feat(amazonq): multi-root workspace support #4948

Problem
Security scans don't work for multi-root workspaces.

Solution
- Gather all open workspace folders for security scan payload instead of from the active file
- Since we no longer require the active file, remove the requirement of having a file open to run scans

Author: ctlai95

packages/amazonq/.changes/next-release/Feature-98fc029d-ac6f-43c6-b168-fb37bb077c14.json

@@ -0,0 +1,4 @@
+{
+	"type": "Feature",
+	"description": "Security Scan: Scans can now be run without an open editor"
+}

packages/amazonq/.changes/next-release/Feature-b7c62308-5e6e-4aeb-9dc8-ec8a5137dfb7.json

@@ -0,0 +1,4 @@
+{
+	"type": "Feature",
+	"description": "Security Scan: Multi-root workspace support"
+}

packages/core/src/codewhisperer/commands/basicCommands.ts

@@ -33,7 +33,6 @@ import { FeatureConfigProvider } from '../service/featureConfigProvider'
 import { TelemetryHelper } from '../util/telemetryHelper'
 import { Auth, AwsConnection } from '../../auth'
 import { once } from '../../shared/utilities/functionUtils'
-import { isTextEditor } from '../../shared/utilities/editorUtilities'
 import { focusAmazonQPanel } from '../../codewhispererChat/commands/registerCommands'
 import { removeDiagnostic } from '../service/diagnosticsProvider'
 import { SecurityIssueHoverProvider } from '../service/securityIssueHoverProvider'
@@ -117,26 +116,16 @@ export const showSecurityScan = Commands.declare(
             if (AuthUtil.instance.isConnectionExpired()) {
                 await AuthUtil.instance.notifyReauthenticate()
             }
-            const editor = vscode.window.activeTextEditor
-            if (editor && isTextEditor(editor)) {
-                if (codeScanState.isNotStarted()) {
-                    // User intends to start as "Start Security Scan" is shown in the explorer tree
-                    codeScanState.setToRunning()
-                    void startSecurityScanWithProgress(
-                        securityPanelViewProvider,
-                        editor,
-                        client,
-                        context.extensionContext
-                    )
-                } else if (codeScanState.isRunning()) {
-                    // User intends to stop as "Stop Security Scan" is shown in the explorer tree
-                    // Cancel only when the code scan state is "Running"
-                    await confirmStopSecurityScan()
-                }
-                vsCodeState.isFreeTierLimitReached = false
-            } else {
-                void vscode.window.showInformationMessage('Open a valid file to scan.')
+            if (codeScanState.isNotStarted()) {
+                // User intends to start as "Start Security Scan" is shown in the explorer tree
+                codeScanState.setToRunning()
+                void startSecurityScanWithProgress(securityPanelViewProvider, client, context.extensionContext)
+            } else if (codeScanState.isRunning()) {
+                // User intends to stop as "Stop Security Scan" is shown in the explorer tree
+                // Cancel only when the code scan state is "Running"
+                await confirmStopSecurityScan()
             }
+            vsCodeState.isFreeTierLimitReached = false
         }
 )
 

packages/core/src/codewhisperer/commands/startSecurityScan.ts

@@ -29,7 +29,6 @@ import {
     CodeScanTelemetryEntry,
 } from '../models/model'
 import { cancel, ok } from '../../shared/localizedText'
-import { getFileExt } from '../util/commonUtil'
 import { getDirSize } from '../../shared/filesystemUtilities'
 import { telemetry } from '../../shared/telemetry/telemetry'
 import { isAwsError } from '../../shared/errors'
@@ -63,7 +62,6 @@ const getLogOutputChan = once(() => {
 
 export function startSecurityScanWithProgress(
     securityPanelViewProvider: SecurityPanelViewProvider,
-    editor: vscode.TextEditor,
     client: DefaultCodeWhispererClient,
     context: vscode.ExtensionContext
 ) {
@@ -76,7 +74,7 @@ export function startSecurityScanWithProgress(
         async () => {
             await startSecurityScan(
                 securityPanelViewProvider,
-                editor,
+                undefined,
                 client,
                 context,
                 CodeWhispererConstants.CodeAnalysisScope.PROJECT
@@ -92,7 +90,7 @@ export const debounceStartSecurityScan = debounce(
 
