chore: revert to single source

Signed-off-by: Ilona Shishov <[email protected]>

CHANGELOG.md

@@ -1,12 +1,10 @@
 # Change Log
 ## 0.8.0 (Dec 11th 2023)
 - informational - Service Preview release of Red Hat Dependency Analytics (RHDA) extension.
-- enhancement - Added support for the [Sonatype OSS Index](https://ossindex.sonatype.org/) service for gathering package vulnerability information.
 - enhancement - Added support for error observation by using Sentry.
 - enhancement - Support for more complex SPDX SBOM relationships
-- fixes - Fixed an issue when the OSS index has to aggregate an SBOM manifest containing more than 128 packages for analysis. See [PR#210](https://github.com/RHEcosystemAppEng/exhort/pull/210) for details.
 - fixes - Fixed an issue where unique Snyk vulnerability information was not being displayed in the Dependency Analytics report. See [PR#217](https://github.com/RHEcosystemAppEng/exhort/pull/217) for details.
-- fixes - Better valid and invalid token alert messages for the Snyk and the OSS Index vulnerability information providers. See [PR#218](https://github.com/RHEcosystemAppEng/exhort/pull/218) for details.
+- fixes - Better valid and invalid token alert messages for the Snyk vulnerability information provider. See [PR#218](https://github.com/RHEcosystemAppEng/exhort/pull/218) for details.
 - fixes - Fixed analysis report discrepancies between Red Hat Dependency Analytics and Snyk’s analytics. See [PR#219](https://github.com/RHEcosystemAppEng/exhort/pull/219) for details.
 - fixes - Fixed the Go and Python package links so they point to their specific package manager website.
 ## 0.7.3 (Nov 8th 2023)

README.md

@@ -63,14 +63,6 @@ Click the **Workspace** tab, search for the word _executable_, and specify the a
    4. Click the **Workspace** tab.
    5. Paste the Snyk token in the **Exhort Snyk Token** field.
    6. After adding your Snyk token, the vulnerability report gives you detailed information about security vulnerabilities unique to Snyk, and vulnerabilities that have publicly known exploits.
-8. (OPTIONAL) You can link your Sonatype OSS Index account to Red Hat Dependency Analytics by doing the following:
-   1. Sign in to your [Sonatype OSS Index account](https://ossindex.sonatype.org/user/signin).
-   2. Go to the **User Settings** page, and **copy your API Token**.
-   3. Open the Red Hat Dependency Analytics extension settings.
-   4. Click the **Workspace** tab.
-   5. Enter your username in the **Exhort OSSIndex User** field.
-   6. **Paste your API token** in the **Exhort OSSIndex Token** field.
-   7. After adding your Sonatype user and token, the vulnerability report gives you detailed information about security vulnerabilities unique to OSS Index.
 
 ## Configuration
 
@@ -99,16 +91,6 @@ If you enter a invalid Snyk token, a pop-up message alerts you that your Snyk to
 
 If you need a new Snyk token, you can generate a new token [here](https://app.snyk.io/login?utm_campaign=Code-Ready-Analytics-2020&utm_source=code_ready&code_ready=FF1B53D9-57BE-4613-96D7-1D06066C38C9).
 
-**Exhort OSS Index User and Token**
-<br >The Sonatype OSS Index username and token allows Exhort to authenticate with the OSS Index service to search for any known, and publicly disclosed security vulnerabilities.
-If a Sonatype OSS Index username and token are not provided, the OSS Index vulnerability information is not display.
-
-If you leave these fields blank, the following informational message is displayed.
-<br >![ Screenshot of the empty user and token dialog box ](images/screenshots/empty-user-and-token-oss-index.png)
-
-If you enter an invalid username or token, a pop-up message alerts you that your OSS Index token is invalid.
-<br >![ Screenshot of the invalid token dialog box ](images/screenshots/invalid-oss-index-token.png)
-
 **Red Hat Dependency Analytics Report File Path** :
 
 Specify the local path to create the Red Hat Dependency Analytics report file.
@@ -119,7 +101,7 @@ The default path is `/tmp/redhatDependencyAnalyticsReport.html`.
 - **Component analysis**
 	<br >Upon opening a manifest file, such as a `pom.xml`, `package.json`, `go.mod` or `requirements.txt` file, a scan starts the analysis process.
 	The scan provides immediate inline feedback on detected security vulnerabilities for your application's dependencies.
-	Such dependencies are appropriately underlined in red, and hovering over it gives you a short summary of the security concern from Snyk and the OSS Index.
+	Such dependencies are appropriately underlined in red, and hovering over it gives you a short summary of the security concern from Snyk.
 	The summary has the full package name, version number, the amount of known security vulnerabilities, and the highest severity status of said vulnerabilities.
 
