Merge master into feature/emr

aws-toolkit-automation · web-flow · commit bedea64c16a3 · 2024-09-24T13:18:08.000-07:00
diff --git a/packages/amazonq/.changes/next-release/Bug Fix-385bc912-dc06-4b16-91ae-47fa1c586367.json b/packages/amazonq/.changes/next-release/Bug Fix-385bc912-dc06-4b16-91ae-47fa1c586367.json
@@ -0,0 +1,4 @@
+{
+	"type": "Bug Fix",
+	"description": "Security Scan: Fixes an issue that incorrectly removes hardcoded credentials detections from auto scans."
+}
diff --git a/packages/amazonq/test/unit/codewhisperer/service/securityScanHandler.test.ts b/packages/amazonq/test/unit/codewhisperer/service/securityScanHandler.test.ts
@@ -180,5 +180,24 @@ describe('securityScanHandler', function () {
             assert.equal(codeScanIssueMap.size, 1)
             assert.equal(codeScanIssueMap.get('file1.ts')?.length, 2)
         })
+
+        it('should handle issue filtering with redacted code', () => {
+            const json = JSON.stringify([
+                {
+                    filePath: 'file1.ts',
+                    startLine: 1,
+                    endLine: 2,
+                    codeSnippet: [
+                        { number: 1, content: '**** *' },
+                        { number: 2, content: '**** *' },
+                    ],
+                },
+                { filePath: 'file1.ts', startLine: 3, endLine: 3, codeSnippet: [{ number: 3, content: '**** **' }] },
+            ])
+
+            mapToAggregatedList(codeScanIssueMap, json, editor, CodeAnalysisScope.FILE)
+            assert.strictEqual(codeScanIssueMap.size, 1)
+            assert.strictEqual(codeScanIssueMap.get('file1.ts')?.length, 1)
+        })
     })
 })
diff --git a/packages/core/src/codewhisperer/service/securityScanHandler.ts b/packages/core/src/codewhisperer/service/securityScanHandler.ts
@@ -123,8 +123,11 @@ export function mapToAggregatedList(
             for (let lineNumber = issue.startLine; lineNumber <= issue.endLine; lineNumber++) {
                 const line = editor.document.lineAt(lineNumber - 1)?.text
                 const codeContent = issue.codeSnippet.find((codeIssue) => codeIssue.number === lineNumber)?.content
-                if (line !== codeContent) {
-                    return false
+                if (codeContent?.includes('***')) {
+                    // CodeSnippet contains redacted code so we can't do a direct comparison
+                    return line.length === codeContent.length
+                } else {
+                    return line === codeContent
                 }
             }
         }

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +{
 +	"type": "Bug Fix",
 +	"description": "Security Scan: Fixes an issue that incorrectly removes hardcoded credentials detections from auto scans."
 +}
Original file line number	Diff line number	Diff line change
`@@ -123,8 +123,11 @@ export function mapToAggregatedList(`
`123`	`123`	`for (let lineNumber = issue.startLine; lineNumber <= issue.endLine; lineNumber++) {`
`124`	`124`	`const line = editor.document.lineAt(lineNumber - 1)?.text`
`125`	`125`	`const codeContent = issue.codeSnippet.find((codeIssue) => codeIssue.number === lineNumber)?.content`
`126`		`- if (line !== codeContent) {`
`127`		`- return false`
	`126`	`+ if (codeContent?.includes('***')) {`
	`127`	`+ // CodeSnippet contains redacted code so we can't do a direct comparison`
	`128`	`+ return line.length === codeContent.length`
	`129`	`+ } else {`
	`130`	`+ return line === codeContent`
`128`	`131`	`}`
`129`	`132`	`}`
`130`	`133`	`}`