CM-48119 - Add detection sorting by line number in addition to severity

MarshalX · MarshalX · commit 22b00dd2b81a · 2025-05-08T21:18:12.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 ## [Unreleased]
 
+## [v1.16.0]
+
+- Add detection sorting by line number in addition to severity
+
 ## [v1.15.0]
 
 - Add proper support for disabled modules
@@ -141,6 +145,8 @@
 
 The first stable release with the support of Secrets, SCA, TreeView, Violation Card, and more.
 
+[v1.16.0]: https://github.com/cycodehq/vscode-extension/releases/tag/v1.16.0
+
 [v1.15.0]: https://github.com/cycodehq/vscode-extension/releases/tag/v1.15.0
 
 [v1.14.0]: https://github.com/cycodehq/vscode-extension/releases/tag/v1.14.0
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "cycode",
   "displayName": "Cycode",
-  "version": "1.15.0",
+  "version": "1.16.0",
   "publisher": "cycode",
   "description": "Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning.",
   "repository": {
diff --git a/src/cli/models/scan-result/iac/iac-detection-details.ts b/src/cli/models/scan-result/iac/iac-detection-details.ts
@@ -17,4 +17,8 @@ export class IacDetectionDetails extends ScanDetectionDetailsBase {
   getFilepath(): string {
     return this.fileName;
   }
+
+  getLineInFile(): number {
+    return this.lineInFile;
+  }
 }
diff --git a/src/cli/models/scan-result/iac/iac-detection.ts b/src/cli/models/scan-result/iac/iac-detection.ts
@@ -22,6 +22,6 @@ export class IacDetection extends DetectionBase {
   }
 
   getFormattedNodeTitle(): string {
-    return `line ${this.detectionDetails.lineInFile + 1}: ${this.getFormattedMessage()}`;
+    return `line ${this.detectionDetails.getLineInFile()}: ${this.getFormattedMessage()}`;
   }
 }
diff --git a/src/cli/models/scan-result/sast/sast-detection-details.ts b/src/cli/models/scan-result/sast/sast-detection-details.ts
@@ -19,4 +19,8 @@ export class SastDetectionDetails extends ScanDetectionDetailsBase {
   getFilepath(): string {
     return this.filePath.startsWith('/') ? this.filePath : `/${this.filePath}`;
   }
+
+  getLineInFile(): number {
+    return this.lineInFile;
+  }
 }
diff --git a/src/cli/models/scan-result/sast/sast-detection.ts b/src/cli/models/scan-result/sast/sast-detection.ts
@@ -22,6 +22,6 @@ export class SastDetection extends DetectionBase {
   }
 
   getFormattedNodeTitle(): string {
-    return `line ${this.detectionDetails.lineInFile}: ${this.getFormattedMessage()}`;
+    return `line ${this.detectionDetails.getLineInFile()}: ${this.getFormattedMessage()}`;
   }
 }
diff --git a/src/cli/models/scan-result/sca/sca-detection-details.ts b/src/cli/models/scan-result/sca/sca-detection-details.ts
@@ -25,4 +25,8 @@ export class ScaDetectionDetails extends ScanDetectionDetailsBase {
   getFilepath(): string {
     return this.fileName;
   }
+
+  getLineInFile(): number {
+    return this.lineInFile;
+  }
 }
diff --git a/src/cli/models/scan-result/sca/sca-detection.ts b/src/cli/models/scan-result/sca/sca-detection.ts
@@ -23,6 +23,6 @@ export class ScaDetection extends DetectionBase {
   }
 
   getFormattedNodeTitle(): string {
-    return `line ${this.detectionDetails.lineInFile}: ${this.getFormattedTitle()}`;
+    return `line ${this.detectionDetails.getLineInFile()}: ${this.getFormattedTitle()}`;
   }
 }
diff --git a/src/cli/models/scan-result/scan-detection-details-base.ts b/src/cli/models/scan-result/scan-detection-details-base.ts
@@ -1,3 +1,4 @@
 export abstract class ScanDetectionDetailsBase {
   public abstract getFilepath(): string;
+  public abstract getLineInFile(): number;
 }
diff --git a/src/cli/models/scan-result/secret/secret-detection-details.ts b/src/cli/models/scan-result/secret/secret-detection-details.ts
@@ -1,6 +1,8 @@
 import { Exclude } from 'class-transformer';
 import { ScanDetectionDetailsBase } from '../scan-detection-details-base';
 
