Merge pull request #106 from snyk/feat/trust-feature

feat: add folder trust

CHANGELOG.md

@@ -3,6 +3,10 @@
 
 ## [2.0.0] - Unreleased
 ### Changes
+- add folder trust feature
+
+## [2.0.0] - v20221115.132308
+### Changes
 - adds configuration wizard for custom endpoints
 
 ## [2.0.0] - v20221007.135736

plugin/META-INF/MANIFEST.MF

@@ -10,7 +10,7 @@ Require-Bundle: org.eclipse.ui,
  org.eclipse.core.runtime,
  org.eclipse.jdt.core,
  org.eclipse.core.resources,
- org.eclipse.lsp4e;bundle-version="0.13.9",
+ org.eclipse.lsp4e;bundle-version="[0.13.9,0.14.0.qualifier]",
  org.eclipse.lsp4e.jdt;bundle-version="0.10.1",
  org.eclipse.equinox.security,
  org.eclipse.equinox.security.ui,
@@ -33,5 +33,5 @@ Bundle-ClassPath: .,
  target/dependency/httpcore-4.4.15.jar,
  target/dependency/jackson-annotations-2.13.4.jar,
  target/dependency/jackson-core-2.13.4.jar,
- target/dependency/jackson-databind-2.13.4.jar,
+ target/dependency/jackson-databind-2.13.4.2.jar,
  target/dependency/javax.inject-1.jar

plugin/build.properties

@@ -14,7 +14,7 @@ bin.includes = plugin.xml,\
                target/dependency/httpcore-4.4.15.jar,\
                target/dependency/jackson-annotations-2.13.4.jar,\
                target/dependency/jackson-core-2.13.4.jar,\
-               target/dependency/jackson-databind-2.13.4.jar,\
+               target/dependency/jackson-databind-2.13.4.2.jar,\
                target/dependency/javax.inject-1.jar
 src.includes =src/,\
                icons/

plugin/io.snyk.eclipse.plugin.eml

@@ -19,22 +19,22 @@
 	<lib name="httpcore-4.4.15.jar" scope="COMPILE">
 		<relative-module-cls project-related="jar://$PROJECT_DIR$/plugin/target/dependency/httpcore-4.4.15.jar!/"/>
 	</lib>
-	<lib name="jackson-annotations-2.13.4.jar" scope="COMPILE">
+	<lib name="jackson-annotations-2.13.4.2.jar" scope="COMPILE">
 		<relative-module-cls project-related="jar://$PROJECT_DIR$/plugin/target/dependency/jackson-annotations-2.13.4.jar!/"/>
 	</lib>
-	<lib name="jackson-core-2.13.4.jar" scope="COMPILE">
+	<lib name="jackson-core-2.13.4.2.jar" scope="COMPILE">
 		<relative-module-cls project-related="jar://$PROJECT_DIR$/plugin/target/dependency/jackson-core-2.13.4.jar!/"/>
 	</lib>
-	<lib name="jackson-databind-2.13.4.jar" scope="COMPILE">
-		<relative-module-cls project-related="jar://$PROJECT_DIR$/plugin/target/dependency/jackson-databind-2.13.4.jar!/"/>
+	<lib name="jackson-databind-2.13.4.2.jar" scope="COMPILE">
+		<relative-module-cls project-related="jar://$PROJECT_DIR$/plugin/target/dependency/jackson-databind-2.13.4.2.jar!/"/>
 	</lib>
 	<lib name="javax.inject-1.jar" scope="COMPILE">
 		<relative-module-cls project-related="jar://$PROJECT_DIR$/plugin/target/dependency/javax.inject-1.jar!/"/>
 	</lib>
 	<levels>
-		<level name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.13.4" value="project"/>
-		<level name="Maven: com.fasterxml.jackson.core:jackson-core:2.13.4" value="project"/>
-		<level name="Maven: com.fasterxml.jackson.core:jackson-databind:2.13.4" value="project"/>
+		<level name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.13.4.2" value="project"/>
+		<level name="Maven: com.fasterxml.jackson.core:jackson-core:2.13.4.2" value="project"/>
+		<level name="Maven: com.fasterxml.jackson.core:jackson-databind:2.13.4.2" value="project"/>
 		<level name="Maven: org.apache.commons:commons-lang3:3.12.0" value="project"/>
 		<level name="Maven: org.apache.httpcomponents:httpcore:4.4.15" value="project"/>
 		<level name="Maven: org.apache.httpcomponents:httpclient:4.5.13" value="project"/>

