create oidc token provider to pass down token to exhort-javascript-api

Author: Strum355

src/dependencyAnalysis/analysis.ts

@@ -4,7 +4,8 @@
  * ------------------------------------------------------------------------------------------ */
 'use strict';
 
-import exhort from '@trustification/exhort-javascript-api';
+
+import exhort, { Options } from '@trustification/exhort-javascript-api';
 import { AnalysisReport } from '@trustification/exhort-api-spec/model/v4/AnalysisReport';
 
 import { globalConfig } from '../config';
@@ -15,6 +16,7 @@ import { notifications, outputChannelDep } from '../extension';
 import { Source } from '@trustification/exhort-api-spec/model/v4/Source';
 import { DependencyReport } from '@trustification/exhort-api-spec/model/v4/DependencyReport';
 import { Issue } from '@trustification/exhort-api-spec/model/v4/Issue';
+import { TokenProvider } from '../tokenProvider';
 
 /**
  * Represents a source object with an ID and dependencies array.
@@ -146,11 +148,12 @@ class AnalysisResponse implements IAnalysisResponse {
  * @param provider - The dependency provider of the corresponding ecosystem.
  * @returns A Promise resolving to an AnalysisResponse object.
  */
-async function executeComponentAnalysis(diagnosticFilePath: Uri, provider: IDependencyProvider): Promise<AnalysisResponse> {
+async function executeComponentAnalysis(tokenProvider: TokenProvider, diagnosticFilePath: Uri, provider: IDependencyProvider): Promise<AnalysisResponse> {
 
   // Define configuration options for the component analysis request
-  const options = {
-    'RHDA_TOKEN': globalConfig.telemetryId,
+  const options: Options = {
+    'RHDA_TOKEN': await tokenProvider.getToken() ?? '',
+    'RHDA_TELEMETRY_ID': globalConfig.telemetryId,
     'RHDA_SOURCE': globalConfig.utmSource,
     'MATCH_MANIFEST_VERSIONS': globalConfig.matchManifestVersions,
     'EXHORT_PROXY_URL': globalConfig.exhortProxyUrl,

src/dependencyAnalysis/diagnostics.ts

@@ -15,6 +15,7 @@ import { AbstractDiagnosticsPipeline } from '../diagnosticsPipeline';
 import { Diagnostic, DiagnosticSeverity, Uri } from 'vscode';
 import { notifications, outputChannelDep } from '../extension';
 import { globalConfig } from '../config';
+import { TokenProvider } from '../tokenProvider';
 
 /**
  * Implementation of DiagnosticsPipeline interface.
@@ -95,7 +96,7 @@ class DiagnosticsPipeline extends AbstractDiagnosticsPipeline<DependencyData> {
  * @param provider - The dependency provider of the corresponding ecosystem.
  * @returns A Promise that resolves when diagnostics are completed.
  */
-async function performDiagnostics(diagnosticFilePath: Uri, contents: string, provider: IDependencyProvider) {
+async function performDiagnostics(tokenProvider: TokenProvider, diagnosticFilePath: Uri, contents: string, provider: IDependencyProvider) {
   try {
     const dependencies = provider.collect(contents);
     const ecosystem = provider.getEcosystem();
@@ -104,7 +105,7 @@ async function performDiagnostics(diagnosticFilePath: Uri, contents: string, pro
     const diagnosticsPipeline = new DiagnosticsPipeline(dependencyMap, diagnosticFilePath);
     diagnosticsPipeline.clearDiagnostics();
 
-    const response = await executeComponentAnalysis(diagnosticFilePath, provider);
+    const response = await executeComponentAnalysis(tokenProvider, diagnosticFilePath, provider);
 
     clearCodeActionsMap(diagnosticFilePath);
 

src/exhortServices.ts

@@ -50,7 +50,7 @@ function parseImageReference(image: IImageRef, options: IOptions): ImageRef {
  * @param source The source for which the token is being validated.
  * @returns A promise resolving after validating the token.
  */
-async function tokenValidationService(options: { [key: string]: string }, source: string): Promise<string | undefined> {
+async function tokenValidationService(options: Options, source: string): Promise<string | undefined> {
   try {
     // Get token validation status code
     const response = await exhort.validateToken(options);

src/extension.ts

@@ -22,14 +22,13 @@ import { LLMAnalysisReportPanel } from './llmAnalysisReportPanel';
 import CliTable3 = require('cli-table3');
 import { Language, Parser, Query } from 'web-tree-sitter';
 import { getValidAccessToken, performOIDCAuthorizationFlow } from './oidcAuthentication';
+import { TokenProvider, VSCodeTokenProvider } from './tokenProvider';
 
 export let outputChannelDep: DepOutputChannel;
 
 export const notifications = new EventEmitter();
 
