Skip to content

Commit 93d4903

Browse files
authored
Merge pull request #193 from docker/scout-specific-filters
Allow filtering and disabling specific Scout features
2 parents 7ca61d1 + b5c8342 commit 93d4903

File tree

7 files changed

+345
-18
lines changed

7 files changed

+345
-18
lines changed

CHANGELOG.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,11 @@ All notable changes to the Docker Language Server will be documented in this fil
66

77
### Added
88

9+
- Dockerfile
10+
- textDocument/hover
11+
- support configuring vulnerability hovers with an experimental setting ([#192](https://github.com/docker/docker-language-server/issues/192))
12+
- textDocument/publishDiagnostics
13+
- support filtering vulnerability diagnostics with an experimental setting ([#192](https://github.com/docker/docker-language-server/issues/192))
914
- Compose
1015
- textDocument/completion
1116
- support build stage names for the `target` attribute ([#173](https://github.com/docker/docker-language-server/issues/173))
@@ -16,6 +21,9 @@ All notable changes to the Docker Language Server will be documented in this fil
1621
- support navigating to a dependency that is defined in another file ([#190](https://github.com/docker/docker-language-server/issues/190))
1722
- textDocument/hover
1823
- render a referenced service's YAML content as a hover ([#157](https://github.com/docker/docker-language-server/issues/157))
24+
- Bake
25+
- textDocument/publishDiagnostics
26+
- support filtering vulnerability diagnostics with an experimental setting ([#192](https://github.com/docker/docker-language-server/issues/192))
1927

2028
### Fixed
2129

e2e-tests/hover_test.go

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,20 @@ func HandleConfiguration(t *testing.T, conn *jsonrpc2.Conn, request *jsonrpc2.Re
1919
require.NoError(t, err)
2020
configurations := []configuration.Configuration{}
2121
for range configurationParams.Items {
22-
configurations = append(configurations, configuration.Configuration{Experimental: configuration.Experimental{VulnerabilityScanning: scanning}})
22+
configurations = append(
23+
configurations,
24+
configuration.Configuration{
25+
Experimental: configuration.Experimental{
26+
VulnerabilityScanning: scanning,
27+
Scout: configuration.Scout{
28+
CriticalHighVulnerabilities: true,
29+
NotPinnedDigest: true,
30+
RecommendedTag: true,
31+
Vulnerabilites: true,
32+
},
33+
},
34+
},
35+
)
2336
}
2437
require.NoError(t, conn.Reply(context.Background(), request.ID, configurations))
2538
}

internal/bake/hcl/diagnosticsCollector.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -147,7 +147,7 @@ func (c *BakeHCLDiagnosticsCollector) CollectDiagnostics(source, workspaceFolder
147147
if templateExpr.IsStringLiteral() {
148148
value, _ := templateExpr.Value(&hcl.EvalContext{})
149149
target := value.AsString()
150-
imageDiagnostics, err := c.scout.Analyze(target)
150+
imageDiagnostics, err := c.scout.Analyze(protocol.DocumentUri(doc.URI()), target)
151151
if err == nil {
152152
for _, diagnostic := range imageDiagnostics {
153153
if diagnostic.Kind == "critical_high_vulnerabilities" || diagnostic.Kind == "vulnerabilities" {

internal/configuration/configuration.go

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,15 @@ type Configuration struct {
2626
type Experimental struct {
2727
// docker.lsp.experimental.vulnerabilityScanning
2828
VulnerabilityScanning bool `json:"vulnerabilityScanning"`
29+
// docker.lsp.experimental.scout
30+
Scout Scout `json:"scout"`
31+
}
32+
33+
type Scout struct {
34+
CriticalHighVulnerabilities bool `json:"criticalHighVulnerabilities"`
35+
NotPinnedDigest bool `json:"notPinnedDigest"`
36+
RecommendedTag bool `json:"recommendedTag"`
37+
Vulnerabilites bool `json:"vulnerabilites"`
2938
}
3039

3140
var configurations = make(map[protocol.DocumentUri]Configuration)
@@ -34,6 +43,12 @@ var defaultConfiguration = Configuration{
3443
Telemetry: TelemetrySettingAll,
3544
Experimental: Experimental{
3645
VulnerabilityScanning: true,
46+
Scout: Scout{
47+
CriticalHighVulnerabilities: true,
48+
NotPinnedDigest: true,
49+
RecommendedTag: true,
50+
Vulnerabilites: true,
51+
},
3752
},
3853
}
3954

internal/pkg/server/hover.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ func (s *Server) TextDocumentHover(ctx *glsp.Context, params *protocol.HoverPara
2929
if ok {
3030
instruction := dockerfileDocument.Instruction(params.Position)
3131
if instruction != nil && strings.EqualFold(instruction.Value, "FROM") && instruction.Next != nil {
32-
return s.scoutService.Hover(ctx.Context, instruction.Next.Value)
32+
return s.scoutService.Hover(ctx.Context, params.TextDocument.URI, instruction.Next.Value)
3333
}
3434
return nil, nil
3535
}

internal/scout/service.go

Lines changed: 50 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -14,8 +14,8 @@ import (
1414