plugin/pom.xml

@@ -29,7 +29,7 @@
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
-      <version>2.13.4</version>
+      <version>2.13.4.2</version>
       <type>jar</type>
     </dependency>
     <dependency>

plugin/src/main/java/io/snyk/eclipse/plugin/properties/PreferencesPage.java

@@ -8,6 +8,9 @@
 import io.snyk.languageserver.LsRuntimeEnvironment;
 import io.snyk.languageserver.download.HttpClientFactory;
 import io.snyk.languageserver.download.LsBinaries;
+
+import java.io.File;
+
 import org.eclipse.core.net.proxy.IProxyData;
 import org.eclipse.jface.preference.BooleanFieldEditor;
 import org.eclipse.jface.preference.FieldEditor;
@@ -19,103 +22,114 @@
 import org.eclipse.ui.IWorkbenchPreferencePage;
 
 public class PreferencesPage extends FieldEditorPreferencePage implements IWorkbenchPreferencePage {
-  private BooleanFieldEditor snykCodeCheckbox;
-
-  public PreferencesPage() {
-    super(GRID);
-  }
-
-  @Override
-  public void init(IWorkbench workbench) {
-    setPreferenceStore(io.snyk.eclipse.plugin.properties.preferences.Preferences.getInstance().getStore());
-    setMessage("Snyk Preferences");
-  }
-
-  @Override
-  protected void createFieldEditors() {
-    TokenFieldEditor tokenField = new TokenFieldEditor(
-        io.snyk.eclipse.plugin.properties.preferences.Preferences.getInstance(),
-        io.snyk.eclipse.plugin.properties.preferences.Preferences.AUTH_TOKEN_KEY, "Snyk API Token:",
-        getFieldEditorParent());
-    addField(tokenField);
-    addField(new StringFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences.PATH_KEY, "Path:",
-        getFieldEditorParent()));
-    addField(new StringFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences.ENDPOINT_KEY,
-        "Custom Endpoint:", getFieldEditorParent()));
-    addField(new BooleanFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences.INSECURE_KEY,
-        "Allow unknown certificate authorities", getFieldEditorParent()));
-
-    addField(space());
+	private BooleanFieldEditor snykCodeCheckbox;
+
+	public PreferencesPage() {
+		super(GRID);
+	}
+
+	@Override
+	public void init(IWorkbench workbench) {
+		setPreferenceStore(io.snyk.eclipse.plugin.properties.preferences.Preferences.getInstance().getStore());
+		setMessage("Snyk Preferences");
+	}
+
+	@Override
+	protected void createFieldEditors() {
+		TokenFieldEditor tokenField = new TokenFieldEditor(
+				io.snyk.eclipse.plugin.properties.preferences.Preferences.getInstance(),
+				io.snyk.eclipse.plugin.properties.preferences.Preferences.AUTH_TOKEN_KEY, "Snyk API Token:",
+				getFieldEditorParent());
+		addField(tokenField);
+		addField(new StringFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences.PATH_KEY, "Path:",
+				getFieldEditorParent()));
+		addField(new StringFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences.ENDPOINT_KEY,
+				"Custom Endpoint:", getFieldEditorParent()));
+		addField(new BooleanFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences.INSECURE_KEY,
+				"Allow unknown certificate authorities", getFieldEditorParent()));
+
+		addField(space());
 		addField(new LabelFieldEditor("The following options involve the Snyk Language Server.",
 				getFieldEditorParent()));
-    addField(new LabelFieldEditor(
-        "Activating Snyk Code will cause upload of source code to Snyk or the given endpoint address.",
