chore: add new settings for python and go ecosystems

Signed-off-by: Ilona Shishov <[email protected]>

package.json

@@ -231,6 +231,30 @@
           "default": "Error",
           "description": "Defines the severity level of alerts for detected vulnerabilities in dependencies.",
           "scope": "window"
+        },
+        "redHatDependencyAnalytics.usePythonVirtualEnvironment": {
+          "type": "boolean",
+          "default": false,
+          "description": "Automates the installation of missing packages in a Python virtual environment.",
+          "scope": "window"
+        },
+        "redHatDependencyAnalytics.useGoMVS": {
+          "type": "boolean",
+          "default": false,
+          "description": "Uses the Minimal version selection (MVS) algorithm to select a set of module versions to use when building Go packages.",
+          "scope": "window"
+        },
+        "redHatDependencyAnalytics.enablePythonBestEffortsInstallation": {
+          "type": "boolean",
+          "default": false,
+          "description": "Installs Python packages tailored to the Python version in use, disregarding declared versions. Note: Requires settings Match Manifest Versions to be set to false and Use Python Virtual Environment to be set to true.",
+          "scope": "window"
+        },
+        "redHatDependencyAnalytics.usePipDepTree": {
+          "type": "boolean",
+          "default": false,
+          "description": "Use lightweight pipdeptree command line tool as the data source for building the Python dependency tree. This may significantly enhance analysis time.",
+          "scope": "window"
         }
       }
     }
@@ -273,9 +297,9 @@
     "webpack-cli": "^5.1.4"
   },
   "dependencies": {
-    "@fabric8-analytics/fabric8-analytics-lsp-server": "^0.9.4-ea.2",
+    "@fabric8-analytics/fabric8-analytics-lsp-server": "^0.9.4-ea.6",
     "@redhat-developer/vscode-redhat-telemetry": "^0.7.0",
-    "@RHEcosystemAppEng/exhort-javascript-api": "^0.1.1-ea.14",
+    "@RHEcosystemAppEng/exhort-javascript-api": "^0.1.1-ea.26",
     "fs": "^0.0.1-security",
     "path": "^0.12.7",
     "vscode-languageclient": "^8.1.0"

src/caNotification.ts

@@ -1,5 +1,7 @@
 'use strict';
 
+import { applySettingNameMappings } from './utils';
+
 /**
  * Interface representing the data structure for a Component Analysis (CA) Notification.
  */
@@ -35,7 +37,7 @@ class CANotification {
    * @param respData The data used to create the notification.
    */
   constructor(respData: CANotificationData) {
-    this.errorMessage = respData.errorMessage || '';
+    this.errorMessage = applySettingNameMappings(respData.errorMessage || '');
     this.done = respData.done === true;
     this.uri = respData.uri;
     this.diagCount = respData.diagCount || 0;

src/config.ts

@@ -15,6 +15,10 @@ class Config {
   rhRepositoryRecommendationNotificationCommand: string;
   utmSource: string;
   matchManifestVersions: string;
+  usePythonVirtualEnvironment: string;
+  useGoMVS: string;
+  enablePythonBestEffortsInstallation: string;
+  usePipDepTree: string;
   vulnerabilityAlertSeverity: string;
   exhortMvnPath: string;
   exhortNpmPath: string;
@@ -62,6 +66,14 @@ class Config {
     this.utmSource = GlobalState.UTM_SOURCE;
     /* istanbul ignore next */
     this.matchManifestVersions = rhdaConfig.matchManifestVersions ? 'true' : 'false';
+    /* istanbul ignore next */
+    this.usePythonVirtualEnvironment = rhdaConfig.usePythonVirtualEnvironment ? 'true' : 'false';
+    /* istanbul ignore next */
+    this.useGoMVS = rhdaConfig.useGoMVS ? 'true' : 'false';
+    /* istanbul ignore next */
+    this.enablePythonBestEffortsInstallation = rhdaConfig.enablePythonBestEffortsInstallation ? 'true' : 'false';
+    /* istanbul ignore next */
+    this.usePipDepTree = rhdaConfig.usePipDepTree ? 'true' : 'false';
     this.vulnerabilityAlertSeverity = rhdaConfig.vulnerabilityAlertSeverity;
     /* istanbul ignore next */
     this.rhdaReportFilePath = rhdaConfig.reportFilePath || DEFAULT_RHDA_REPORT_FILE_PATH;
@@ -83,6 +95,10 @@ class Config {
     process.env['VSCEXT_REDHAT_REPOSITORY_RECOMMENDATION_NOTIFICATION_COMMAND'] = this.rhRepositoryRecommendationNotificationCommand;
     process.env['VSCEXT_UTM_SOURCE'] = this.utmSource;
     process.env['VSCEXT_MATCH_MANIFEST_VERSIONS'] = this.matchManifestVersions;
+    process.env['VSCEXT_USE_PYTHON_VIRTUAL_ENVIRONMENT'] = this.usePythonVirtualEnvironment;
+    process.env['VSCEXT_USE_GO_MVS'] = this.useGoMVS;
+    process.env['VSCEXT_ENABLE_PYTHON_BEST_EFFORTS_INSTALLATION'] = this.enablePythonBestEffortsInstallation;
+    process.env['VSCEXT_USE_PIP_DEP_TREE'] = this.usePipDepTree;
     process.env['VSCEXT_VULNERABILITY_ALERT_SEVERITY'] = this.vulnerabilityAlertSeverity;
     process.env['VSCEXT_EXHORT_MVN_PATH'] = this.exhortMvnPath;
     process.env['VSCEXT_EXHORT_NPM_PATH'] = this.exhortNpmPath;

