POC: Finding Suppression Working POC

Author: laileni-aws

packages/core/src/codewhisperer/commands/basicCommands.ts

@@ -4,6 +4,8 @@
  */
 
 import * as vscode from 'vscode'
+import * as fs from 'fs'
+import * as path from 'path'
 import { CodewhispererCodeScanIssueApplyFix, Component, telemetry } from '../../shared/telemetry/telemetry'
 import { ExtContext, VSCODE_EXTENSION_ID } from '../../shared/extensions'
 import { Commands, VsCodeCommandArg, placeholder } from '../../shared/vscode/commands2'
@@ -284,12 +286,51 @@ export const openSecurityIssuePanel = Commands.declare(
         )
     }
 )
-
+/* Working
 export const suppressIssue = Commands.declare(
     'aws.amazonq.suppressIssue',
     (context: ExtContext) => async (issue: CodeScanIssue, filePath: string) => {
         // let issueData=issue
-        void vscode.window.setStatusBarMessage(`Issue ${issue.findingId} is Suppressed`)
+        void vscode.window.setStatusBarMessage(`Issue ${issue.title} is Suppressed`)
+    }
+)
+*/
+
+//TODO: Remove the yellow line on all the findings with the same title as finding title of user suppressed.
+export const suppressIssue = Commands.declare(
+    'aws.amazonq.suppressIssue',
+    (context: ExtContext) => async (issue: CodeScanIssue, filePath: string) => {
+        const workspaceFolder = vscode.workspace.workspaceFolders?.[0]
+        if (!workspaceFolder) {
+            void vscode.window.showErrorMessage('No workspace folder found.')
+            return
+        }
+        const hiddenFileName = '.suppressed_issues'
+        const hiddenFilePath = path.join(workspaceFolder.uri.fsPath, hiddenFileName)
+        const document = await vscode.workspace.openTextDocument(filePath)
+        try {
+            // Read existing content or create an empty array if file doesn't exist
+            let suppressedIssues: string[] = []
+            if (fs.existsSync(hiddenFilePath)) {
+                const fileContent = await fs.promises.readFile(hiddenFilePath, 'utf-8')
+                suppressedIssues = JSON.parse(fileContent)
+            }
+            // Add the new issue title if it's not already in the list
+            if (!suppressedIssues.includes(issue.title)) {
+                suppressedIssues.push(issue.title)
+                // Write the updated list back to the file
+                await fs.promises.writeFile(hiddenFilePath, JSON.stringify(suppressedIssues, undefined, 2))
+                void vscode.window.setStatusBarMessage(`Issue "${issue.title}" is suppressed`)
+                //Drop the finding from current file
+                removeDiagnostic(document.uri, issue)
+                SecurityIssueHoverProvider.instance.removeIssue(document.uri, issue)
+                SecurityIssueCodeActionProvider.instance.removeIssue(document.uri, issue)
+            } else {
+                void vscode.window.setStatusBarMessage(`Issue "${issue.title}" was already suppressed`)
+            }
+        } catch (error) {
+            void vscode.window.showErrorMessage(`Failed to suppress issue: ${error}`)
+        }
     }
 )
 

packages/core/src/codewhisperer/service/securityIssueCodeActionProvider.ts

@@ -73,7 +73,7 @@ export class SecurityIssueCodeActionProvider extends SecurityIssueProvider imple
                         `Amazon Q: Suppress Issue "${issue.title}"`,
                         vscode.CodeActionKind.QuickFix
                     )
-                    const suppressIssueWithQArgs = [issue]
+                    const suppressIssueWithQArgs = [issue, group.filePath]
                     suppressIssueWithQ.command = {
                         title: 'Suppress Issue with Amazon Q',
                         command: 'aws.amazonq.suppressIssue',

packages/core/src/codewhisperer/service/securityIssueHoverProvider.ts

@@ -91,7 +91,7 @@ export class SecurityIssueHoverProvider extends SecurityIssueProvider implements
         //TODO
         const suppressIssueCommand = this._getCommandMarkdown(
             'aws.amazonq.suppressIssue',
-            [issue],
+            [issue, filePath],
             'comment',
             'Suppress Issue',
             'Suppress Issue with Amazon Q'

packages/core/src/codewhisperer/service/securityScanHandler.ts

@@ -6,6 +6,7 @@
 import { DefaultCodeWhispererClient } from '../client/codewhisperer'
 import { getLogger } from '../../shared/logger'
 import * as vscode from 'vscode'
+import * as fs from 'fs'
 import {
     AggregatedCodeScanIssue,
     CodeScanIssue,
@@ -39,6 +40,22 @@ import {
     UploadArtifactToS3Error,
 } from '../models/errors'
 import { getTelemetryReasonDesc } from '../../shared/errors'
+async function getSuppressedIssues(projectPath: string): Promise<string[]> {
+    const hiddenFileName = '.suppressed_issues'
+    const hiddenFilePath = path.join(projectPath, hiddenFileName)
+
+    try {
+        if (fs.existsSync(hiddenFilePath)) {
+            const fileContent = await fs.promises.readFile(hiddenFilePath, 'utf-8')
+            return JSON.parse(fileContent)
+        }
+    } catch (error) {
+        // console.error('Error reading suppressed issues:', error)
+        void vscode.window.showErrorMessage(`Error reading suppressed issues: ${error}`)
+    }
+
+    return []
+}
 
 export async function listScanResults(
     client: DefaultCodeWhispererClient,
@@ -53,6 +70,9 @@ export async function listScanResults(
     const aggregatedCodeScanIssueList: AggregatedCodeScanIssue[] = []
     const requester = (request: codewhispererClient.ListCodeScanFindingsRequest) => client.listCodeScanFindings(request)
     const collection = pageableToCollection(requester, { jobId, codeScanFindingsSchema }, 'nextToken')
+
+    const suppressedIssues = await getSuppressedIssues(projectPaths[0])
+
     const issues = await collection
         .flatten()
         .map((resp) => {
@@ -74,11 +94,17 @@ export async function listScanResults(
             // Do not use .. in between because there could be multiple project paths in the same parent dir.
             const filePath = path.join(projectPath, key.split('/').slice(1).join('/'))
             if (existsSync(filePath) && statSync(filePath).isFile()) {
-                const aggregatedCodeScanIssue: AggregatedCodeScanIssue = {
-                    filePath: filePath,
-                    issues: issues.map(mapRawToCodeScanIssue),
+                const filteredIssues = issues
+                    .map(mapRawToCodeScanIssue)
+                    .filter((i) => !suppressedIssues.includes(i.title))
+
+                if (filteredIssues.length > 0) {
+                    const aggregatedCodeScanIssue: AggregatedCodeScanIssue = {
+                        filePath: filePath,
+                        issues: filteredIssues,
+                    }
+                    aggregatedCodeScanIssueList.push(aggregatedCodeScanIssue)
                 }
-                aggregatedCodeScanIssueList.push(aggregatedCodeScanIssue)
             }
         })
         const maybeAbsolutePath = `/${key}`

packages/core/src/codewhisperer/views/securityIssue/securityIssueWebview.ts

@@ -43,7 +43,7 @@ export class SecurityIssueWebview extends VueWebview {
         })
     }
     public suppressIssueWithQ() {
-        const args = [this.issue]
+        const args = [this.issue, this.filePath]
         void this.navigateToFile()?.then(() => {
             void vscode.commands.executeCommand('aws.amazonq.suppressIssue', ...args)
         })