { CheckovResultWebviewPanel } from '../views/interface/checkovResult'; -import { CustomPopupService } from './customPopupService'; import { TreeDataProvidersContainer } from '../views/interface/primarySidebar/services/treeDataProvidersContainer'; -import { isPipInstall, isWindows } from '../utils'; +import { CustomPopupService } from './customPopupService'; export class FixService { public static async fix(result: CheckovResult) { @@ -28,15 +28,14 @@ export class FixService { } private static async applyScaFix({ vulnerability_details }: CheckovResult) { - const command = vulnerability_details.fix_command.cmds.join(EOL).replace(/`/g, ''); - const message = `${vulnerability_details.fix_command.msg}:${EOL}${command}`; - - if (vulnerability_details.fix_command.manualCodeFix) { - const { msg, cmds } = vulnerability_details.fix_command; - vscode.window.showInformationMessage(`${msg}: ${cmds.length > 1 ? cmds.join(', ') : cmds[0]}`); - return; + const { msg, cmds, manualCodeFix } = vulnerability_details.fix_command; + const command = (cmds.length > 1 ? cmds.join(EOL) : cmds[0]).replace(/`/g, ''); + let message; + if (manualCodeFix) { + message = `To bump to the fixed version please manually change the version to ${vulnerability_details.lowest_fixed_version} and run the following command:${EOL}${command}`; + } else { + message = `${msg}:${EOL}${command}`; } - const action = await vscode.window.showInformationMessage( CONFIG.userInterface.extensionTitle, { @@ -47,7 +46,6 @@ export class FixService { title: 'Copy Command', }, ); - if (action) { if (action.title === 'Copy Command') { vscode.env.clipboard.writeText(command); diff --git a/src/types/checkov.ts b/src/types/checkov.ts index b8cc79b..f8068ee 100644 --- a/src/types/checkov.ts +++ b/src/types/checkov.ts @@ -25,6 +25,7 @@ export type CheckovResult = { package_name: string; package_version: string; license: string; + lowest_fixed_version: string; fix_command: { cmds: string[]; manualCodeFix: boolean;