feat(ThreatComposer): edit, view Threat Models aws#5109

Problem
Threat models, represented as *.tc.json files, are rendered using the default JSON editor

Solution
Build a custom editor in VSCode to render *.tc.json files as a Threat Model, similar to how it would be displayed in a browser

Author: bijinai

docs/marketplace/vscode/threatComposer.gif

@@ -278,6 +278,11 @@
                     "markdownDescription": "%AWS.configuration.description.amazonq.shareContentWithAWS%",
                     "default": true,
                     "scope": "application"
+                },
+                "aws.threatComposer.defaultEditor": {
+                    "type": "boolean",
+                    "default": true,
+                    "description": "%AWS.configuration.description.threatComposer.defaultEditor%"
                 }
             }
         },
@@ -1174,6 +1179,10 @@
                 {
                     "command": "aws.toolkit.amazonq.extensionpage",
                     "when": "false"
+                },
+                {
+                    "command": "aws.newThreatComposerFile",
+                    "when": "false"
                 }
             ],
             "editor/title": [
@@ -1224,7 +1233,7 @@
                 },
                 {
                     "command": "aws.openInApplicationComposer",
-                    "when": "editorLangId == json || editorLangId == yaml || resourceFilename =~ /^.*\\.(template)$/",
+                    "when": "(editorLangId == json && !(resourceFilename =~ /^.*\\.tc\\.json$/)) || editorLangId == yaml || resourceFilename =~ /^.*\\.(template)$/",
                     "group": "navigation"
                 }
             ],
@@ -1345,7 +1354,7 @@
                 },
                 {
                     "command": "aws.openInApplicationComposer",
-                    "when": "isFileSystemResource && resourceFilename =~ /^.*\\.(json|yml|yaml|template)$/",
+                    "when": "isFileSystemResource && !(resourceFilename =~ /^.*\\.tc\\.json$/) && resourceFilename =~ /^.*\\.(json|yml|yaml|template)$/",
                     "group": "z_aws@1"
                 }
             ],
@@ -2014,6 +2023,11 @@
                     "command": "aws.toolkit.viewLogs",
                     "group": "1_help@5"
                 }
+            ],
+            "file/newFile": [
+                {
+                    "command": "aws.newThreatComposerFile"
+                }
             ]
         },
         "commands": [
@@ -3482,6 +3496,26 @@
                         "category": "%AWS.title.cn%"
                     }
                 }
+            },
+            {
+                "command": "aws.createNewThreatComposer",
+                "title": "%AWS.command.threatComposer.createNew%",
+                "category": "%AWS.title%",
+                "cloud9": {
+                    "cn": {
+                        "category": "%AWS.title.cn%"
+                    }
+                }
+            },
+            {
+                "command": "aws.newThreatComposerFile",
+                "title": "%AWS.command.threatComposer.newFile%",
+                "category": "%AWS.title%",
+                "cloud9": {
+                    "cn": {
+                        "category": "%AWS.title.cn%"
+                    }
+                }
             }
         ],
         "jsonValidation": [
@@ -3937,7 +3971,23 @@
                     }
                 ]
             }
-        ]
+        ],
+        "customEditors": [
+            {
+                "viewType": "threatComposer.tc.json",
+                "displayName": "%AWS.threatComposer.title%",
+                "selector": [
+                    {
+                        "filenamePattern": "*.tc.json"
+                    }
+                ]
+            }
+        ],
+        "configurationDefaults": {
+            "workbench.editorAssociations": {
+                "{git,gitlens,conflictResolution,vscode-local-history}:/**/*.tc.json": "default"
+            }
+        }
     },
     "scripts": {
         "postinstall": "npm run generateTelemetry && npm run generateConfigurationAttributes && npm run compile",

packages/core/package.json

@@ -212,6 +212,11 @@
     "AWS.command.q.transform.showChanges": "Show Proposed Changes",
     "AWS.command.q.transform.showChangeSummary": "Show Transformation Summary",
     "AWS.command.q.transform.showTransformationPlan": "Show Transformation Plan",
+    "AWS.command.threatComposer.createNew": "Create New Threat Composer File",
+    "AWS.command.threatComposer.newFile": "Threat Composer File",
+    "AWS.threatComposer.page.title": "{0} (Threat Composer)",
+    "AWS.threatComposer.title": "Threat Composer",
+    "AWS.configuration.description.threatComposer.defaultEditor": "Use Threat Composer as the default editor for *.tc.json files.",
     "AWS.command.accessanalyzer.iamPolicyChecks": "Open IAM Policy Checks",
     "AWS.lambda.explorerTitle": "Explorer",
     "AWS.developerTools.explorerTitle": "Developer Tools",

