golang
diff --git a/‎media/reset.css
Lines changed: 30 additions & 0 deletions b/‎media/reset.css
Lines changed: 30 additions & 0 deletions
diff --git a/‎media/vscode.css
Lines changed: 45 additions & 0 deletions b/‎media/vscode.css
Lines changed: 45 additions & 0 deletions
diff --git a/‎media/vulncheckView.css
Lines changed: 42 additions & 0 deletions b/‎media/vulncheckView.css
Lines changed: 42 additions & 0 deletions
diff --git a/‎media/vulncheckView.js
Lines changed: 175 additions & 0 deletions b/‎media/vulncheckView.js
Lines changed: 175 additions & 0 deletions
@@ -0,0 +1,30 @@
+/*---------------------------------------------------------
+ * Copyright 2022 The Go Authors. All rights reserved.
+ * Licensed under the MIT License. See LICENSE in the project root for license information.
+ *--------------------------------------------------------*/
+
+html {
+	box-sizing: border-box;
+	font-size: 13px;
+}
+
+*,
+*:before,
+*:after {
+	box-sizing: inherit;
+}
+
+body,
+h1,
+h2,
+h3,
+h4,
+h5,
+h6,
+p,
+ol,
+ul {
+	margin: 0;
+	padding: 0;
+	font-weight: normal;
+}
@@ -0,0 +1,45 @@
+/*---------------------------------------------------------
+ * Copyright 2022 The Go Authors. All rights reserved.
+ * Licensed under the MIT License. See LICENSE in the project root for license information.
+ *--------------------------------------------------------*/
+
+:root {
+	--container-paddding: 20px;
+	--input-padding-vertical: 6px;
+	--input-padding-horizontal: 4px;
+	--input-margin-vertical: 4px;
+	--input-margin-horizontal: 0;
+}
+
+body {
+	padding: 0 var(--container-paddding);
+	color: var(--vscode-foreground);
+	font-size: var(--vscode-font-size);
+	font-weight: var(--vscode-font-weight);
+	font-family: var(--vscode-font-family);
+	background-color: var(--vscode-editor-background);
+}
+
+body>*,
+form>* {
+	margin-block-start: var(--input-margin-vertical);
+	margin-block-end: var(--input-margin-vertical);
+}
+
+*:focus {
+	outline-color: var(--vscode-focusBorder) !important;
+}
+
+a {
+	color: var(--vscode-textLink-foreground);
+}
+
+a:hover,
+a:active {
+	color: var(--vscode-textLink-activeForeground);
+}
+
+code {
+	font-size: var(--vscode-editor-font-size);
+	font-family: var(--vscode-editor-font-family);
+}
@@ -0,0 +1,42 @@
+/*---------------------------------------------------------
+ * Copyright 2022 The Go Authors. All rights reserved.
+ * Licensed under the MIT License. See LICENSE in the project root for license information.
+ *--------------------------------------------------------*/
+
+.log {
+	font-weight: lighter;
+}
+
+.vuln {
+	text-align: left;
+	padding-bottom: 1em;
+}
+
+.vuln-desc {
+	padding-top: 0.5em;
+	padding-bottom: 0.5em;
+}
+
+.vuln-details {
+	padding-bottom: 0.5em;
+}
+
+details summary {
+	cursor: pointer;
+	position: relative;
+}
+
+details summary>* {
+	display: inline;
+	position: relative;
+}
+
+.stacks {
+	padding: 1em;
+}
+
+.stack {
+	padding: 1em;
+	font-size: var(--vscode-editor-font-size);
+	font-family: var(--vscode-editor-font-family);
+}
@@ -0,0 +1,175 @@
+/*---------------------------------------------------------
+ * Copyright 2022 The Go Authors. All rights reserved.
+ * Licensed under the MIT License. See LICENSE in the project root for license information.
+ *--------------------------------------------------------*/
+
+// Script for VulncheckResultViewProvider's webview.
+
+(function () {
+
+	// @ts-ignore
+	const vscode = acquireVsCodeApi();
+
+	const logContainer = /** @type {HTMLElement} */ (document.querySelector('.log'));
+	const vulnsContainer = /** @type {HTMLElement} */ (document.querySelector('.vulns'));
+
+	vulnsContainer.addEventListener('click', (event) => {
+		let node = event && event.target;
+		if (node?.tagName === 'A' && node.href) {
+			// Ask vscode to handle link opening.
+			vscode.postMessage({ type: 'open', target: node.href });
+			event.preventDefault();
+			event.stopPropagation();
+			return;
+		}
+	});
+
+	const errorContainer = document.createElement('div');
+	document.body.appendChild(errorContainer);
+	errorContainer.className = 'error'
+	errorContainer.style.display = 'none'
+
+	function moduleVersion(/** @type {string} */mod, /** @type {string|undefined} */ver) {
+		if (ver) {
+			return `<a href="https://pkg.go.dev/${mod}@${ver}">${mod}@${ver}</a>`;
+		}
+		return 'N/A'
+	}
+
+	function snapshotContent() {
+		return vulnsContainer.innerHTML;
+	}
+
+	/**
+	 * Render the document in the webview.
