Merge master into feature/auto-debug

Author: aws-toolkit-automation

packages/amazonq/src/lsp/chat/messages.ts

@@ -732,7 +732,11 @@ async function handlePartialResult<T extends ChatResult>(
     // This is to filter out the message containing findings from CodeReview tool to update CodeIssues panel
     decryptedMessage.additionalMessages = decryptedMessage.additionalMessages?.filter(
         (message) =>
-            !(message.messageId !== undefined && message.messageId.endsWith(CodeWhispererConstants.findingsSuffix))
+            !(
+                message.messageId !== undefined &&
+                (message.messageId.endsWith(CodeWhispererConstants.codeReviewFindingsSuffix) ||
+                    message.messageId.endsWith(CodeWhispererConstants.displayFindingsSuffix))
+            )
     )
 
     if (decryptedMessage.body !== undefined) {
@@ -784,7 +788,11 @@ async function handleSecurityFindings(
     }
     for (let i = decryptedMessage.additionalMessages.length - 1; i >= 0; i--) {
         const message = decryptedMessage.additionalMessages[i]
-        if (message.messageId !== undefined && message.messageId.endsWith(CodeWhispererConstants.findingsSuffix)) {
+        if (
+            message.messageId !== undefined &&
+            (message.messageId.endsWith(CodeWhispererConstants.codeReviewFindingsSuffix) ||
+                message.messageId.endsWith(CodeWhispererConstants.displayFindingsSuffix))
+        ) {
             if (message.body !== undefined) {
                 try {
                     const aggregatedCodeScanIssues: AggregatedCodeScanIssue[] = JSON.parse(message.body)
@@ -803,7 +811,12 @@ async function handleSecurityFindings(
                             issue.visible = !isIssueTitleIgnored && !isSingleIssueIgnored
                         }
                     }
-                    initSecurityScanRender(aggregatedCodeScanIssues, undefined, CodeAnalysisScope.PROJECT)
+                    initSecurityScanRender(
+                        aggregatedCodeScanIssues,
+                        undefined,
+                        CodeAnalysisScope.AGENTIC,
+                        message.messageId.endsWith(CodeWhispererConstants.codeReviewFindingsSuffix)
+                    )
                     SecurityIssueTreeViewProvider.focus()
                 } catch (e) {
                     languageClient.info('Failed to parse findings')

packages/amazonq/src/lsp/client.ts

@@ -183,6 +183,8 @@ export async function startLanguageServer(
                         modelSelection: true,
                         workspaceFilePath: vscode.workspace.workspaceFile?.fsPath,
                         codeReviewInChat: codeReviewInChat,
+                        // feature flag for displaying findings found not through CodeReview in the Code Issues Panel
+                        displayFindings: true,
                     },
                     window: {
                         notifications: true,

packages/core/src/codewhisperer/commands/startSecurityScan.ts

@@ -108,6 +108,9 @@ export async function startSecurityScan(
     zipUtil: ZipUtil = new ZipUtil(),
     scanUuid?: string
 ) {
+    if (scope === CodeAnalysisScope.AGENTIC) {
+        throw new CreateCodeScanFailedError('Cannot use Agentic scope')
+    }
     const profile = AuthUtil.instance.regionProfileManager.activeRegionProfile
     const logger = getLoggerForScope(scope)
     /**

packages/core/src/codewhisperer/models/constants.ts

@@ -841,6 +841,7 @@ export enum CodeAnalysisScope {
     FILE_AUTO = 'FILE_AUTO',
     FILE_ON_DEMAND = 'FILE_ON_DEMAND',
     PROJECT = 'PROJECT',
+    AGENTIC = 'AGENTIC',
 }
 
 export enum TestGenerationJobStatus {
@@ -907,4 +908,7 @@ export const predictionTrackerDefaultConfig = {
     maxSupplementalContext: 15,
 }
 