-
-
-async function enableExtensionFeatures(context: vscode.ExtensionContext): Promise<void> {
+async function enableExtensionFeatures(context: vscode.ExtensionContext, tokenProvider: TokenProvider): Promise<void> {
   outputChannelDep.info('Initializing RHDA analysis features');
 
   context.subscriptions.push(vscode.languages.registerCodeActionsProvider('*', new class implements vscode.CodeActionProvider {
@@ -38,7 +37,7 @@ async function enableExtensionFeatures(context: vscode.ExtensionContext): Promis
     }
   }()));
 
-  const fileHandler = new AnalysisMatcher();
+  const fileHandler = new AnalysisMatcher(tokenProvider);
   context.subscriptions.push(vscode.workspace.onDidSaveTextDocument((doc) => fileHandler.handle(doc, outputChannelDep)));
   // Anecdotaly, some extension(s) may cause did-open events for files that aren't actually open in the editor,
   // so this will trigger CA for files not actually open.
@@ -254,7 +253,7 @@ async function enableExtensionFeatures(context: vscode.ExtensionContext): Promis
         record(context, TelemetryActions.componentAnalysisVulnerabilityReportQuickfixOption, { manifest: fileName, fileName: fileName });
       }
       try {
-        await generateRHDAReport(context, fspath, outputChannelDep);
+        await generateRHDAReport(context, tokenProvider, fspath, outputChannelDep);
         record(context, TelemetryActions.vulnerabilityReportDone, { manifest: fileName, fileName: fileName });
       } catch (error) {
         // TODO: dont show raw message
@@ -291,7 +290,7 @@ async function enableExtensionFeatures(context: vscode.ExtensionContext): Promis
     }
   );
 
-  registerStackAnalysisCommands(context);
+  registerStackAnalysisCommands(context, tokenProvider);
 
   const showVulnerabilityFoundPrompt = async (msg: string, filePath: vscode.Uri) => {
     const fileName = path.basename(filePath.fsPath);
@@ -348,14 +347,16 @@ async function enableExtensionFeatures(context: vscode.ExtensionContext): Promis
 /**
  * Main activation function - checks authentication and conditionally enables features
  */
-export async function activate(context: vscode.ExtensionContext) {
+export async function activate(context: vscode.ExtensionContext): Promise<vscode.ExtensionContext> {
   outputChannelDep = new DepOutputChannel();
   outputChannelDep.info(`starting RHDA extension ${context.extension.packageJSON['version']}`);
 
   globalConfig.linkToSecretStorage(context);
 
   initTelemetry(context);
 
+  const tokenProvider = new VSCodeTokenProvider(context);
+
   // Register authentication command (always available)
   const authenticateCommand = vscode.commands.registerCommand('rhda.authenticate', async () => {
     const existingToken = await getValidAccessToken(context);
@@ -400,7 +401,9 @@ export async function activate(context: vscode.ExtensionContext) {
     });
   }
 
-  await enableExtensionFeatures(context);
+  await enableExtensionFeatures(context, tokenProvider);
+
+  return context;
 }
 
 /**
@@ -461,12 +464,12 @@ function showRHRepositoryRecommendationNotification() {
  * Registers stack analysis commands to track RHDA report generations.
  * @param context - The extension context.
  */
-function registerStackAnalysisCommands(context: vscode.ExtensionContext) {
+function registerStackAnalysisCommands(context: vscode.ExtensionContext, tokenProvider: TokenProvider) {
 
   const invokeFullStackReport = async (filePath: string) => {
     const fileName = path.basename(filePath);
     try {
-      await generateRHDAReport(context, filePath, outputChannelDep);
+      await generateRHDAReport(context, tokenProvider, filePath, outputChannelDep);
       record(context, TelemetryActions.vulnerabilityReportDone, { manifest: fileName, fileName: fileName });
     } catch (error) {
       const message = applySettingNameMappings((error as Error).message);

src/fileHandler.ts

@@ -10,37 +10,44 @@ import { DependencyProvider as BuildGradle } from './providers/build.gradle';
 import { ImageProvider as Docker } from './providers/docker';
 import { globalConfig } from './config';
 import { DepOutputChannel } from './depOutputChannel';
+import { TokenProvider } from './tokenProvider';
 