+	 */
+	function updateContent(/** @type {string} */ text = '{}') {
+		let json;
+		try {
+			json = JSON.parse(text);
+		} catch {
+			errorContainer.innerText = 'Error: Document is not valid json';
+			errorContainer.style.display = '';
+			return;
+		}
+		errorContainer.style.display = 'none';
+
+		logContainer.innerHTML = '';
+		const runLog = document.createElement('table');
+		const timeinfo = (startDate, durationMillisec) => {
+			if (!startDate) { return '' }
+			return durationMillisec ? `${startDate} (took ${durationMillisec} msec)` : `${startDate}`;
+		}
+
+		runLog.innerHTML = `
+<tr><td>Dir:</td><td>${json.Dir || ''}</td></tr>
+<tr><td>Pattern:</td><td>${json.Pattern || ''}</td></tr>
+<tr><td>Analyzed at:</td><td>${timeinfo(json.Start, json.Duration)}</td></tr>`;
+		logContainer.appendChild(runLog);
+
+		const vulns = json.Vuln || [];
+		vulnsContainer.innerHTML = '';
+
+		vulns.forEach((vuln) => {
+			const element = document.createElement('div');
+			element.className = 'vuln';
+			vulnsContainer.appendChild(element);
+
+			// TITLE - Vuln ID
+			const title = document.createElement('h2');
+			title.innerHTML = `<a href="${vuln.URL}">${vuln.ID}</a>`;
+			title.className = 'vuln-title';
+			element.appendChild(title);
+
+			// DESCRIPTION - short text (aliases)
+			const desc = document.createElement('p');
+			desc.innerHTML = Array.isArray(vuln.Aliases) && vuln.Aliases.length ? `${vuln.Details} (${vuln.Aliases.join(', ')})` : vuln.Details;
+			desc.className = 'vuln-desc';
+			element.appendChild(desc);
+
+			// DETAILS - dump of all details
+			const details = document.createElement('table');
+			details.className = 'vuln-details'
+			details.innerHTML = `
+			<tr><td>Package</td><td>${vuln.PkgPath}</td></tr>
+			<tr><td>Current Version</td><td>${moduleVersion(vuln.ModPath, vuln.CurrentVersion)}</td></tr>
+			<tr><td>Fixed Version</td><td>${moduleVersion(vuln.ModPath, vuln.FixedVersion)}</td></tr>
+			`;
+			element.appendChild(details);
+
+			/* TODO: Action for module version upgrade */
+			/* TODO: Explain module dependency - why am I depending on this vulnerable version? */
+
+			// EXEMPLARS - call stacks (initially hidden)
+			const examples = document.createElement('details');
+			examples.innerHTML = `<summary>${vuln.CallStackSummaries?.length || 0}+ findings</summary>`;
+
+			// Call stacks
+			const callstacksContainer = document.createElement('p');
+			callstacksContainer.className = 'stacks';
+			vuln.CallStackSummaries?.forEach((summary, idx) => {
+				const callstack = document.createElement('details');
+				const s = document.createElement('summary');
+				s.innerText = summary;
+				callstack.appendChild(s);
+
+				const stack = document.createElement('div');
+				stack.className = 'stack';
+				const cs = vuln.CallStacks[idx];
+				cs.forEach((c) => {
+					const p = document.createElement('p');
+					const pos = c.URI ? `${c.URI}?${c.Pos.line || 0}` : '';
+					p.innerHTML = pos ? `<a href="${pos}">${c.Name}</a>` : c.Name;
+					stack.appendChild(p);
+				});
+				callstack.appendChild(stack);
+
+				callstacksContainer.appendChild(callstack);
+			})
+
+			examples.appendChild(callstacksContainer);
+			element.appendChild(examples);
+		});
+	}
+
+	// Message Passing between Extension and Webview
+	//
+	//  Extension sends 'update' to Webview to trigger rerendering.
+	//  Webview sends 'link' to Extension to forward all link
+	//     click events so the extension can handle the event.
+	//
+	//  Extension sends 'snapshot-request' to trigger dumping
+	//     of the current DOM in the 'vulns' container.
+	//  Webview sends 'snapshot-result' to the extension
+	//     as the response to snapshot-request.
+
+	// Handle messages sent from the extension to the webview
+	window.addEventListener('message', event => {
+		const message = event.data; // The json data that the extension sent
+		switch (message.type) {
+			case 'update':
+				const text = message.text;
+
+				updateContent(text);
+				// Then persist state information.
+				// This state is returned in the call to `vscode.getState` below when a webview is reloaded.
+				vscode.setState({ text });
+				return;
+			// Message for testing. Returns a current DOM in a serialized format.
+			case 'snapshot-request':
+				const result = snapshotContent();
+				vscode.postMessage({ type: 'snapshot-result', target: result });
+				return;
+		}
+	});
+
+	// Webviews are normally torn down when not visible and re-created when they become visible again.
+	// State lets us save information across these re-loads
+	const state = vscode.getState();
+	if (state) {
+		updateContent(state.text);
+	};
+	// TODO: Handle 'details' expansion info and store the state using
+	// vscode.setState or retainContextWhenHidden. Currently, we are storing only
+	// the document text. (see windowEventHandler)
+}());