 	**NOTE:** Add the `target` folder to your `.gitignore` file to exclude it from Git monitoring.

package.json

@@ -190,18 +190,6 @@
           "description": "Red Hat Dependency Analytics authentication token for Snyk.",
           "scope": "window"
         },
-        "redHatDependencyAnalytics.exhortOSSIndexUser": {
-          "type": "string",
-          "default": "",
-          "description": "Red Hat Dependency Analytics authentication username for OSS Index.",
-          "scope": "window"
-        },
-        "redHatDependencyAnalytics.exhortOSSIndexToken": {
-          "type": "string",
-          "default": "",
-          "description": "Red Hat Dependency Analytics authentication token for OSS Index.",
-          "scope": "window"
-        },
         "redHatDependencyAnalytics.matchManifestVersions": {
           "type": "boolean",
           "default": true,
@@ -296,7 +284,7 @@
     "webpack-cli": "^5.1.4"
   },
   "dependencies": {
-    "@fabric8-analytics/fabric8-analytics-lsp-server": "^0.8.1-ea.4",
+    "@fabric8-analytics/fabric8-analytics-lsp-server": "^0.8.1-ea.6",
     "@redhat-developer/vscode-redhat-telemetry": "^0.7.0",
     "@RHEcosystemAppEng/exhort-javascript-api": "^0.1.1-ea.4",
     "fs": "^0.0.1-security",

src/config.ts

@@ -15,8 +15,6 @@ class Config {
   triggerRHRepositoryRecommendationNotification: string;
   utmSource: string;
   exhortSnykToken: string;
-  exhortOSSIndexUser: string;
-  exhortOSSIndexToken: string;
   matchManifestVersions: string;
   exhortMvnPath: string;
   exhortNpmPath: string;
@@ -76,8 +74,6 @@ class Config {
     this.triggerRHRepositoryRecommendationNotification = commands.TRIGGER_REDHAT_REPOSITORY_RECOMMENDATION_NOTIFICATION;
     this.utmSource = GlobalState.UTM_SOURCE;
     this.exhortSnykToken = apiConfig.exhortSnykToken;
-    this.exhortOSSIndexUser = apiConfig.exhortOSSIndexUser;
-    this.exhortOSSIndexToken = apiConfig.exhortOSSIndexToken;
     this.matchManifestVersions = apiConfig.matchManifestVersions ? 'true' : 'false';
     this.rhdaReportFilePath = apiConfig.redHatDependencyAnalyticsReportFilePath;
     this.exhortMvnPath = this.getExecutableConfig(this.DEFAULT_MVN_EXECUTABLE);
@@ -98,8 +94,6 @@ class Config {
     process.env['VSCEXT_TRIGGER_REDHAT_REPOSITORY_RECOMMENDATION_NOTIFICATION'] = this.triggerRHRepositoryRecommendationNotification;
     process.env['VSCEXT_UTM_SOURCE'] = this.utmSource;
     process.env['VSCEXT_EXHORT_SNYK_TOKEN'] = this.exhortSnykToken;
-    process.env['VSCEXT_EXHORT_OSS_INDEX_USER'] = this.exhortOSSIndexUser;
-    process.env['VSCEXT_EXHORT_OSS_INDEX_TOKEN'] = this.exhortOSSIndexToken;
     process.env['VSCEXT_MATCH_MANIFEST_VERSIONS'] = this.matchManifestVersions;
     process.env['VSCEXT_EXHORT_MVN_PATH'] = this.exhortMvnPath;
     process.env['VSCEXT_EXHORT_NPM_PATH'] = this.exhortNpmPath;