 export class AnalysisMatcher {
+  tokenProvider: TokenProvider;
+
+  constructor(tokenProvider: TokenProvider) {
+    this.tokenProvider = tokenProvider;
+  }
+
   matchers: Array<{ scheme: string, pattern: RegExp, callback: (path: Uri, contents: string) => Promise<void> }> = [
     {
       scheme: 'file', pattern: new RegExp('^package\\.json$'), callback: (path: Uri, contents: string) => {
-        return dependencyDiagnostics.performDiagnostics(path, contents, new PackageJson());
+        return dependencyDiagnostics.performDiagnostics(this.tokenProvider, path, contents, new PackageJson());
       }
     },
     {
       scheme: 'file', pattern: new RegExp('^pom\\.xml$'), callback: (path: Uri, contents: string) => {
-        return dependencyDiagnostics.performDiagnostics(path, contents, new PomXml());
+        return dependencyDiagnostics.performDiagnostics(this.tokenProvider, path, contents, new PomXml());
       }
     },
     {
       scheme: 'file', pattern: new RegExp('^go\\.mod$'), callback: (path: Uri, contents: string) => {
-        return dependencyDiagnostics.performDiagnostics(path, contents, new GoMod());
+        return dependencyDiagnostics.performDiagnostics(this.tokenProvider, path, contents, new GoMod());
       }
     },
     {
       scheme: 'file', pattern: new RegExp('^requirements\\.txt$'), callback: (path: Uri, contents: string) => {
-        return dependencyDiagnostics.performDiagnostics(path, contents, new RequirementsTxt());
+        return dependencyDiagnostics.performDiagnostics(this.tokenProvider, path, contents, new RequirementsTxt());
       }
     },
     {
       scheme: 'file', pattern: new RegExp('^build\\.gradle$'), callback: (path: Uri, contents: string) => {
-        return dependencyDiagnostics.performDiagnostics(path, contents, new BuildGradle());
+        return dependencyDiagnostics.performDiagnostics(this.tokenProvider, path, contents, new BuildGradle());
       }
     },
     {
       scheme: 'file', pattern: new RegExp('^(Dockerfile|Containerfile)$'), callback: (path: Uri, contents: string) => {
-        return imageDiagnostics.performDiagnostics(path, contents, new Docker());
+        return imageDiagnostics.performDiagnostics(this.tokenProvider, path, contents, new Docker());
       }
     }
   ];

src/imageAnalysis.ts

@@ -10,12 +10,14 @@ import { Options } from '@trustification/exhort-javascript-api';
 import { updateCurrentWebviewPanel } from './rhda';
 import { buildLogErrorMessage } from './utils';
 import { DepOutputChannel } from './depOutputChannel';
+import { TokenProvider } from './tokenProvider';
 
 /**
  * Represents options for image analysis.
  */
 interface IOptions extends Options {
   RHDA_TOKEN: string;
+  RHDA_TELEMETRY_ID: string;
   RHDA_SOURCE: string;
   EXHORT_SYFT_PATH: string;
   EXHORT_SYFT_CONFIG_PATH: string;
@@ -155,15 +157,16 @@ class DockerImageAnalysis {
   /**
    * Runs the image analysis process.
    */
-  public async runImageAnalysis() {
+  public async runImageAnalysis(tokenProvider: TokenProvider) {
     return await vscode.window.withProgress({ location: vscode.ProgressLocation.Window, title: Titles.EXT_TITLE }, async p => {
       p.report({ message: StatusMessages.WIN_ANALYZING_DEPENDENCIES });
 
       try {
         this.outputChannel.info(`generating image analysis report for "${this.filePath}"`);
 
         const options: IOptions = {
-          'RHDA_TOKEN': globalConfig.telemetryId ?? '',
+          'RHDA_TOKEN': await tokenProvider.getToken() ?? '',
+          'RHDA_TELEMETRY_ID': globalConfig.telemetryId ?? '',
           'RHDA_SOURCE': globalConfig.utmSource,
           'EXHORT_SYFT_PATH': globalConfig.exhortSyftPath,
           'EXHORT_SYFT_CONFIG_PATH': globalConfig.exhortSyftConfigPath,
@@ -204,9 +207,9 @@ class DockerImageAnalysis {
  * @param filePath - The path to the image file to analyze.
  * @returns A Promise resolving to an Analysis Report HTML.
  */
-async function executeDockerImageAnalysis(filePath: string, outputChannel: DepOutputChannel): Promise<string> {
+async function executeDockerImageAnalysis(tokenProvider: TokenProvider, filePath: string, outputChannel: DepOutputChannel): Promise<string> {
   const dockerImageAnalysis = new DockerImageAnalysis(filePath, outputChannel);
-  await dockerImageAnalysis.runImageAnalysis();
+  await dockerImageAnalysis.runImageAnalysis(tokenProvider);
   return dockerImageAnalysis.imageAnalysisReportHtml;
 }
 

src/imageAnalysis/diagnostics.ts

@@ -14,6 +14,7 @@ import { Diagnostic, DiagnosticSeverity, Uri } from 'vscode';
 import { notifications, outputChannelDep } from '../extension';
 import { globalConfig } from '../config';
 import { type IOptions } from '../imageAnalysis';
+import { TokenProvider } from '../tokenProvider';
 