 export async function startSecurityScan(
     securityPanelViewProvider: SecurityPanelViewProvider,
-    editor: vscode.TextEditor,
+    editor: vscode.TextEditor | undefined,
     client: DefaultCodeWhispererClient,
     context: vscode.ExtensionContext,
     scope: CodeWhispererConstants.CodeAnalysisScope
@@ -107,10 +105,12 @@ export async function startSecurityScan(
     }
     let serviceInvocationStartTime = 0
     const codeScanTelemetryEntry: CodeScanTelemetryEntry = {
-        codewhispererLanguage: runtimeLanguageContext.getLanguageContext(
-            editor.document.languageId,
-            path.extname(editor.document.fileName)
-        ).language,
+        codewhispererLanguage: editor
+            ? runtimeLanguageContext.getLanguageContext(
+                  editor.document.languageId,
+                  path.extname(editor.document.fileName)
+              ).language
+            : 'plaintext',
         codewhispererCodeScanSrcPayloadBytes: 0,
         codewhispererCodeScanSrcZipFileBytes: 0,
         codewhispererCodeScanLines: 0,
@@ -131,8 +131,8 @@ export async function startSecurityScan(
          */
         throwIfCancelled(scope, codeScanStartTime)
         const zipUtil = new ZipUtil()
-        const zipMetadata = await zipUtil.generateZip(editor.document.uri, scope)
-        const projectPath = zipUtil.getProjectPath(editor.document.uri)
+        const zipMetadata = await zipUtil.generateZip(editor?.document.uri, scope)
+        const projectPaths = zipUtil.getProjectPaths()
 
         const contextTruncationStartTime = performance.now()
         codeScanTelemetryEntry.contextTruncationDuration = performance.now() - contextTruncationStartTime
@@ -195,7 +195,7 @@ export async function startSecurityScan(
             client,
             scanJob.jobId,
             CodeWhispererConstants.codeScanFindingsSchema,
-            projectPath,
+            projectPaths,
             scope
         )
         const { total, withFixes } = securityRecommendationCollection.reduce(
@@ -250,14 +250,14 @@ export async function startSecurityScan(
         codeScanState.setToNotStarted()
         codeScanTelemetryEntry.duration = performance.now() - codeScanStartTime
         codeScanTelemetryEntry.codeScanServiceInvocationsDuration = performance.now() - serviceInvocationStartTime
-        await emitCodeScanTelemetry(editor, codeScanTelemetryEntry)
+        await emitCodeScanTelemetry(codeScanTelemetryEntry)
     }
 }
 
 export function showSecurityScanResults(
     securityPanelViewProvider: SecurityPanelViewProvider,
     securityRecommendationCollection: AggregatedCodeScanIssue[],
-    editor: vscode.TextEditor,
+    editor: vscode.TextEditor | undefined,
     context: vscode.ExtensionContext,
     scope: CodeWhispererConstants.CodeAnalysisScope,
     zipMetadata: ZipMetadata,
@@ -278,18 +278,15 @@ export function showSecurityScanResults(
     }
 }
 
-export async function emitCodeScanTelemetry(editor: vscode.TextEditor, codeScanTelemetryEntry: CodeScanTelemetryEntry) {
-    const uri = editor.document.uri
-    const workspaceFolder = vscode.workspace.getWorkspaceFolder(uri)
-    const fileExt = getFileExt(editor.document.languageId)
-    if (workspaceFolder !== undefined && fileExt !== undefined) {
-        const projectSize = await getDirSize(
-            workspaceFolder.uri.fsPath,
-            performance.now(),
-            CodeWhispererConstants.projectSizeCalculateTimeoutSeconds * 1000,
-            fileExt
+export async function emitCodeScanTelemetry(codeScanTelemetryEntry: CodeScanTelemetryEntry) {
+    codeScanTelemetryEntry.codewhispererCodeScanProjectBytes = 0
+    const now = performance.now()
+    for (const folder of vscode.workspace.workspaceFolders ?? []) {
+        codeScanTelemetryEntry.codewhispererCodeScanProjectBytes += await getDirSize(
+            folder.uri.fsPath,
+            now,
+            CodeWhispererConstants.projectSizeCalculateTimeoutSeconds * 1000
         )
-        codeScanTelemetryEntry.codewhispererCodeScanProjectBytes = projectSize
     }
     telemetry.codewhisperer_securityScan.emit({
         ...codeScanTelemetryEntry,

packages/core/src/codewhisperer/service/diagnosticsProvider.ts

@@ -22,11 +22,11 @@ export const securityScanRender: SecurityScanRender = {
 export function initSecurityScanRender(
     securityRecommendationList: AggregatedCodeScanIssue[],
     context: vscode.ExtensionContext,
-    editor: vscode.TextEditor,
+    editor: vscode.TextEditor | undefined,
     scope: CodeAnalysisScope
 ) {
     securityScanRender.initialized = false
-    if (scope === CodeAnalysisScope.FILE) {
+    if (scope === CodeAnalysisScope.FILE && editor) {
         securityScanRender.securityDiagnosticCollection?.delete(editor.document.uri)
     } else if (scope === CodeAnalysisScope.PROJECT) {
         securityScanRender.securityDiagnosticCollection?.clear()