src/constants.ts

@@ -14,7 +14,7 @@ export enum GlobalState {
 export enum StatusMessages {
   WIN_ANALYZING_DEPENDENCIES = 'Analyzing application dependencies...',
   WIN_GENERATING_DEPENDENCIES = 'Generating Red Hat Dependency Analytics report...',
-  WIN_SUCCESS_DEPENDENCY_ANALYSIS = 'Successfully generated Red Hat Dependency Analytics report...',
+  WIN_SUCCESS_DEPENDENCY_ANALYSIS = 'Successfully generated Red Hat Dependency Analytics report',
   WIN_FAILURE_DEPENDENCY_ANALYSIS = 'Unable to generate Red Hat Dependency Analytics report',
   WIN_SHOW_LOGS = 'No output channel has been created for Red Hat Dependency Analytics',
   NO_SUPPORTED_MANIFEST = 'No supported manifest file found to be analyzed.',
@@ -38,8 +38,6 @@ export const extensionQualifiedId = `redhat.${extensionId}`;
 export const registrationURL = 'https://app.snyk.io/signup/?utm_medium=Partner&utm_source=RedHat&utm_campaign=Code-Ready-Analytics-2020&utm_content=Register';
 // URL to Snyk webpage
 export const snykURL = 'https://app.snyk.io/login?utm_campaign=Code-Ready-Analytics-2020&utm_source=code_ready&code_ready=FF1B53D9-57BE-4613-96D7-1D06066C38C9';
-// URL to OSS Index webpage
-export const ossIndexURL = 'https://ossindex.sonatype.org/';
 // default Redhat Dependency Analytics report file path
 export const defaultRhdaReportFilePath = '/tmp/redhatDependencyAnalyticsReport.html';
 // Red Hat GA Repository

src/extension.ts

@@ -18,7 +18,7 @@ import { caStatusBarProvider } from './caStatusBarProvider';
 import { CANotification } from './caNotification';
 import { DepOutputChannel } from './depOutputChannel';
 import { record, startUp, TelemetryActions } from './redhatTelemetry';
-import { validateSnykToken, validateOSSIndexToken } from './tokenValidation';
+import { validateSnykToken } from './tokenValidation';
 
 let lspClient: LanguageClient;
 
@@ -173,9 +173,6 @@ export function activate(context: vscode.ExtensionContext) {
     if (event.affectsConfiguration('redHatDependencyAnalytics.exhortSnykToken')) {
       validateSnykToken();
     }
-    if (event.affectsConfiguration('redHatDependencyAnalytics.exhortOSSIndexUser') || event.affectsConfiguration('redHatDependencyAnalytics.exhortOSSIndexToken')) {
-      validateOSSIndexToken();
-    }
   });
 }
 

src/stackAnalysis.ts

@@ -4,7 +4,7 @@ import * as vscode from 'vscode';
 import * as path from 'path';
 import * as fs from 'fs';
 
-import { defaultRhdaReportFilePath, StatusMessages, Titles } from './constants';
+import { StatusMessages, Titles } from './constants';
 import { stackAnalysisService } from './exhortServices';
 import { DependencyReportPanel } from './dependencyReportPanel';
 import { globalConfig } from './config';
@@ -33,7 +33,7 @@ function updateWebviewPanel(data) {
  */
 function writeReportToFile(data) {
   return new Promise<void>((resolve, reject) => {
-    const reportFilePath = globalConfig.rhdaReportFilePath || defaultRhdaReportFilePath;
+    const reportFilePath = globalConfig.rhdaReportFilePath;
     const reportDirectoryPath = path.dirname(reportFilePath);
 