-export const findingsSuffix = '_codeReviewFindings'
+export const codeReviewFindingsSuffix = '_codeReviewFindings'
+export const displayFindingsSuffix = '_displayFindings'
+
+export const displayFindingsDetectorName = 'DisplayFindings'

packages/core/src/codewhisperer/service/diagnosticsProvider.ts

@@ -26,8 +26,13 @@ export const securityScanRender: SecurityScanRender = {
 export function initSecurityScanRender(
     securityRecommendationList: AggregatedCodeScanIssue[],
     editor: vscode.TextEditor | undefined,
-    scope: CodeAnalysisScope
+    scope: CodeAnalysisScope,
+    fromQCA: boolean = true
 ) {
+    // fromQCA parameter is used to determine if the findings are coming from QCA or from displayFindings tool.
+    // if the incoming findings are from QCA review, then keep only existing findings from displayFindings
+    // if the incoming findings are not from QCA review, then keep only the existing QCA findings
+    securityScanRender.securityDiagnosticCollection = createSecurityDiagnosticCollection()
     securityScanRender.initialized = false
     if (scope === CodeAnalysisScope.FILE_ON_DEMAND && editor) {
         securityScanRender.securityDiagnosticCollection?.delete(editor.document.uri)
@@ -36,22 +41,20 @@ export function initSecurityScanRender(
     }
     for (const securityRecommendation of securityRecommendationList) {
         updateSecurityDiagnosticCollection(securityRecommendation)
-        updateSecurityIssuesForProviders(securityRecommendation, scope === CodeAnalysisScope.FILE_AUTO)
+        updateSecurityIssuesForProviders(securityRecommendation, scope === CodeAnalysisScope.FILE_AUTO, fromQCA)
     }
     securityScanRender.initialized = true
 }
 
-function updateSecurityIssuesForProviders(securityRecommendation: AggregatedCodeScanIssue, isAutoScope?: boolean) {
+function updateSecurityIssuesForProviders(
+    securityRecommendation: AggregatedCodeScanIssue,
+    isAutoScope?: boolean,
+    fromQCA: boolean = true
+) {
     if (isAutoScope) {
         SecurityIssueProvider.instance.mergeIssues(securityRecommendation)
     } else {
-        const updatedSecurityRecommendationList = [
-            ...SecurityIssueProvider.instance.issues.filter(
-                (group) => group.filePath !== securityRecommendation.filePath
-            ),
-            securityRecommendation,
-        ]
-        SecurityIssueProvider.instance.issues = updatedSecurityRecommendationList
+        SecurityIssueProvider.instance.mergeIssuesDisplayFindings(securityRecommendation, fromQCA)
     }
     SecurityIssueTreeViewProvider.instance.refresh()
 }

packages/core/src/codewhisperer/service/securityIssueProvider.ts

@@ -6,6 +6,7 @@
 import * as vscode from 'vscode'
 import { AggregatedCodeScanIssue, CodeScanIssue, SuggestedFix } from '../models/model'
 import { randomUUID } from '../../shared/crypto'
+import { displayFindingsDetectorName } from '../models/constants'
 
 export class SecurityIssueProvider {
     static #instance: SecurityIssueProvider
@@ -161,6 +162,30 @@ export class SecurityIssueProvider {
         )
     }
 
+    public mergeIssuesDisplayFindings(newIssues: AggregatedCodeScanIssue, fromQCA: boolean) {
+        const existingGroup = this._issues.find((group) => group.filePath === newIssues.filePath)
+        if (!existingGroup) {
+            this._issues.push(newIssues)
+            return
+        }
+
+        this._issues = this._issues.map((group) =>
+            group.filePath !== newIssues.filePath
+                ? group
+                : {
+                      ...group,
+                      issues: [
+                          ...group.issues.filter(
+                              // if the incoming findings are from QCA review, then keep only existing findings from displayFindings
+                              // if the incoming findings are not from QCA review, then keep only the existing QCA findings
+                              (issue) => fromQCA === (issue.detectorName === displayFindingsDetectorName)
+                          ),
+                          ...newIssues.issues,
+                      ],
+                  }
+        )
+    }
+
     private isExistingIssue(issue: CodeScanIssue, filePath: string) {
         return this._issues
             .find((group) => group.filePath === filePath)