packages/core/src/codewhisperer/service/securityScanHandler.ts

@@ -29,7 +29,7 @@ export async function listScanResults(
     client: DefaultCodeWhispererClient,
     jobId: string,
     codeScanFindingsSchema: string,
-    projectPath: string,
+    projectPaths: string[],
     scope: CodeWhispererConstants.CodeAnalysisScope
 ) {
     const logger = getLoggerForScope(scope)
@@ -51,30 +51,32 @@ export async function listScanResults(
         mapToAggregatedList(codeScanIssueMap, issue)
     })
     codeScanIssueMap.forEach((issues, key) => {
-        const filePath = path.join(projectPath, '..', key)
-        if (existsSync(filePath) && statSync(filePath).isFile()) {
-            const aggregatedCodeScanIssue: AggregatedCodeScanIssue = {
-                filePath: filePath,
-                issues: issues.map(issue => {
-                    return {
-                        startLine: issue.startLine - 1 >= 0 ? issue.startLine - 1 : 0,
-                        endLine: issue.endLine,
-                        comment: `${issue.title.trim()}: ${issue.description.text.trim()}`,
-                        title: issue.title,
-                        description: issue.description,
-                        detectorId: issue.detectorId,
-                        detectorName: issue.detectorName,
-                        findingId: issue.findingId,
-                        ruleId: issue.ruleId,
-                        relatedVulnerabilities: issue.relatedVulnerabilities,
-                        severity: issue.severity,
-                        recommendation: issue.remediation.recommendation,
-                        suggestedFixes: issue.remediation.suggestedFixes,
-                    }
-                }),
+        projectPaths.forEach(projectPath => {
+            const filePath = path.join(projectPath, '..', key)
+            if (existsSync(filePath) && statSync(filePath).isFile()) {
+                const aggregatedCodeScanIssue: AggregatedCodeScanIssue = {
+                    filePath: filePath,
+                    issues: issues.map(issue => {
+                        return {
+                            startLine: issue.startLine - 1 >= 0 ? issue.startLine - 1 : 0,
+                            endLine: issue.endLine,
+                            comment: `${issue.title.trim()}: ${issue.description.text.trim()}`,
+                            title: issue.title,
+                            description: issue.description,
+                            detectorId: issue.detectorId,
+                            detectorName: issue.detectorName,
+                            findingId: issue.findingId,
+                            ruleId: issue.ruleId,
+                            relatedVulnerabilities: issue.relatedVulnerabilities,
+                            severity: issue.severity,
+                            recommendation: issue.remediation.recommendation,
+                            suggestedFixes: issue.remediation.suggestedFixes,
+                        }
+                    }),
+                }
+                aggregatedCodeScanIssueList.push(aggregatedCodeScanIssue)
             }
-            aggregatedCodeScanIssueList.push(aggregatedCodeScanIssue)
-        }
+        })
     })
     return aggregatedCodeScanIssueList
 }

packages/core/src/codewhisperer/util/zipUtil.ts

@@ -14,6 +14,7 @@ import { collectFiles } from '../../amazonqFeatureDev/util/files'
 import { getLoggerForScope } from '../service/securityScanHandler'
 import { runtimeLanguageContext } from './runtimeLanguageContext'
 import { CodewhispererLanguage } from '../../shared/telemetry/telemetry.gen'
+import { CurrentWsFolders } from '../../amazonqFeatureDev/types'
 
 export interface ZipMetadata {
     rootDir: string
@@ -53,21 +54,12 @@ export class ZipUtil {
         return CodeWhispererConstants.projectScanPayloadSizeLimitBytes
     }
 
-    public getProjectName(uri: vscode.Uri) {
-        const projectPath = this.getProjectPath(uri)
-        return path.basename(projectPath)
-    }
-
-    public getProjectPath(uri: vscode.Uri) {
-        const workspaceFolder = vscode.workspace.getWorkspaceFolder(uri)
-        if (workspaceFolder === undefined) {
-            return this.getBaseDirPath(uri)
+    public getProjectPaths() {
+        const workspaceFolders = vscode.workspace.workspaceFolders
+        if (!workspaceFolders || workspaceFolders.length === 0) {
+            throw Error('No workspace folders found')
         }
-        return workspaceFolder.uri.fsPath
-    }
-
-    protected getBaseDirPath(uri: vscode.Uri) {
-        return path.dirname(uri.fsPath)
+        return workspaceFolders.map(folder => folder.uri.fsPath)
     }
 
     protected async getTextContent(uri: vscode.Uri) {
@@ -93,12 +85,22 @@ export class ZipUtil {
         return willReachLimit
     }
 
