Add an AlternateID field to enable opening the vulnerability details. (AST-94450) (#1108)

* Adds error handling for file not found in workspace

* Add AlternateID and remove "coming soon"

* Update AST CLI JavaScript Wrapper to version 0.0.130

* Update webViewCommand.ts

---------

Co-authored-by: galactica <[email protected]>
Co-authored-by: github-actions <[email protected]>
Co-authored-by: Daniel Greenspan <[email protected]>

Author: 4 people

media/riskManagement.css

@@ -125,10 +125,6 @@ button:hover {
   filter: brightness(1.5);
 }
 
-.disabled-result {
-  cursor: not-allowed;
-}
-
 svg {
   vertical-align: text-top;
   color: var(--cx-main-color);

media/riskManagement.js

@@ -400,28 +400,17 @@
     return results.results.map((result) => {
       const matchedScore = getMatchedScore(result, app.applicationID);
 
-      const isNA =
-        result.engine.toLowerCase() === "sca" ||
-        result.engine.toLowerCase() === "kics";
-      const tooltip = isNA
-        ? 'title="Coming soon..." data-bs-toggle="tooltip" data-bs-placement="top"'
-        : "";
-
       const resultElement = createResultElement(
         result,
         matchedScore,
-        isNA,
-        tooltip
       );
 
-      if (!isNA) {
         resultElement.addEventListener("click", () => {
           vscode.postMessage({
             command: "openVulnerabilityDetails",
             result: result,
           });
         });
-      }
 
       return resultElement;
     });
@@ -434,9 +423,9 @@
     return matchedScore || result.riskScore;
   }
 
-  function createResultElement(result, score, isSCA, tooltip) {
+  function createResultElement(result, score) {
     const resultElement = document.createElement("div");
-    resultElement.className = `result${isSCA ? " disabled-result" : ""}`;
+    resultElement.className = "result";
 
     score = formatScore(score);
 
@@ -445,7 +434,7 @@
                 <span>${icons[result.severity]}</span> 
                 <span>${score}</span> 
             </span>
-            <span class="ellipsis" ${isSCA ? tooltip : ""}> ${
+            <span class="ellipsis"> ${
       result.name
     }</span>
         `;

package-lock.json

@@ -953,7 +953,7 @@
     "@popperjs/core": "^2.11.8",
     "@vscode/codicons": "^0.0.36",
     "axios": "^1.8.3",
-    "@checkmarxdev/ast-cli-javascript-wrapper": "0.0.129",
+    "@checkmarxdev/ast-cli-javascript-wrapper": "0.0.130",
     "copyfiles": "2.4.1",
     "dotenv": "^16.4.7",
     "eslint-config-prettier": "^9.1.0",

package.json

@@ -27,6 +27,7 @@ export class AstResult extends CxResult {
   language = "";
   description = "";
   descriptionHTML = "";
+  alternateId = "";
   similarityId = "";
   declare data: any;
   state = "";
@@ -60,6 +61,7 @@ export class AstResult extends CxResult {
         : result.vulnerabilityDetails.cveName,
       result.id,
       result.status,
+      result.alternateId,
       result.similarityId,
       result.state,
       result.severity,

src/models/results.ts

@@ -46,13 +46,11 @@ export class riskManagementView implements vscode.WebviewViewProvider {
 
   private async handleMessage(message: {
     command: string;
-    result?: { hash: string; engine: string };
+    result?: { hash: string };
   }): Promise<void> {
     switch (message.command) {
       case "openVulnerabilityDetails": {
-        const hash = message.result.hash;
-        const type = message.result.engine;
-        const result = this.findResultByHash(hash, type);
+        const result = this.findResultByHash(message.result.hash);
         if (result) {
           const astResult = new AstResult(result);
           await vscode.commands.executeCommand(commands.newDetails, astResult);
@@ -64,10 +62,8 @@ export class riskManagementView implements vscode.WebviewViewProvider {
     }
   }
 
-  private findResultByHash(hash: string, type: string): CxResult | undefined {
-    if (type === constants.sast) {
-      return this.cxResults.find((result) => result.data.resultHash === hash);
-    }
+  private findResultByHash(hash: string): CxResult | undefined {
+    return this.cxResults.find((result) => result.alternateId === hash);
   }
 
   public async updateContent(options?: {