1515
type Service interface {
1616
textdocument.DiagnosticsCollector
17-
Analyze(image string) ([]Diagnostic, error)
18-
Hover(ctx context.Context, image string) (*protocol.Hover, error)
17+
Analyze(documentURI protocol.DocumentUri, image string) ([]Diagnostic, error)
18+
Hover(ctx context.Context, documentURI protocol.DocumentUri, image string) (*protocol.Hover, error)
1919
}
2020

2121
type ServiceImpl struct {
@@ -29,11 +29,21 @@ func NewService() Service {
2929
}
3030
}
3131

32-
func (s *ServiceImpl) Hover(ctx context.Context, image string) (*protocol.Hover, error) {
32+
func (s *ServiceImpl) Hover(ctx context.Context, documentURI protocol.DocumentUri, image string) (*protocol.Hover, error) {
33+
config := configuration.Get(documentURI)
3334
resp, err := s.manager.Get(&ScoutImageKey{Image: image})
3435
if err == nil {
3536
hovers := []string{}
3637
for _, info := range resp.Infos {
38+
if !config.Experimental.Scout.CriticalHighVulnerabilities && info.Kind == "critical_high_vulnerabilities" {
39+
continue
40+
}
41+
if !config.Experimental.Scout.RecommendedTag && info.Kind == "recommended_tag" {
42+
continue
43+
}
44+
if !config.Experimental.Scout.Vulnerabilites && info.Kind == "vulnerabilities" {
45+
continue
46+
}
3747
hovers = append(hovers, info.Description.Markdown)
3848
}
3949

@@ -49,12 +59,34 @@ func (s *ServiceImpl) Hover(ctx context.Context, image string) (*protocol.Hover,
4959
return nil, err
5060
}
5161

52-
func (s *ServiceImpl) Analyze(image string) ([]Diagnostic, error) {
62+
func (s *ServiceImpl) Analyze(documentURI protocol.DocumentUri, image string) ([]Diagnostic, error) {
63+
config := configuration.Get(documentURI)
64+
if !config.Experimental.VulnerabilityScanning {
65+
return nil, nil
66+
}
67+
5368
resp, err := s.manager.Get(&ScoutImageKey{Image: image})
5469
if err != nil {
5570
return nil, err
5671
}
57-
return resp.Diagnostics, nil
72+
73+
diagnostics := make([]Diagnostic, len(resp.Diagnostics))
74+
for _, diagnostic := range resp.Diagnostics {
75+
if !config.Experimental.Scout.CriticalHighVulnerabilities && diagnostic.Kind == "critical_high_vulnerabilities" {
76+
continue
77+
}
78+
if !config.Experimental.Scout.NotPinnedDigest && diagnostic.Kind == "not_pinned_digest" {
79+
continue
80+
}
81+
if !config.Experimental.Scout.RecommendedTag && diagnostic.Kind == "recommended_tag" {
82+
continue
83+
}
84+
if !config.Experimental.Scout.Vulnerabilites && diagnostic.Kind == "vulnerabilities" {
85+
continue
86+
}
87+
diagnostics = append(diagnostics, diagnostic)
88+
}
89+
return diagnostics, nil
5890
}
5991

6092
func (s *ServiceImpl) CalculateDiagnostics(ctx context.Context, source string, doc document.Document) ([]protocol.Diagnostic, error) {
@@ -80,6 +112,19 @@ func (s *ServiceImpl) CalculateDiagnostics(ctx context.Context, source string, d
80112
}
81113

82114
for _, diagnostic := range resp.Diagnostics {
115+
if !config.Experimental.Scout.CriticalHighVulnerabilities && diagnostic.Kind == "critical_high_vulnerabilities" {
116+
continue
117+
}
118+
if !config.Experimental.Scout.NotPinnedDigest && diagnostic.Kind == "not_pinned_digest" {
119+
continue
120+
}
121+
if !config.Experimental.Scout.RecommendedTag && diagnostic.Kind == "recommended_tag" {
122+
continue
123+
}
124+
if !config.Experimental.Scout.Vulnerabilites && diagnostic.Kind == "vulnerabilities" {
125+
continue
126+
}
127+
83128
namedEdits := []types.NamedEdit{}
84129
for _, edit := range resp.Edits {
85130
if diagnostic.Kind == edit.Diagnostic {

0 commit comments

Comments
 (0)