chore: remove JS lib in HTML scanning [IDE-1179] (#635)

This feature was deprecated.

Author: rrama

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ## [2.23.0]
 - Removed Snyk Code Quality feature. All related settings, configurations, and UI elements have been removed.
+- Removed scanning for vulnerabilities in JavaScript libraries referenced via CDN in HTML files.
 
 ## [2.22.0]
 - Support early access of Ignores Approval Workflow

media/images/readme/oss-editor-html.png

@@ -557,7 +557,6 @@
     "axios": "^1.8.3",
     "glob": "^9.3.5",
     "he": "^1.2.0",
-    "htmlparser2": "^7.2.0",
     "http-proxy-agent": "^5.0.0",
     "https-proxy-agent": "^5.0.0",
     "lodash": "^4.17.21",

package-lock.json

@@ -1,9 +1,7 @@
 export const TYPESCRIPT_FILE_REGEX = new RegExp('\\.tsx?$');
 export const JAVASCRIPT_FILE_REGEX = new RegExp('\\.jsx?$');
-export const HTML_FILE_REGEX = new RegExp('\\.html?$');
 export const TYPESCRIPT = 'typescript';
 export const TYPESCRIPT_REACT = 'typescriptreact';
 export const JAVASCRIPT = 'javascript';
 export const JAVASCRIPT_REACT = 'javascriptreact';
-export const HTML = 'html';
 export const PJSON = 'json';

package.json

@@ -1,7 +1,5 @@
 import npmValidPackageName from 'validate-npm-package-name';
 import {
-  HTML,
-  HTML_FILE_REGEX,
   JAVASCRIPT,
   JAVASCRIPT_FILE_REGEX,
   JAVASCRIPT_REACT,
@@ -18,8 +16,6 @@ export function getSupportedLanguage(fileName: string, languageId: string): Lang
     return Language.TypeScript;
   } else if (languageId === JAVASCRIPT || languageId === JAVASCRIPT_REACT || JAVASCRIPT_FILE_REGEX.test(fileName)) {
     return Language.JavaScript;
-  } else if (languageId === HTML || HTML_FILE_REGEX.test(fileName)) {
-    return Language.HTML;
   } else if (languageId === PJSON && fileName.endsWith('package.json')) {
     return Language.PJSON;
   }

src/snyk/common/constants/languageConsts.ts

@@ -1,5 +1,4 @@
 import { BabelParser } from '../../snykOss/services/vulnerabilityCount/parsers/babelParser';
-import { HtmlParser } from '../../snykOss/services/vulnerabilityCount/parsers/htmlParser';
 import { ModuleParser } from '../../snykOss/services/vulnerabilityCount/parsers/moduleParser';
 import { PackageJsonParser } from '../../snykOss/services/vulnerabilityCount/parsers/packageJsonParser';
 import { IConfiguration } from '../configuration/configuration';
@@ -13,8 +12,6 @@ export class ModuleParserProvider {
     } else if (language === Language.PJSON) {
       const cliParameters = configuration.getAdditionalCliParameters();
       return new PackageJsonParser(logger, cliParameters);
-    } else if (language === Language.HTML) {
-      return new HtmlParser();
     }
 
     return undefined;

src/snyk/common/parsing.ts

@@ -1,9 +1,8 @@
-import { JAVASCRIPT, TYPESCRIPT, HTML, PJSON } from './constants/languageConsts';
+import { JAVASCRIPT, TYPESCRIPT, PJSON } from './constants/languageConsts';
 
 export enum Language {
   TypeScript,
   JavaScript,
-  HTML,
   PJSON,
 }
 export type OssRange = {
@@ -31,8 +30,6 @@ export function languageToString(language: Language): string {
       return TYPESCRIPT;
     case Language.JavaScript:
       return JAVASCRIPT;
-    case Language.HTML:
-      return HTML;
     case Language.PJSON:
       return PJSON;
   }

src/snyk/common/services/moduleParserProvider.ts

@@ -31,7 +31,7 @@ export class OssVulnerabilityCountProvider {
       hasCount: false,
     };
 