packages/core/package.nls.json

@@ -0,0 +1,180 @@
+/*!
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/* eslint-disable no-undef */
+/* eslint-disable no-case-declarations */
+
+const autoSaveIntervalTimeout = 1000
+const checkThreatComposerAPITimeout = 50
+
+const vscode = acquireVsCodeApi()
+const instanceMapper = {}
+let disableAutoSave = false
+let theme = 'unknown'
+
+// Handle messages sent from the extension to the webview
+window.addEventListener('message', handleMessage)
+
+function handleMessage(event) {
+    const message = event.data // The json data that the extension sent
+
+    if (message.messageType === 'BROADCAST') {
+        switch (message.command) {
+            case 'FILE_CHANGED':
+                const fileContents = message.fileContents
+
+                // Persist state information.
+                // This state is returned in the call to `vscode.getState` below when a webview is reloaded.
+                vscode.setState({
+                    fileName: message.fileName,
+                    filePath: message.filePath,
+                    fileContents: fileContents,
+                })
+
+                // Update our webview's content
+                updateContent(fileContents)
+                break
+
+            case 'THEME_CHANGED':
+                applyTheme(message.newTheme)
+                break
+
+            case 'OVERWRITE_FILE':
+                disableAutoSave = false
+                break
+        }
+    } else if (message.messageType === 'RESPONSE') {
+        switch (message.command) {
+            case 'SAVE_FILE':
+                if (message.isSuccess) {
+                    console.log('File Saved successfully')
+                    disableAutoSave = false
+                } else {
+                    console.log('File Save unsuccessful')
+                }
+                break
+        }
+    }
+}
+
+function updateContent(/** @type {string} */ text) {
+    if (document.readyState === 'complete') {
+        void render(text)
+    } else {
+        document.addEventListener('DOMContentLoaded', function () {
+            void render(text)
+        })
+    }
+}
+
+async function checkThreatComposerAPI() {
+    while (!window.threatcomposer || !window.threatcomposer.setCurrentWorkspaceData) {
+        await new Promise(r => setTimeout(r, checkThreatComposerAPITimeout))
+    }
+}
+
+/**
+ * Render the document in the webview.
+ */
+async function render(/** @type {string} */ text) {
+    await checkThreatComposerAPI()
+
+    vscode.postMessage({
+        command: 'LOAD_STAGE',
+        messageType: 'BROADCAST',
+        loadStage: 'API_LOADED',
+    })
+
+    try {
+        let threatModel = text && JSON.parse(text)
+        await window.threatcomposer.setCurrentWorkspaceData(threatModel)
+    } catch (e) {
+        disableAutoSave = true
+        await window.threatcomposer.setCurrentWorkspaceData('')
+        vscode.postMessage({
+            command: 'LOG',
+            messageType: 'BROADCAST',
+            logMessage: e.message,
+            logType: 'ERROR',
+            showNotification: true,
+            notificationType: 'INVALID_JSON',
+        })
+    }
+
+    let defaultTemplate = ''
+
+    if (text === '') {
+        const initialState = await window.threatcomposer.getCurrentWorkspaceData()
+        defaultTemplate = window.threatcomposer.stringifyWorkspaceData(initialState)
+    }
+
+    window.threatcomposer.addEventListener('save', e => {
+        const stringyfiedData = window.threatcomposer.stringifyWorkspaceData(e.detail)
+        const currentState = vscode.getState()
+        currentState.fileContents = stringyfiedData
+        vscode.setState(currentState)
+        disableAutoSave = true
+
+        vscode.postMessage({
+            command: 'SAVE_FILE',
+            messageType: 'REQUEST',
+            fileContents: stringyfiedData,
+        })
+    })
+
+    autoSaveInterval = setInterval(async () => {
+        if (disableAutoSave) {
+            return
+        }
+
+        const data = await window.threatcomposer.getCurrentWorkspaceData()
+        const stringyfiedData = window.threatcomposer.stringifyWorkspaceData(data)
+
+        const currentState = vscode.getState()
+
+        if (stringyfiedData === defaultTemplate || stringyfiedData === currentState.fileContents) {
+            return
+        }
+
+        currentState.fileContents = stringyfiedData
+        vscode.setState(currentState)
+
+        vscode.postMessage({
+            command: 'AUTO_SAVE_FILE',
+            messageType: 'REQUEST',
+            fileContents: stringyfiedData,
+        })
+    }, autoSaveIntervalTimeout)
+
+    vscode.postMessage({
+        command: 'LOAD_STAGE',
+        messageType: 'BROADCAST',
+        loadStage: 'RENDER_COMPLETE',
+    })
+}
+
+function applyTheme(newTheme) {
+    if (!newTheme || theme === newTheme) {
+        return
+    }
+    theme = newTheme
+
+    window.threatcomposer.applyTheme(newTheme)
+}
+
+// Webviews are normally torn down when not visible and re-created when they become visible again.
+// State lets us save information across these re-loads
+const state = vscode.getState()
+if (state && state.fileContents) {
+    vscode.postMessage({
+        command: 'RELOAD',
+        messageType: 'REQUEST',
+    })
+} else {
+    vscode.postMessage({
+        command: 'INIT',
+        messageType: 'REQUEST',
+    })
+}