-        getFieldEditorParent()));
-    addField(space());
+		addField(new LabelFieldEditor(
+				"Activating Snyk Code will cause upload of source code to Snyk or the given endpoint address.",
+				getFieldEditorParent()));
+		addField(space());
 		addField(new BooleanFieldEditor(
 				io.snyk.eclipse.plugin.properties.preferences.Preferences.ACTIVATE_SNYK_OPEN_SOURCE,
-        "Snyk Open Source enabled", getFieldEditorParent()));
-    snykCodeCheckbox = new BooleanFieldEditor(
-        io.snyk.eclipse.plugin.properties.preferences.Preferences.ACTIVATE_SNYK_CODE, "Snyk Code enable" + "d",
-        getFieldEditorParent());
-
-    addField(snykCodeCheckbox);
-    addField(new BooleanFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences.ACTIVATE_SNYK_IAC,
-        "Snyk Infrastructure-as-Code enabled", getFieldEditorParent()));
-
-    addField(space());
-    addField(new LabelFieldEditor("Advanced options:", getFieldEditorParent()));
-    addField(new StringFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences.ORGANIZATION_KEY,
-        "Organization:", getFieldEditorParent()));
-    addField(new StringFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences.ADDITIONAL_PARAMETERS,
-        "Additional Parameters:", getFieldEditorParent()));
-    addField(new StringFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences.ADDITIONAL_ENVIRONMENT,
-        "Additional Environment:", getFieldEditorParent()));
-
-    addField(space());
-    BooleanFieldEditor manageBinaries = new BooleanFieldEditor(Preferences.MANAGE_BINARIES_AUTOMATICALLY,
-        "Update and install Snyk binaries automatically", getFieldEditorParent());
-    manageBinaries.setPropertyChangeListener((PropertyChangeEvent propertyChangeEvent) -> {
-      System.out.println("managed bionaries changed");
-    });
-    addField(manageBinaries);
-    addField(new FileFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences.LS_BINARY_KEY,
-        "Snyk Language Server:", getFieldEditorParent()));
-    addField(new FileFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences.CLI_PATH, "Snyk CLI:",
-        getFieldEditorParent()));
-
-    addField(space());
-
-    addField(new BooleanFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences.SEND_ERROR_REPORTS,
-        "Send error reports to Snyk", getFieldEditorParent()));
+				"Snyk Open Source enabled", getFieldEditorParent()));
+		snykCodeCheckbox = new BooleanFieldEditor(
+				io.snyk.eclipse.plugin.properties.preferences.Preferences.ACTIVATE_SNYK_CODE, "Snyk Code enable" + "d",
+				getFieldEditorParent());
+
+		addField(snykCodeCheckbox);
+		addField(new BooleanFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences.ACTIVATE_SNYK_IAC,
+				"Snyk Infrastructure-as-Code enabled", getFieldEditorParent()));
+
+		addField(space());
+		addField(new LabelFieldEditor("Advanced options:", getFieldEditorParent()));
+		addField(new StringFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences.ORGANIZATION_KEY,
+				"Organization:", getFieldEditorParent()));
+		addField(new StringFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences.ADDITIONAL_PARAMETERS,
+				"Additional Parameters:", getFieldEditorParent()));
+		addField(new StringFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences.ADDITIONAL_ENVIRONMENT,
+				"Additional Environment:", getFieldEditorParent()));
+