src/constants.ts

@@ -28,6 +28,10 @@ export enum Titles {
   REPORT_TITLE = `Red Hat Dependency Analytics Report`,
 }
 
+export const settingNameMappings: { [key: string]: string } = {
+  'EXHORT_PYTHON_VIRTUAL_ENV': 'Use Python Virtual Environment'
+};
+
 // Refer `name` from package.json
 export const EXTENSION_ID = 'fabric8-analytics';
 // publisher.name from package.json

src/extension.ts

@@ -19,6 +19,7 @@ import { CANotification } from './caNotification';
 import { DepOutputChannel } from './depOutputChannel';
 import { record, startUp, TelemetryActions } from './redhatTelemetry';
 // import { validateSnykToken } from './tokenValidation';
+import { applySettingNameMappings } from './utils';
 
 let lspClient: LanguageClient;
 
@@ -45,8 +46,9 @@ export function activate(context: vscode.ExtensionContext) {
         await generateRHDAReport(context, fileUri);
         record(context, TelemetryActions.vulnerabilityReportDone, { manifest: path.basename(fileUri.fsPath), fileName: path.basename(fileUri.fsPath) });
       } catch (error) {
-        vscode.window.showErrorMessage(error.message);
-        record(context, TelemetryActions.vulnerabilityReportFailed, { manifest: path.basename(fileUri.fsPath), fileName: path.basename(fileUri.fsPath), error: error.message });
+        const message = applySettingNameMappings(error.message);
+        vscode.window.showErrorMessage(message);
+        record(context, TelemetryActions.vulnerabilityReportFailed, { manifest: path.basename(fileUri.fsPath), fileName: path.basename(fileUri.fsPath), error: message });
       }
     }
   );
@@ -251,8 +253,9 @@ function registerStackAnalysisCommands(context: vscode.ExtensionContext) {
       await generateRHDAReport(context, uri);
       record(context, TelemetryActions.vulnerabilityReportDone, { manifest: path.basename(uri.fsPath), fileName: path.basename(uri.fsPath) });
     } catch (error) {
-      vscode.window.showErrorMessage(error.message);
-      record(context, TelemetryActions.vulnerabilityReportFailed, { manifest: path.basename(uri.fsPath), fileName: path.basename(uri.fsPath), error: error.message });
+      const message = applySettingNameMappings(error.message);
+      vscode.window.showErrorMessage(message);
+      record(context, TelemetryActions.vulnerabilityReportFailed, { manifest: path.basename(uri.fsPath), fileName: path.basename(uri.fsPath), error: message });
     }
   };
 

src/stackAnalysis.ts

@@ -69,6 +69,10 @@ async function executeStackAnalysis(manifestFilePath): Promise<string> {
           'RHDA_TOKEN': globalConfig.telemetryId,
           'RHDA_SOURCE': globalConfig.utmSource,
           'MATCH_MANIFEST_VERSIONS': globalConfig.matchManifestVersions,
+          'EXHORT_PYTHON_VIRTUAL_ENV': globalConfig.usePythonVirtualEnvironment,
+          'EXHORT_GO_MVS_LOGIC_ENABLED': globalConfig.useGoMVS,
+          'EXHORT_PYTHON_INSTALL_BEST_EFFORTS': globalConfig.enablePythonBestEffortsInstallation,
+          'EXHORT_PIP_USE_DEP_TREE': globalConfig.usePipDepTree,
           'EXHORT_MVN_PATH': globalConfig.exhortMvnPath,
           'EXHORT_NPM_PATH': globalConfig.exhortNpmPath,
           'EXHORT_GO_PATH': globalConfig.exhortGoPath,