 /**
  * Implementation of DiagnosticsPipeline interface.
@@ -88,10 +89,11 @@ class DiagnosticsPipeline extends AbstractDiagnosticsPipeline<ImageData> {
  * @param provider - The image provider of the corresponding ecosystem.
  * @returns A Promise that resolves when diagnostics are completed.
  */
-async function performDiagnostics(diagnosticFilePath: Uri, contents: string, provider: IImageProvider) {
+async function performDiagnostics(tokenProvider: TokenProvider, diagnosticFilePath: Uri, contents: string, provider: IImageProvider) {
   try {
     const options: IOptions = {
-      'RHDA_TOKEN': globalConfig.telemetryId ?? '',
+      'RHDA_TOKEN': await tokenProvider.getToken() ?? '',
+      'RHDA_TELEMETRY_ID': globalConfig.telemetryId ?? '',
       'RHDA_SOURCE': globalConfig.utmSource,
       'EXHORT_SYFT_PATH': globalConfig.exhortSyftPath,
       'EXHORT_SYFT_CONFIG_PATH': globalConfig.exhortSyftConfigPath,

src/oidcAuthentication.ts

@@ -5,7 +5,6 @@ import { outputChannelDep } from './extension';
 import { record, TelemetryActions } from './redhatTelemetry';
 import { caStatusBarProvider } from './caStatusBarProvider';
 
-
 // OIDC flow state storage
 interface OIDCFlowState {
   codeVerifier: string;

src/rhda.ts

@@ -9,6 +9,7 @@ import { DependencyReportPanel } from './dependencyReportPanel';
 import { globalConfig } from './config';
 import { executeDockerImageAnalysis } from './imageAnalysis';
 import { DepOutputChannel } from './depOutputChannel';
+import { TokenProvider } from './tokenProvider';
 
 /**
  * Represents supported file types for analysis.
@@ -97,15 +98,15 @@ async function writeReportToFile(data: string) {
  * @param filePath The path of the file for analysis.
  * @returns A promise that resolves once the report generation is complete.
  */
-async function generateRHDAReport(context: vscode.ExtensionContext, filePath: string, outputChannel: DepOutputChannel) {
+async function generateRHDAReport(context: vscode.ExtensionContext, tokenProvider: TokenProvider, filePath: string, outputChannel: DepOutputChannel) {
   const fileType = getFileType(filePath);
   if (fileType) {
     await triggerWebviewPanel(context);
     let resp: string;
     if (fileType === 'docker') {
-      resp = await executeDockerImageAnalysis(filePath, outputChannel);
+      resp = await executeDockerImageAnalysis(tokenProvider, filePath, outputChannel);
     } else {
-      resp = await executeStackAnalysis(filePath, outputChannel);
+      resp = await executeStackAnalysis(tokenProvider, filePath, outputChannel);
     }
     /* istanbul ignore else */
     if (DependencyReportPanel.currentPanel) {

src/stackAnalysis.ts

@@ -9,19 +9,21 @@ import { updateCurrentWebviewPanel } from './rhda';
 import { buildLogErrorMessage } from './utils';
 import { DepOutputChannel } from './depOutputChannel';
 import { Options } from '@trustification/exhort-javascript-api';
+import { TokenProvider } from './tokenProvider';
 
 /**
  * Executes the RHDA stack analysis process.
  * @param manifestFilePath The file path to the manifest file for analysis.
  * @returns The stack analysis response string.
  */
-export async function executeStackAnalysis(manifestFilePath: string, outputChannel: DepOutputChannel): Promise<string> {
+export async function executeStackAnalysis(tokenProvider: TokenProvider, manifestFilePath: string, outputChannel: DepOutputChannel): Promise<string> {
   return await vscode.window.withProgress({ location: vscode.ProgressLocation.Window, title: Titles.EXT_TITLE }, async p => {
     p.report({ message: StatusMessages.WIN_ANALYZING_DEPENDENCIES });
 
     // set up configuration options for the stack analysis request
     const options: Options = {
-      'RHDA_TOKEN': globalConfig.telemetryId,
+      'RHDA_TOKEN': await tokenProvider.getToken() ?? '',
+      'RHDA_TELEMETRY_ID': globalConfig.telemetryId,
       'RHDA_SOURCE': globalConfig.utmSource,
       'MATCH_MANIFEST_VERSIONS': globalConfig.matchManifestVersions,
       'EXHORT_PYTHON_VIRTUAL_ENV': globalConfig.usePythonVirtualEnvironment,