+		addField(space());
+		BooleanFieldEditor manageBinaries = new BooleanFieldEditor(Preferences.MANAGE_BINARIES_AUTOMATICALLY,
+				"Update and install Snyk binaries automatically", getFieldEditorParent());
+		manageBinaries.setPropertyChangeListener((PropertyChangeEvent propertyChangeEvent) -> {
+			System.out.println("managed bionaries changed");
+		});
+		addField(manageBinaries);
+		addField(new FileFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences.LS_BINARY_KEY,
+				"Snyk Language Server:", getFieldEditorParent()));
+		addField(new FileFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences.CLI_PATH, "Snyk CLI:",
+				getFieldEditorParent()));
+
+		addField(space());
+
+		addField(new BooleanFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences.SEND_ERROR_REPORTS,
+				"Send error reports to Snyk", getFieldEditorParent()));
 		addField(new BooleanFieldEditor(Preferences.ENABLE_TELEMETRY, "Send usage statistics to Snyk",
 				getFieldEditorParent()));
-	  disableSnykCodeIfOrgDisabled();
-  }
-
-  private FieldEditor space() {
-    return new LabelFieldEditor("", getFieldEditorParent());
-  }
-
-  @Override
-  public boolean performOk() {
-    boolean superOK = super.performOk();
-    var snykView = SnykStartup.getSnykView();
-    snykView.disableRunAbortActions();
-    snykView.toggleRunActionEnablement();
-    disableSnykCodeIfOrgDisabled();
-
-    new LsConfigurationUpdater().configurationChanged();
-    return superOK;
-  }
-
-  private void disableSnykCodeIfOrgDisabled() {
-    var apiClient = new ApiClient();
-    if (snykCodeCheckbox.getBooleanValue() && !apiClient.checkSnykCodeEnablement()) {
-      String message = "Snyk Code disabled, because it is not enabled for your organization. After you close this preference page, it will stay disabled.";
-      snykCodeCheckbox.setLabelText(snykCodeCheckbox.getLabelText()+" ("+message+")");
-      SnykLogger.logInfo(message);
-    }
-  }
+
+		addField(space());
+
+		addField(new LabelFieldEditor(
+				  "Only trusted paths are scanned by Snyk. The Trusted Folders setting allows to specify, which \n"
+				+ "paths are safe to scan. Every path below a given path is considered safe to scan. \n"
+				+ "Please separate entries with \"" + File.pathSeparator + "\".",
+				getFieldEditorParent()));
+		addField(new StringFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences.TRUSTED_FOLDERS,
+				"Trusted Folders:", getFieldEditorParent()));
+
+		disableSnykCodeIfOrgDisabled();
+	}
+
+	private FieldEditor space() {
+		return new LabelFieldEditor("", getFieldEditorParent());
+	}
+
+	@Override
+	public boolean performOk() {
+		boolean superOK = super.performOk();
+		var snykView = SnykStartup.getSnykView();
+		snykView.disableRunAbortActions();
+		snykView.toggleRunActionEnablement();
+		disableSnykCodeIfOrgDisabled();
+
+		new LsConfigurationUpdater().configurationChanged();
+		return superOK;
+	}
+
+	private void disableSnykCodeIfOrgDisabled() {
+		var apiClient = new ApiClient();
+		if (snykCodeCheckbox.getBooleanValue() && !apiClient.checkSnykCodeEnablement()) {
+			String message = "Snyk Code disabled, because it is not enabled for your organization. After you close this preference page, it will stay disabled.";
+			snykCodeCheckbox.setLabelText(snykCodeCheckbox.getLabelText() + " (" + message + ")");
+			SnykLogger.logInfo(message);
+		}
+	}
 