-    const processFile = [Language.TypeScript, Language.JavaScript, Language.PJSON, Language.HTML].includes(language);
+    const processFile = [Language.TypeScript, Language.JavaScript, Language.PJSON].includes(language);
     if (processFile) {
       const uri = this.uriAdapter.file(fileName).toString();
       const doc: LSPTextDocument = this.textDocumentAdapter.create(uri, languageToString(language), 1, '');

src/snyk/common/types.ts

@@ -6,7 +6,6 @@ import { ModuleParserProvider } from '../../../common/services/moduleParserProvi
 import { Language } from '../../../common/types';
 import { IVSCodeLanguages } from '../../../common/vscode/languages';
 import {
-  Diagnostic,
   DiagnosticCollection,
   Disposable,
   TextDocument,
@@ -19,7 +18,7 @@ import { DIAGNOSTICS_OSS_COLLECTION_NAME } from '../../../snykCode/constants/ana
 import { EditorDecorator } from '../../editor/editorDecorator';
 import { OssService } from '../../ossService';
 import { OssVulnerabilityCountProvider } from '../../providers/ossVulnerabilityCountProvider';
-import { ImportedModule, ModuleVulnerabilityCount, ModuleVulnerabilityCountSeverity } from './importedModule';
+import { ImportedModule, ModuleVulnerabilityCount } from './importedModule';
 import { VulnerabilityCountEmitter, VulnerabilityCountEvents } from './vulnerabilityCountEmitter';
 
 export class OssVulnerabilityCountService implements Disposable {
@@ -120,52 +119,13 @@ export class OssVulnerabilityCountService implements Disposable {
 
     emitter.on(VulnerabilityCountEvents.Done, (modules: ModuleVulnerabilityCount[]) => {
       this.editorDecorator.setScanDoneDecorations(fileName, modules);
-      // TODO: delete this and related code if we move HTML diagnostics to Language Server
-      // Update diagnostics only for HTML files; for other files, diagnostics are provided by Language Server
-      if (getSupportedLanguage(fileName, languageId) === Language.HTML) {
-        this.updateDiagnostics(document, modules);
-      }
     });
 
     // Start
     void this.getImportedModules(fileName, document.getText(), supportedLanguage, emitter);
     return true;
   }
 
-  private updateDiagnostics(document: TextDocument, modules: ModuleVulnerabilityCount[]): void {
-    if (!this.diagnostics) {
-      return;
-    }
-
-    const diagnostics: Diagnostic[] = [];
-    for (const module of modules) {
-      if (!module.hasCount || !module.range) {
-        continue;
-      }
-
-      const diagnosticMessage = this.getDiagnosticMessage(module);
-      if (!diagnosticMessage.length) {
-        continue;
-      }
-
-      const range = this.languages.createRange(
-        module.range.start.line - 1,
-        module.range.start.column,
-        module.range.end.line - 1,
-        module.range.end.column,
-      );
-
-      const diagnostic = this.languages.createDiagnostic(range, diagnosticMessage, 1); // Warning severity
-      diagnostics.push({
-        ...diagnostic,
-        source: DIAGNOSTICS_OSS_COLLECTION_NAME,
-        code: module.mostSevereVulnerabilityId,
-      });
-    }
-
-    this.diagnostics.set(document.uri, diagnostics);
-  }
-
   private shouldProcessFile(fileName: string, language: Language): boolean {
     if ([Language.TypeScript, Language.JavaScript, Language.PJSON].includes(language)) {
       const ossResult = this.vulnerabilityCountProvider.getResultArray();
@@ -215,41 +175,4 @@ export class OssVulnerabilityCountService implements Disposable {
 
     return parser.getModules(fileName, source, language);
   }
-
-  private getDiagnosticMessage(module: ModuleVulnerabilityCount): string {
-    if (!module.count) {
-      return '';
-    }
-
-    let message = `Dependency ${module.name}${module.version ? `@${module.version}` : ''} has `;
-    message += this.getSeverityCountMessage(
-      [
-        ModuleVulnerabilityCountSeverity.Critical,
-        ModuleVulnerabilityCountSeverity.High,
-        ModuleVulnerabilityCountSeverity.Medium,
-        ModuleVulnerabilityCountSeverity.Low,
-      ],
-      module,
-    );
-
-    return message;
-  }
-
-  private getSeverityCountMessage(
-    severities: ModuleVulnerabilityCountSeverity[],
-    module: ModuleVulnerabilityCount,
-  ): string {
-    if (!module.severityCounts) {
-      return module.count ? module.count : '';
-    }
-
-    const content: string[] = [];
-    for (const severity of severities) {
-      if (module.severityCounts[severity] > 0) {
-        content.push(`${module.severityCounts[severity]} ${severity}`);
-      }
-    }
-
-    return content.join(', ');
-  }
 }