packages/core/src/test/codewhisperer/mergeIssuesDisplayFindings.test.ts

@@ -0,0 +1,88 @@
+/*!
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import assert from 'assert'
+import { SecurityIssueProvider } from '../../codewhisperer/service/securityIssueProvider'
+import { createCodeScanIssue } from './testUtil'
+import { displayFindingsDetectorName } from '../../codewhisperer/models/constants'
+import { AggregatedCodeScanIssue } from '../../codewhisperer/models/model'
+
+describe('mergeIssuesDisplayFindings', () => {
+    let provider: SecurityIssueProvider
+    const testFilePath = '/test/file.py'
+
+    beforeEach(() => {
+        provider = Object.create(SecurityIssueProvider.prototype)
+        provider.issues = []
+    })
+
+    it('should add new issues when no existing group', () => {
+        const newIssues: AggregatedCodeScanIssue = {
+            filePath: testFilePath,
+            issues: [createCodeScanIssue({ findingId: 'new-1' })],
+        }
+
+        provider.mergeIssuesDisplayFindings(newIssues, true)
+
+        assert.strictEqual(provider.issues.length, 1)
+        assert.strictEqual(provider.issues[0].filePath, testFilePath)
+        assert.strictEqual(provider.issues[0].issues.length, 1)
+        assert.strictEqual(provider.issues[0].issues[0].findingId, 'new-1')
+    })
+
+    it('should keep displayFindings when fromQCA is true', () => {
+        provider.issues = [
+            {
+                filePath: testFilePath,
+                issues: [
+                    createCodeScanIssue({ findingId: 'qca-1', detectorName: 'QCA-detector' }),
+                    createCodeScanIssue({ findingId: 'display-1', detectorName: displayFindingsDetectorName }),
+                ],
+            },
+        ]
+
+        const newIssues: AggregatedCodeScanIssue = {
+            filePath: testFilePath,
+            issues: [createCodeScanIssue({ findingId: 'new-qca-1', detectorName: 'QCA-detector' })],
+        }
+
+        provider.mergeIssuesDisplayFindings(newIssues, true)
+
+        assert.strictEqual(provider.issues.length, 1)
+        assert.strictEqual(provider.issues[0].issues.length, 2)
+
+        const findingIds = provider.issues[0].issues.map((issue) => issue.findingId)
+        assert.ok(findingIds.includes('display-1'))
+        assert.ok(findingIds.includes('new-qca-1'))
+        assert.ok(!findingIds.includes('qca-1'))
+    })
+
+    it('should keep QCA findings when fromQCA is false', () => {
+        provider.issues = [
+            {
+                filePath: testFilePath,
+                issues: [
+                    createCodeScanIssue({ findingId: 'qca-1', detectorName: 'QCA-detector' }),
+                    createCodeScanIssue({ findingId: 'display-1', detectorName: displayFindingsDetectorName }),
+                ],
+            },
+        ]
+
+        const newIssues: AggregatedCodeScanIssue = {
+            filePath: testFilePath,
+            issues: [createCodeScanIssue({ findingId: 'new-display-1', detectorName: displayFindingsDetectorName })],
+        }
+
+        provider.mergeIssuesDisplayFindings(newIssues, false)
+
+        assert.strictEqual(provider.issues.length, 1)
+        assert.strictEqual(provider.issues[0].issues.length, 2)
+
+        const findingIds = provider.issues[0].issues.map((issue) => issue.findingId)
+        assert.ok(findingIds.includes('qca-1'))
+        assert.ok(findingIds.includes('new-display-1'))
+        assert.ok(!findingIds.includes('display-1'))
+    })
+})