 }

plugin/src/main/java/io/snyk/eclipse/plugin/properties/preferences/Preferences.java

@@ -26,6 +26,7 @@ public static synchronized Preferences getInstance(PreferenceStore store) {
     return preferences;
   }
 
+  public static final String TRUSTED_FOLDERS = "trustedFolders";
   public static final String AUTH_TOKEN_KEY = "authtoken";
   public static final String PATH_KEY = "path";
   public static final String ENDPOINT_KEY = "endpoint";

plugin/src/main/java/io/snyk/eclipse/plugin/properties/preferences/SecurePreferenceStore.java

@@ -4,7 +4,12 @@
 import org.eclipse.equinox.security.storage.ISecurePreferences;
 import org.eclipse.equinox.security.storage.SecurePreferencesFactory;
 import org.eclipse.equinox.security.storage.StorageException;
+import org.eclipse.jface.dialogs.MessageDialog;
 import org.eclipse.jface.preference.IPreferenceStore;
+import org.eclipse.swt.graphics.Image;
+import org.eclipse.swt.widgets.Display;
+import org.eclipse.swt.widgets.Shell;
+import org.eclipse.ui.PlatformUI;
 import org.eclipse.ui.preferences.ScopedPreferenceStore;
 
 public class SecurePreferenceStore extends ScopedPreferenceStore implements PreferenceStore {
@@ -14,7 +19,21 @@ public class SecurePreferenceStore extends ScopedPreferenceStore implements Pref
 
   public SecurePreferenceStore() {
     super(InstanceScope.INSTANCE, QUALIFIER);
-    node = SecurePreferencesFactory.getDefault().node(QUALIFIER);
+    ISecurePreferences secureStorage = SecurePreferencesFactory.getDefault();
+    if (secureStorage == null) {
+    	PlatformUI.getWorkbench().getDisplay().asyncExec(() -> {
+    		Display display = PlatformUI.getWorkbench().getDisplay();
+			Shell activeShell = display.getActiveShell();
+    		String message = "Eclipse was unable to create or access the Secure Storage mechanism. "
+    				+ "Please check your Secure Storage in Eclipse preferences under "
+    				+ "General -> Security -> Secure Storage. "
+    				+ "The Snyk plugin will not be able to work reliably and save preferences "
+    				+ "or the authentication token until Secure Storage can be used.";
+			String title = "Error accessing Eclipse Secure Storage (Snyk)";
+			MessageDialog.openError(activeShell, title, message);
+    	});
+    }
+	node = secureStorage.node(QUALIFIER);
   }
 
   @Override

plugin/src/main/java/io/snyk/eclipse/plugin/runner/SnykCliRunner.java

@@ -17,8 +17,6 @@ public class SnykCliRunner {
   private static final String TEST_PARAMS = "test";
   private static final String FILE_PARAM = "--file=";
 
-  private static final String INSECURE = "--insecure";
-
   private static final String MONITOR_PARAM = "monitor";
 
   //	private static final String AUTH_PARAM = "auth";
@@ -59,12 +57,20 @@ private ProcessResult snykRun(List<String> arguments) {
 
   private ProcessResult snykRun(List<String> arguments, Optional<File> navigatePath) {
     try {
+      checkIfTrusted(navigatePath.get());
       ProcessBuilder processBuilder = createProcessBuilderByOS(arguments, Preferences.getInstance().getPath());
       return processRunner.run(processBuilder, navigatePath);
     } catch (Exception e) {
       return ProcessResult.error(e.getMessage());
     }
   }
+
+  private void checkIfTrusted(File file) {
+    var trustedPaths = Preferences.getInstance().getPref(Preferences.TRUSTED_FOLDERS, "");
+    if (!trustedPaths.contains(file.getAbsolutePath())) {
+      throw new UntrustedScanRequestedException(file.getAbsolutePath() + " is not trusted.");
+    }
+  }
 
   private ProcessBuilder createProcessBuilderByOS(List<String> params, Optional<String> path) throws Exception {
     ProcessBuilder processbuilder;

plugin/src/main/java/io/snyk/eclipse/plugin/runner/UntrustedScanRequestedException.java

@@ -0,0 +1,27 @@
+package io.snyk.eclipse.plugin.runner;
+
+public class UntrustedScanRequestedException extends RuntimeException {
+
+  private static final long serialVersionUID = 4849361078384083852L;
+
+  public UntrustedScanRequestedException() {
+  }
+
+  public UntrustedScanRequestedException(String message) {
+    super(message);
+  }
+
+  public UntrustedScanRequestedException(Throwable cause) {
+    super(cause);
+  }
+
+  public UntrustedScanRequestedException(String message, Throwable cause) {
+    super(message, cause);
+  }
+
+  public UntrustedScanRequestedException(String message, Throwable cause, boolean enableSuppression,
+      boolean writableStackTrace) {
+    super(message, cause, enableSuppression, writableStackTrace);
+  }
+
+}