+const IDE_ENTRY_LINE_NUMBER = 1;
+
 export class SecretDetectionDetails extends ScanDetectionDetailsBase {
   sha512: string;
   provider: string;
@@ -22,4 +24,8 @@ export class SecretDetectionDetails extends ScanDetectionDetailsBase {
   public getFilepath(): string {
     return `${this.filePath}${this.fileName}`;
   }
+
+  public getLineInFile(): number {
+    return this.line + IDE_ENTRY_LINE_NUMBER;
+  }
 }
diff --git a/src/cli/models/scan-result/secret/secret-detection.ts b/src/cli/models/scan-result/secret/secret-detection.ts
@@ -2,8 +2,6 @@ import { SecretDetectionDetails } from './secret-detection-details';
 import { DetectionBase } from '../detection-base';
 import { Type } from 'class-transformer';
 
-const IDE_ENTRY_LINE_NUMBER = 1;
-
 export class SecretDetection extends DetectionBase {
   id: string;
   message: string;
@@ -25,6 +23,6 @@ export class SecretDetection extends DetectionBase {
   }
 
   public getFormattedNodeTitle(): string {
-    return `line ${this.detectionDetails.line + IDE_ENTRY_LINE_NUMBER}: a hardcoded ${this.type} is used`;
+    return `line ${this.detectionDetails.getLineInFile()}: a hardcoded ${this.type} is used`;
   }
 }
diff --git a/src/commands/open-violation-in-file-command.ts b/src/commands/open-violation-in-file-command.ts
@@ -1,26 +1,10 @@
 import * as vscode from 'vscode';
 import { DetectionBase } from '../cli/models/scan-result/detection-base';
-import { SecretDetection } from '../cli/models/scan-result/secret/secret-detection';
-import { ScaDetection } from '../cli/models/scan-result/sca/sca-detection';
-import { IacDetection } from '../cli/models/scan-result/iac/iac-detection';
-import { SastDetection } from '../cli/models/scan-result/sast/sast-detection';
 
 const VSCODE_LINE_NUMBER_DIFF = 1; // CLI starts counting from 0, although vscode starts from line 1.
 
 export default async (detection: DetectionBase) => {
-  let vscodeLineNumber = 0;
-  if (detection instanceof SecretDetection) {
-    // secret detection line is 0-based
-    vscodeLineNumber = detection.detectionDetails.line + 1;
-  } else if (detection instanceof ScaDetection) {
-    vscodeLineNumber = detection.detectionDetails.lineInFile;
-  } else if (detection instanceof IacDetection) {
-    vscodeLineNumber = detection.detectionDetails.lineInFile;
-  } else if (detection instanceof SastDetection) {
-    vscodeLineNumber = detection.detectionDetails.lineInFile;
-  }
-
-  vscodeLineNumber -= VSCODE_LINE_NUMBER_DIFF;
+  const vscodeLineNumber = detection.detectionDetails.getLineInFile() - VSCODE_LINE_NUMBER_DIFF;
 
   const uri = vscode.Uri.file(detection.detectionDetails.getFilepath());
   await vscode.window.showTextDocument(uri, {
diff --git a/src/providers/diagnostics/iac-diagnostics.ts b/src/providers/diagnostics/iac-diagnostics.ts
@@ -27,7 +27,7 @@ export const createDiagnostics = async (
     message += `In file: ${fileName}\n`;
 