src/utils.ts

@@ -0,0 +1,14 @@
+'use strict';
+
+import { settingNameMappings } from './constants';
+
+export function applySettingNameMappings(message: string): string {
+    let modifiedMessage = message;
+
+    Object.keys(settingNameMappings).forEach(key => {
+        const regex = new RegExp(key, 'g');
+        modifiedMessage = modifiedMessage.replace(regex, settingNameMappings[key]);
+    });
+
+    return modifiedMessage;
+}

test/config.test.ts

@@ -33,6 +33,10 @@ suite('Config module', () => {
     expect(globalConfig.rhRepositoryRecommendationNotificationCommand).to.eq(commands.REDHAT_REPOSITORY_RECOMMENDATION_NOTIFICATION_COMMAND);
     expect(globalConfig.utmSource).to.eq(GlobalState.UTM_SOURCE);
     expect(globalConfig.matchManifestVersions).to.eq('true');
+    expect(globalConfig.usePythonVirtualEnvironment).to.eq('false');
+    expect(globalConfig.useGoMVS).to.eq('false');
+    expect(globalConfig.enablePythonBestEffortsInstallation).to.eq('false');
+    expect(globalConfig.usePipDepTree).to.eq('false');
     expect(globalConfig.vulnerabilityAlertSeverity).to.eq('Error');
     expect(globalConfig.rhdaReportFilePath).to.eq('/tmp/redhatDependencyAnalyticsReport.html');
     expect(globalConfig.exhortMvnPath).to.eq('mvn');
@@ -63,6 +67,10 @@ suite('Config module', () => {
     expect(process.env['VSCEXT_REDHAT_REPOSITORY_RECOMMENDATION_NOTIFICATION_COMMAND']).to.eq(commands.REDHAT_REPOSITORY_RECOMMENDATION_NOTIFICATION_COMMAND);
     expect(process.env['VSCEXT_UTM_SOURCE']).to.eq(GlobalState.UTM_SOURCE);
     expect(process.env['VSCEXT_MATCH_MANIFEST_VERSIONS']).to.eq('true');
+    expect(process.env['VSCEXT_USE_PYTHON_VIRTUAL_ENVIRONMENT']).to.eq('false');
+    expect(process.env['VSCEXT_USE_GO_MVS']).to.eq('false');
+    expect(process.env['VSCEXT_ENABLE_PYTHON_BEST_EFFORTS_INSTALLATION']).to.eq('false');
+    expect(process.env['VSCEXT_USE_PIP_DEP_TREE']).to.eq('false');
     expect(process.env['VSCEXT_VULNERABILITY_ALERT_SEVERITY']).to.eq('Error');
     expect(process.env['VSCEXT_EXHORT_MVN_PATH']).to.eq('mvn');
     expect(process.env['VSCEXT_EXHORT_NPM_PATH']).to.eq('npm');

test/utils.test.ts

@@ -0,0 +1,53 @@
+import * as chai from 'chai';
+import * as sinon from 'sinon';
+import * as sinonChai from 'sinon-chai';
+
+import { settingNameMappings } from '../src/constants';
+import { applySettingNameMappings } from '../src/utils';
+
+const expect = chai.expect;
+chai.use(sinonChai);
+
+suite('Utils module', () => {
+    let sandbox: sinon.SinonSandbox;
+
+    setup(() => {
+        sandbox = sinon.createSandbox();
+    });
+
+    teardown(() => {
+        sandbox.restore();
+    });
+
+    test('should return a string with applied mappings', () => {
+
+        Object.keys(settingNameMappings).forEach(key => {
+            const message = `The ${key} variable should be set.`;
+            const expectedMessage = `The ${settingNameMappings[key]} variable should be set.`;
+
+            const result = applySettingNameMappings(message);
+
+            expect(result).to.equal(expectedMessage);
+        });
+    });
+
+    test('should handle multiple occurrences of mapping keys', () => {
+
+        Object.keys(settingNameMappings).forEach(key => {
+            const message = `Please ensure the ${key} is properly configured. Set ${key} to true.`;
+            const expectedMessage = `Please ensure the ${settingNameMappings[key]} is properly configured. Set ${settingNameMappings[key]} to true.`;
+
+            const result = applySettingNameMappings(message);
+
+            expect(result).to.equal(expectedMessage);
+        });
+    });
+
+    test('should not modify the message if no mappings apply', () => {
+        const message = 'This message does not contain any mapping keys.';
+
+        const result = applySettingNameMappings(message);
+
+        expect(result).to.equal(message);
+    });
+});