fix(amazonq auto scan): spurious yellow lines in editor aws#5237

Problem:
- If user triggers a scan and modifies the code in the editor, the security
  issue shows yellow squiggle lines at different place in the editor.

Solution:
- Compare the existing code diff from editor with the codeSnippet from response.
  If match, show the issue to the user, else drop the suggestion.
- Implemented only for Auto-Scans.

Author: laileni-aws

packages/amazonq/.changes/next-release/Bug Fix-1d265af0-c75a-4d66-8bbf-16e9134050f4.json

@@ -0,0 +1,4 @@
+{
+	"type": "Bug Fix",
+	"description": "Amazon Q Security Scans: Fixed unnecessary yellow lines appearing in both auto scans and project scans."
+}

packages/amazonq/test/unit/codewhisperer/service/securityScanHandler.test.ts

@@ -10,11 +10,14 @@ import {
     CodeAnalysisScope,
     RawCodeScanIssue,
     listScanResults,
+    mapToAggregatedList,
     DefaultCodeWhispererClient,
     ListCodeScanFindingsResponse,
+    CodeWhispererConstants,
 } from 'aws-core-vscode/codewhisperer'
 import assert from 'assert'
 import sinon from 'sinon'
+import * as vscode from 'vscode'
 import fs from 'fs'
 
 const mockCodeScanFindings = JSON.stringify([
@@ -39,6 +42,7 @@ const mockCodeScanFindings = JSON.stringify([
             },
             suggestedFixes: [],
         },
+        codeSnippet: [],
     } satisfies RawCodeScanIssue,
 ])
 
@@ -85,7 +89,8 @@ describe('securityScanHandler', function () {
                 'jobId',
                 'codeScanFindingsSchema',
                 ['projectPath'],
-                CodeAnalysisScope.PROJECT
+                CodeAnalysisScope.PROJECT,
+                undefined
             )
 
             assert.equal(aggregatedCodeScanIssueList.length, 2)
@@ -107,11 +112,74 @@ describe('securityScanHandler', function () {
                 'jobId',
                 'codeScanFindingsSchema',
                 ['projectPath'],
-                CodeAnalysisScope.PROJECT
+                CodeAnalysisScope.PROJECT,
+                undefined
             )
 
             assert.equal(aggregatedCodeScanIssueList.length, 2)
             assert.equal(aggregatedCodeScanIssueList[0].issues.length, 3)
         })
     })
+
+    describe('mapToAggregatedList', () => {
+        let codeScanIssueMap: Map<string, RawCodeScanIssue[]>
+        let editor: vscode.TextEditor | undefined
+
+        beforeEach(() => {
+            codeScanIssueMap = new Map()
+            editor = {
+                document: {
+                    lineAt: (lineNumber: number): vscode.TextLine => ({
+                        lineNumber: lineNumber + 1,
+                        range: new vscode.Range(0, 0, 0, 0),
+                        rangeIncludingLineBreak: new vscode.Range(0, 0, 0, 0),
+                        firstNonWhitespaceCharacterIndex: 0,
+                        isEmptyOrWhitespace: false,
+                        text: `line ${lineNumber + 1}`,
+                    }),
+                },
+            } as vscode.TextEditor
+        })
+
+        it('should aggregate issues by file path', () => {
+            const json = JSON.stringify([
+                {
+                    filePath: 'file1.ts',
+                    startLine: 1,
+                    endLine: 2,
+                    codeSnippet: [
+                        { number: 1, content: 'line 1' },
+                        { number: 2, content: 'line 2' },
+                    ],
+                },
+                { filePath: 'file2.ts', startLine: 1, endLine: 1, codeSnippet: [{ number: 1, content: 'line 1' }] },
+            ])
+
+            mapToAggregatedList(codeScanIssueMap, json, editor, CodeWhispererConstants.CodeAnalysisScope.FILE)
+
+            assert.equal(codeScanIssueMap.size, 2)
+            assert.equal(codeScanIssueMap.get('file1.ts')?.length, 1)
+            assert.equal(codeScanIssueMap.get('file2.ts')?.length, 1)
+        })
+
+        it('should filter issues based on the scope', () => {
+            const json = JSON.stringify([
+                {
+                    filePath: 'file1.ts',
+                    startLine: 1,
+                    endLine: 2,
+                    codeSnippet: [
+                        { number: 1, content: 'line 1' },
+                        { number: 2, content: 'line 2' },
+                    ],
+                },
+                { filePath: 'file1.ts', startLine: 3, endLine: 3, codeSnippet: [{ number: 3, content: 'line 3' }] },
+            ])
+
+            mapToAggregatedList(codeScanIssueMap, json, editor, CodeWhispererConstants.CodeAnalysisScope.FILE)
+
+            assert.equal(codeScanIssueMap.size, 1)
+            assert.equal(codeScanIssueMap.get('file1.ts')?.length, 2)
+        })
+    })
 })

packages/core/src/codewhisperer/commands/startSecurityScan.ts

@@ -199,7 +199,8 @@ export async function startSecurityScan(
             scanJob.jobId,
             CodeWhispererConstants.codeScanFindingsSchema,
             projectPaths,
-            scope
+            scope,
+            editor
         )
         const { total, withFixes } = securityRecommendationCollection.reduce(
             (accumulator, current) => ({