     const diagnostic = new vscode.Diagnostic(
-      document.lineAt(detectionDetails.lineInFile - 1).range,
+      document.lineAt(detectionDetails.getLineInFile() - 1).range,
       message,
       vscode.DiagnosticSeverity.Error,
     );
diff --git a/src/providers/diagnostics/sast-diagnostics.ts b/src/providers/diagnostics/sast-diagnostics.ts
@@ -22,7 +22,7 @@ export const createDiagnostics = async (
     message += `In file: ${detection.detectionDetails.fileName}\n`;
 
     const diagnostic = new vscode.Diagnostic(
-      document.lineAt(detectionDetails.lineInFile - 1).range,
+      document.lineAt(detectionDetails.getLineInFile() - 1).range,
       message,
       vscode.DiagnosticSeverity.Error,
     );
diff --git a/src/providers/diagnostics/sca-diagnostics.ts b/src/providers/diagnostics/sca-diagnostics.ts
@@ -32,7 +32,7 @@ export const createDiagnostics = async (
 
     const diagnostic = new vscode.Diagnostic(
       // BE of SCA counts lines from 1, while VSCode counts from 0
-      document.lineAt(detectionDetails.lineInFile - 1).range,
+      document.lineAt(detectionDetails.getLineInFile() - 1).range,
       message,
       vscode.DiagnosticSeverity.Error,
     );
diff --git a/src/providers/tree-data/provider.ts b/src/providers/tree-data/provider.ts
@@ -103,11 +103,7 @@ export class TreeDataProvider implements vscode.TreeDataProvider<BaseNode> {
       return !enabledSeverityFilters.has(detection.severity.toLowerCase());
     });
 
-    const severitySortedDetections = severityFilteredDetections.sort((a, b) => {
-      return this.getSeverityWeight(b.severity) - this.getSeverityWeight(a.severity);
-    });
-
-    const groupedByFilepathDetection = severitySortedDetections
+    const groupedByFilepathDetection = severityFilteredDetections
       .reduce<Map<string, DetectionBase[]>>((acc, detection) => {
         const filepath = detection.detectionDetails.getFilepath();
         if (!acc.has(filepath)) {
@@ -117,7 +113,7 @@ export class TreeDataProvider implements vscode.TreeDataProvider<BaseNode> {
         return acc;
       }, new Map());
 
-    const scanTypeNode = new ScanTypeNode(scanType, this.getScanTypeNodeSummary(severitySortedDetections));
+    const scanTypeNode = new ScanTypeNode(scanType, this.getScanTypeNodeSummary(severityFilteredDetections));
     this._createdRootNodes.push(scanTypeNode);
     this._createdNodesToChildren.set(scanTypeNode, []);
 
@@ -127,7 +123,13 @@ export class TreeDataProvider implements vscode.TreeDataProvider<BaseNode> {
       this._createdNodesToChildren.set(fileNode, []);
       this._createdChildToParentNode.set(fileNode, scanTypeNode);
 
-      for (const detection of detections) {
+      const sortedDetections = detections.sort((a, b) => {
+        const severityDiff = this.getSeverityWeight(b.severity) - this.getSeverityWeight(a.severity);
+        const lineDiff = a.detectionDetails.getLineInFile() - b.detectionDetails.getLineInFile();
+        return severityDiff !== 0 ? severityDiff : lineDiff;
+      });
+
+      for (const detection of sortedDetections) {
         const detectionNode = new DetectionNode(scanType, detection);
         this._createdNodesToChildren.get(fileNode)?.push(detectionNode);
         this._createdChildToParentNode.set(detectionNode, fileNode);