     if (!fs.existsSync(reportDirectoryPath)) {
@@ -53,73 +53,60 @@ function writeReportToFile(data) {
 /**
  * Executes the RHDA stack analysis process.
  * @param manifestFilePath The file path to the manifest file for analysis.
- * @returns A Promise that resolves once the stack analysis is complete.
+ * @returns The stack analysis response string.
  */
-async function executeStackAnalysis(manifestFilePath) {
+async function executeStackAnalysis(manifestFilePath): Promise<string> {
   try {
-    await vscode.window.withProgress({ location: vscode.ProgressLocation.Window, title: Titles.EXT_TITLE }, async p => {
-      return new Promise<void>(async (resolve, reject) => {
-        try {
-          p.report({
-            message: StatusMessages.WIN_ANALYZING_DEPENDENCIES
-          });
+    return await vscode.window.withProgress({ location: vscode.ProgressLocation.Window, title: Titles.EXT_TITLE }, async p => {
+      return new Promise<string>(async (resolve, reject) => {
+        p.report({
+          message: StatusMessages.WIN_ANALYZING_DEPENDENCIES
+        });
+
+        // set up configuration options for the stack analysis request
+        const options = {
+          'RHDA_TOKEN': globalConfig.telemetryId,
+          'RHDA_SOURCE': globalConfig.utmSource,
+          'MATCH_MANIFEST_VERSIONS': globalConfig.matchManifestVersions,
+          'EXHORT_MVN_PATH': globalConfig.exhortMvnPath,
+          'EXHORT_NPM_PATH': globalConfig.exhortNpmPath,
+          'EXHORT_GO_PATH': globalConfig.exhortGoPath,
+          'EXHORT_PYTHON3_PATH': globalConfig.exhortPython3Path,
+          'EXHORT_PIP3_PATH': globalConfig.exhortPip3Path,
+          'EXHORT_PYTHON_PATH': globalConfig.exhortPythonPath,
+          'EXHORT_PIP_PATH': globalConfig.exhortPipPath
+        };
+
+        if (globalConfig.exhortSnykToken !== '') {
+          options['EXHORT_SNYK_TOKEN'] = globalConfig.exhortSnykToken;
+        }
 
-          // set up configuration options for the stack analysis request
-          const options = {
-            'RHDA_TOKEN': globalConfig.telemetryId,
-            'RHDA_SOURCE': globalConfig.utmSource,
-            'MATCH_MANIFEST_VERSIONS': globalConfig.matchManifestVersions,
-            'EXHORT_MVN_PATH': globalConfig.exhortMvnPath,
-            'EXHORT_NPM_PATH': globalConfig.exhortNpmPath,
-            'EXHORT_GO_PATH': globalConfig.exhortGoPath,
-            'EXHORT_PYTHON3_PATH': globalConfig.exhortPython3Path,
-            'EXHORT_PIP3_PATH': globalConfig.exhortPip3Path,
-            'EXHORT_PYTHON_PATH': globalConfig.exhortPythonPath,
-            'EXHORT_PIP_PATH': globalConfig.exhortPipPath
-          };
-
-          if (globalConfig.exhortSnykToken !== '') {
-            options['EXHORT_SNYK_TOKEN'] = globalConfig.exhortSnykToken;
-          }
-
-          if (globalConfig.exhortOSSIndexUser !== '' && globalConfig.exhortOSSIndexToken !== '') {
-            options['EXHORT_OSS_INDEX_USER'] = globalConfig.exhortOSSIndexUser;
-            options['EXHORT_OSS_INDEX_TOKEN'] = globalConfig.exhortOSSIndexToken;
-          }
-
-          // execute stack analysis
-          await stackAnalysisService(manifestFilePath, options)
-            .then(async (resp) => {
-              p.report({
-                message: StatusMessages.WIN_GENERATING_DEPENDENCIES
-              });
-
-              await writeReportToFile(resp);
-              updateWebviewPanel(resp);
-
-              p.report({
-                message: StatusMessages.WIN_SUCCESS_DEPENDENCY_ANALYSIS
-              });
-
-              resolve();
-            })
-            .catch(err => {
-              p.report({
-                message: StatusMessages.WIN_FAILURE_DEPENDENCY_ANALYSIS
-              });
-
-              reject(err);
+        // execute stack analysis
+        await stackAnalysisService(manifestFilePath, options)
+          .then(async (resp) => {
+            p.report({
+              message: StatusMessages.WIN_GENERATING_DEPENDENCIES
             });
-        } catch (err) {
-          p.report({
-            message: StatusMessages.WIN_ANALYZING_DEPENDENCIES
-          });
 
-          reject(err);
-        }
+            updateWebviewPanel(resp);
+
+            p.report({
+              message: StatusMessages.WIN_SUCCESS_DEPENDENCY_ANALYSIS
+            });
+
+            resolve(resp);
+          })
+          .catch(err => {
+            p.report({
+              message: StatusMessages.WIN_FAILURE_DEPENDENCY_ANALYSIS
+            });
+
+            reject(err);
+          });
       });
     });
   } catch (err) {
+    updateWebviewPanel('error');
     throw (err);
   }
 }
@@ -145,10 +132,12 @@ async function generateRHDAReport(context, uri) {
     try {
 
       await triggerWebviewPanel(context);
-      await executeStackAnalysis(uri.fsPath);
+      const resp = await executeStackAnalysis(uri.fsPath);
+      if (DependencyReportPanel.currentPanel) {
+        await writeReportToFile(resp);
+      }
 