packages/core/resources/js/vsCodeExtensionInterface.js

@@ -60,6 +60,7 @@ import { ExtensionUse } from './auth/utils'
 import { ExtStartUpSources } from './shared/telemetry'
 
 export { makeEndpointsProvider, registerGenericCommands } from './extensionShared'
+import { activate as activateThreatComposerEditor } from './threatComposer/activation'
 
 let localize: nls.LocalizeFunc
 
@@ -221,6 +222,7 @@ export async function activate(context: vscode.ExtensionContext) {
                 }
             }
             await activateApplicationComposer(context)
+            await activateThreatComposerEditor(context)
         }
 
         await activateStepFunctions(context, globals.awsContext, globals.outputChannel)

packages/core/src/extension.ts

@@ -67,7 +67,7 @@ export class FeedbackWebview extends VueWebview {
     }
 }
 
-type FeedbackId = 'AWS Toolkit' | 'Amazon Q' | 'Application Composer'
+type FeedbackId = 'AWS Toolkit' | 'Amazon Q' | 'Application Composer' | 'Threat Composer'
 
 let _submitFeedback: RegisteredCommand<(_: VsCodeCommandArg, id: FeedbackId) => Promise<void>> | undefined
 export function submitFeedback(_: VsCodeCommandArg, id: FeedbackId) {

packages/core/src/feedback/vue/submitFeedback.ts

@@ -332,6 +332,12 @@
             "name": "awsRegion",
             "type": "string",
             "description": "An AWS region."
+        },
+        {
+            "name": "saveType",
+            "type": "string",
+            "allowedValues": ["MANUAL_SAVE", "AUTO_SAVE"],
+            "description": "Type of save executed"
         }
     ],
     "metrics": [
@@ -1243,6 +1249,60 @@
                     "required": true
                 }
             ]
+        },
+        {
+            "name": "threatComposer_created",
+            "description": "Called after a new threat composer file is created using command pallet or New File option",
+            "metadata": [
+                {
+                    "type": "id",
+                    "required": true
+                }
+            ]
+        },
+        {
+            "name": "threatComposer_opened",
+            "description": "Called after opening a threat composer file",
+            "metadata": [
+                {
+                    "type": "id",
+                    "required": true
+                }
+            ]
+        },
+        {
+            "name": "threatComposer_fileSaved",
+            "description": "Called after a threat composer file has been saved",
+            "metadata": [
+                {
+                    "type": "id",
+                    "required": true
+                },
+                {
+                    "type": "saveType",
+                    "required": true
+                }
+            ]
+        },
+        {
+            "name": "threatComposer_closed",
+            "description": "Called after closing a threat composer file",
+            "metadata": [
+                {
+                    "type": "id",
+                    "required": true
+                }
+            ]
+        },
+        {
+            "name": "threatComposer_error",
+            "description": "Called after an error is thrown from the threat composer view",
+            "metadata": [
+                {
+                    "type": "id",
+                    "required": true
+                }
+            ]
         }
     ]
 }