packages/core/src/codewhisperer/index.ts

@@ -74,7 +74,7 @@ export { DocumentChangedSource, KeyStrokeHandler, DefaultDocumentChangedType } f
 export { ReferenceLogViewProvider } from './service/referenceLogViewProvider'
 export { LicenseUtil } from './util/licenseUtil'
 export { SecurityIssueProvider } from './service/securityIssueProvider'
-export { listScanResults } from './service/securityScanHandler'
+export { listScanResults, mapToAggregatedList } from './service/securityScanHandler'
 export { CodeWhispererCodeCoverageTracker } from './tracker/codewhispererCodeCoverageTracker'
 export { TelemetryHelper } from './util/telemetryHelper'
 export { LineSelection, LineTracker } from './tracker/lineTracker'

packages/core/src/codewhisperer/models/model.ts

@@ -715,6 +715,11 @@ export interface Remediation {
     suggestedFixes: SuggestedFix[]
 }
 
+export interface CodeLine {
+    content: string
+    number: number
+}
+
 export interface RawCodeScanIssue {
     filePath: string
     startLine: number
@@ -728,6 +733,7 @@ export interface RawCodeScanIssue {
     relatedVulnerabilities: string[]
     severity: string
     remediation: Remediation
+    codeSnippet: CodeLine[]
 }
 
 export interface CodeScanIssue {

packages/core/src/codewhisperer/service/securityScanHandler.ts

@@ -5,6 +5,7 @@
 
 import { DefaultCodeWhispererClient } from '../client/codewhisperer'
 import { getLogger } from '../../shared/logger'
+import * as vscode from 'vscode'
 import {
     AggregatedCodeScanIssue,
     CodeScanIssue,
@@ -44,7 +45,8 @@ export async function listScanResults(
     jobId: string,
     codeScanFindingsSchema: string,
     projectPaths: string[],
-    scope: CodeWhispererConstants.CodeAnalysisScope
+    scope: CodeWhispererConstants.CodeAnalysisScope,
+    editor: vscode.TextEditor | undefined
 ) {
     const logger = getLoggerForScope(scope)
     const codeScanIssueMap: Map<string, RawCodeScanIssue[]> = new Map()
@@ -62,7 +64,7 @@ export async function listScanResults(
         })
         .promise()
     issues.forEach(issue => {
-        mapToAggregatedList(codeScanIssueMap, issue)
+        mapToAggregatedList(codeScanIssueMap, issue, editor, scope)
     })
     codeScanIssueMap.forEach((issues, key) => {
         // Project path example: /Users/username/project
@@ -109,19 +111,32 @@ function mapRawToCodeScanIssue(issue: RawCodeScanIssue): CodeScanIssue {
     }
 }
 
-function mapToAggregatedList(codeScanIssueMap: Map<string, RawCodeScanIssue[]>, json: string) {
+export function mapToAggregatedList(
+    codeScanIssueMap: Map<string, RawCodeScanIssue[]>,
+    json: string,
+    editor: vscode.TextEditor | undefined,
+    scope: CodeWhispererConstants.CodeAnalysisScope
+) {
     const codeScanIssues: RawCodeScanIssue[] = JSON.parse(json)
-    codeScanIssues.forEach(issue => {
-        if (codeScanIssueMap.has(issue.filePath)) {
-            const list = codeScanIssueMap.get(issue.filePath)
-            if (list === undefined) {
-                codeScanIssueMap.set(issue.filePath, [issue])
-            } else {
-                list.push(issue)
-                codeScanIssueMap.set(issue.filePath, list)
+    const filteredIssues = codeScanIssues.filter(issue => {
+        if (scope === CodeWhispererConstants.CodeAnalysisScope.FILE && editor) {
+            for (let lineNumber = issue.startLine; lineNumber <= issue.endLine; lineNumber++) {
+                const line = editor.document.lineAt(lineNumber - 1)?.text
+                const codeContent = issue.codeSnippet.find(codeIssue => codeIssue.number === lineNumber)?.content
+                if (line !== codeContent) {
+                    return false
+                }
             }
+        }
+        return true
+    })
+
+    filteredIssues.forEach(issue => {
+        const filePath = issue.filePath
+        if (codeScanIssueMap.has(filePath)) {
+            codeScanIssueMap.get(filePath)?.push(issue)
         } else {
-            codeScanIssueMap.set(issue.filePath, [issue])
+            codeScanIssueMap.set(filePath, [issue])
         }
     })
 }

packages/core/src/test/codewhisperer/commands/startSecurityScan.test.ts

@@ -106,6 +106,7 @@ const mockCodeScanFindings = JSON.stringify([
             },
             suggestedFixes: [],
         },
+        codeSnippet: [],
     } satisfies model.RawCodeScanIssue,
 ])
 

packages/core/src/testE2E/codewhisperer/securityScan.test.ts

@@ -143,7 +143,8 @@ describe('CodeWhisperer security scan', async function () {
             scanJob.jobId,
             CodeWhispererConstants.codeScanFindingsSchema,
             projectPaths,
-            scope
+            scope,
+            editor
         )
 
         assert.deepStrictEqual(jobStatus, 'Completed')
@@ -183,7 +184,8 @@ describe('CodeWhisperer security scan', async function () {
             scanJob.jobId,
             CodeWhispererConstants.codeScanFindingsSchema,
             projectPaths,
-            scope
+            scope,
+            editor
         )
 
         assert.deepStrictEqual(jobStatus, 'Completed')