     } catch (error) {
-      updateWebviewPanel('error');
       throw (error);
     }
   } else {

src/tokenValidation.ts

@@ -3,7 +3,7 @@
 import * as vscode from 'vscode';
 
 import { globalConfig } from './config';
-import { snykURL, ossIndexURL } from './constants';
+import { snykURL } from './constants';
 import { tokenValidationService } from './exhortServices';
 
 /**
@@ -32,40 +32,4 @@ async function validateSnykToken() {
     }
 }
 
-/**
- * Validates the OSS Index credentials using the Exhort token validation service.
- * @returns A Promise that resolves when credentials have been validated.
- */
-async function validateOSSIndexToken() {
-    if (globalConfig.exhortOSSIndexUser !== '' && globalConfig.exhortOSSIndexToken !== '') {
-
-        // set up configuration options for the token validation request
-        const options = {
-            'RHDA_TOKEN': globalConfig.telemetryId,
-            'RHDA_SOURCE': globalConfig.utmSource,
-            'EXHORT_OSS_INDEX_USER': globalConfig.exhortOSSIndexUser,
-            'EXHORT_OSS_INDEX_TOKEN': globalConfig.exhortOSSIndexToken
-        };
-
-        // execute token validation
-        tokenValidationService(options, 'OSS Index');
-
-    } else {
-        let msg: string = '';
-
-        if (globalConfig.exhortOSSIndexUser === '') {
-            msg += 'OSS Index username has not been provided. ';
-        }
-        if (globalConfig.exhortOSSIndexToken === '') {
-            msg = msg ? 'OSS Index username and token have not been provided. ' : 'OSS Index token has not been provided. ';
-        }
-
-        msg += `Please note that if you fail to provide valid OSS Index credentials in the extension workspace settings, 
-        OSS Index vulnerabilities will not be displayed. 
-        To resolve this issue, please register and obtain valid credentials from the following link: [here](${ossIndexURL}).`;
-
-        vscode.window.showInformationMessage(msg);
-    }
-}
-
-export { validateSnykToken, validateOSSIndexToken };
+export { validateSnykToken };

test/config.test.ts

@@ -28,8 +28,6 @@ suite('Config module', () => {
     expect(globalConfig.triggerRHRepositoryRecommendationNotification).to.eq(commands.TRIGGER_REDHAT_REPOSITORY_RECOMMENDATION_NOTIFICATION);
     expect(globalConfig.utmSource).to.eq(GlobalState.UTM_SOURCE);
     expect(globalConfig.exhortSnykToken).to.eq('');
-    expect(globalConfig.exhortOSSIndexUser).to.eq('');
-    expect(globalConfig.exhortOSSIndexToken).to.eq('');
     expect(globalConfig.matchManifestVersions).to.eq('true');
     expect(globalConfig.rhdaReportFilePath).to.eq('/tmp/redhatDependencyAnalyticsReport.html');
     expect(globalConfig.exhortMvnPath).to.eq('mvn');
@@ -44,8 +42,6 @@ suite('Config module', () => {
     expect(process.env['VSCEXT_TRIGGER_REDHAT_REPOSITORY_RECOMMENDATION_NOTIFICATION']).to.eq(commands.TRIGGER_REDHAT_REPOSITORY_RECOMMENDATION_NOTIFICATION);
     expect(process.env['VSCEXT_UTM_SOURCE']).to.eq(GlobalState.UTM_SOURCE);
     expect(process.env['VSCEXT_EXHORT_SNYK_TOKEN']).to.eq('');
-    expect(process.env['VSCEXT_EXHORT_OSS_INDEX_USER']).to.eq('');
-    expect(process.env['VSCEXT_EXHORT_OSS_INDEX_TOKEN']).to.eq('');
     expect(process.env['VSCEXT_MATCH_MANIFEST_VERSIONS']).to.eq('true');
     expect(process.env['VSCEXT_EXHORT_MVN_PATH']).to.eq('mvn');
     expect(process.env['VSCEXT_EXHORT_NPM_PATH']).to.eq('npm');