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "cycode",`
`3`	`3`	`"displayName": "Cycode",`
`4`		`- "version": "1.15.0",`
	`4`	`+ "version": "1.16.0",`
`5`	`5`	`"publisher": "cycode",`
`6`	`6`	`"description": "Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning.",`
`7`	`7`	`"repository": {`
Original file line number	Diff line number	Diff line change
`@@ -17,4 +17,8 @@ export class IacDetectionDetails extends ScanDetectionDetailsBase {`
`17`	`17`	`getFilepath(): string {`
`18`	`18`	`return this.fileName;`
`19`	`19`	`}`
	`20`	`+`
	`21`	`+ getLineInFile(): number {`
	`22`	`+ return this.lineInFile;`
	`23`	`+ }`
`20`	`24`	`}`
Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,6 @@ export class IacDetection extends DetectionBase {`
`22`	`22`	`}`
`23`	`23`
`24`	`24`	`getFormattedNodeTitle(): string {`
`25`		- return `line ${this.detectionDetails.lineInFile + 1}: ${this.getFormattedMessage()}`;
	`25`	+ return `line ${this.detectionDetails.getLineInFile()}: ${this.getFormattedMessage()}`;
`26`	`26`	`}`
`27`	`27`	`}`
Original file line number	Diff line number	Diff line change
`@@ -19,4 +19,8 @@ export class SastDetectionDetails extends ScanDetectionDetailsBase {`
`19`	`19`	`getFilepath(): string {`
`20`	`20`	return this.filePath.startsWith('/') ? this.filePath : `/${this.filePath}`;
`21`	`21`	`}`
	`22`	`+`
	`23`	`+ getLineInFile(): number {`
	`24`	`+ return this.lineInFile;`
	`25`	`+ }`
`22`	`26`	`}`
Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,6 @@ export class SastDetection extends DetectionBase {`
`22`	`22`	`}`
`23`	`23`
`24`	`24`	`getFormattedNodeTitle(): string {`
`25`		- return `line ${this.detectionDetails.lineInFile}: ${this.getFormattedMessage()}`;
	`25`	+ return `line ${this.detectionDetails.getLineInFile()}: ${this.getFormattedMessage()}`;
`26`	`26`	`}`
`27`	`27`	`}`
Original file line number	Diff line number	Diff line change
`@@ -25,4 +25,8 @@ export class ScaDetectionDetails extends ScanDetectionDetailsBase {`
`25`	`25`	`getFilepath(): string {`
`26`	`26`	`return this.fileName;`
`27`	`27`	`}`
	`28`	`+`
	`29`	`+ getLineInFile(): number {`
	`30`	`+ return this.lineInFile;`
	`31`	`+ }`
`28`	`32`	`}`
Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,6 @@ export class ScaDetection extends DetectionBase {`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`getFormattedNodeTitle(): string {`
`26`		- return `line ${this.detectionDetails.lineInFile}: ${this.getFormattedTitle()}`;
	`26`	+ return `line ${this.detectionDetails.getLineInFile()}: ${this.getFormattedTitle()}`;
`27`	`27`	`}`
`28`	`28`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
`1`	`1`	`export abstract class ScanDetectionDetailsBase {`
`2`	`2`	`public abstract getFilepath(): string;`
	`3`	`+ public abstract getLineInFile(): number;`
`3`	`4`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2,8 +2,6 @@ import { SecretDetectionDetails } from './secret-detection-details';`
`2`	`2`	`import { DetectionBase } from '../detection-base';`
`3`	`3`	`import { Type } from 'class-transformer';`
`4`	`4`
`5`		`-const IDE_ENTRY_LINE_NUMBER = 1;`
`6`		`-`
`7`	`5`	`export class SecretDetection extends DetectionBase {`
`8`	`6`	`id: string;`
`9`	`7`	`message: string;`
`@@ -25,6 +23,6 @@ export class SecretDetection extends DetectionBase {`
`25`	`23`	`}`
`26`	`24`
`27`	`25`	`public getFormattedNodeTitle(): string {`
`28`		- return `line ${this.detectionDetails.line + IDE_ENTRY_LINE_NUMBER}: a hardcoded ${this.type} is used`;
	`26`	+ return `line ${this.detectionDetails.getLineInFile()}: a hardcoded ${this.type} is used`;
`29`	`27`	`}`
`30`	`28`	`}`