-    protected async zipFile(uri: vscode.Uri) {
+    protected async zipFile(uri: vscode.Uri | undefined) {
+        if (!uri) {
+            throw Error('Uri is undefined')
+        }
         const zip = new admZip()
 
         const content = await this.getTextContent(uri)
 
-        zip.addFile(this.getZipPath(uri), Buffer.from(content, 'utf-8'))
+        const workspaceFolder = vscode.workspace.getWorkspaceFolder(uri)
+        if (!workspaceFolder) {
+            throw Error('No workspace folder found')
+        }
+        const projectName = workspaceFolder.name
+        const relativePath = vscode.workspace.asRelativePath(uri)
+        const zipEntryPath = this.getZipEntryPath(projectName, relativePath)
+        zip.addFile(zipEntryPath, Buffer.from(content, 'utf-8'))
 
         this._pickedSourceFiles.add(uri.fsPath)
         this._totalSize += (await fsCommon.stat(uri.fsPath)).size
@@ -113,16 +115,19 @@ export class ZipUtil {
         return zipFilePath
     }
 
-    protected async zipProject(uri: vscode.Uri) {
+    protected getZipEntryPath(projectName: string, relativePath: string) {
+        // Workspaces with multiple folders have the folder names as the root folder,
+        // but workspaces with only a single folder don't. So prepend the workspace folder name
+        // if it is not present.
+        return relativePath.split('/').shift() === projectName ? relativePath : path.join(projectName, relativePath)
+    }
+
+    protected async zipProject() {
         const zip = new admZip()
 
-        const projectPath = this.getProjectPath(uri)
-        const workspaceFolder = vscode.workspace.getWorkspaceFolder(uri)
-        if (!workspaceFolder) {
-            throw Error('No workspace folder found')
-        }
+        const projectPaths = this.getProjectPaths()
 
-        const files = await collectFiles([projectPath], [workspaceFolder])
+        const files = await collectFiles(projectPaths, vscode.workspace.workspaceFolders as CurrentWsFolders)
         const languageCount = new Map<CodewhispererLanguage, number>()
         for (const file of files) {
             const isFileOpenAndDirty = this.isFileOpenAndDirty(file.fileUri)
@@ -151,10 +156,12 @@ export class ZipUtil {
                 }
             }
 
+            const zipEntryPath = this.getZipEntryPath(file.workspaceFolder.name, file.zipFilePath)
+
             if (isFileOpenAndDirty) {
-                zip.addFile(this.getZipPath(file.fileUri), Buffer.from(fileContent, 'utf-8'))
+                zip.addFile(zipEntryPath, Buffer.from(fileContent, 'utf-8'))
             } else {
-                zip.addLocalFile(file.fileUri.fsPath, path.dirname(this.getZipPath(file.fileUri)))
+                zip.addLocalFile(file.fileUri.fsPath, path.dirname(zipEntryPath))
             }
         }
 
@@ -171,12 +178,6 @@ export class ZipUtil {
         return vscode.workspace.textDocuments.some(document => document.uri.fsPath === uri.fsPath && document.isDirty)
     }
 
-    protected getZipPath(uri: vscode.Uri) {
-        const projectName = this.getProjectName(uri)
-        const relativePath = vscode.workspace.asRelativePath(uri)
-        return path.join(projectName, relativePath)
-    }
-
     protected getZipDirPath(): string {
         if (this._zipDir === '') {
             this._zipDir = path.join(
@@ -187,14 +188,17 @@ export class ZipUtil {
         return this._zipDir
     }
 
-    public async generateZip(uri: vscode.Uri, scope: CodeWhispererConstants.CodeAnalysisScope): Promise<ZipMetadata> {
+    public async generateZip(
+        uri: vscode.Uri | undefined,
+        scope: CodeWhispererConstants.CodeAnalysisScope
+    ): Promise<ZipMetadata> {
         try {
             const zipDirPath = this.getZipDirPath()
             let zipFilePath: string
             if (scope === CodeWhispererConstants.CodeAnalysisScope.FILE) {
                 zipFilePath = await this.zipFile(uri)
             } else if (scope === CodeWhispererConstants.CodeAnalysisScope.PROJECT) {
-                zipFilePath = await this.zipProject(uri)
+                zipFilePath = await this.zipProject()
             } else {
                 throw new ToolkitError(`Unknown code analysis scope: ${scope}`)
             }