Skip to content

feat(vscode-extension): SARIF import/export + security hardening#926

Merged
Gbangbolaoluwagbemiga merged 2 commits into
HyperSafeD:mainfrom
anuoluwaponiorimi:feat/vscode-sarif-security-hardening
Jun 25, 2026
Merged

feat(vscode-extension): SARIF import/export + security hardening#926
Gbangbolaoluwagbemiga merged 2 commits into
HyperSafeD:mainfrom
anuoluwaponiorimi:feat/vscode-sarif-security-hardening

Conversation

@anuoluwaponiorimi

Copy link
Copy Markdown

Summary

  • Adds sanctifier.exportSarif command: converts active-file findings to a SARIF 2.1.0 JSON file with a workspace-boundary path guard before writing to disk
  • Adds sanctifier.importSarif command: reads an external SARIF file with size (5 MB) and result-count (10 000) caps before rendering
  • Adds sarif.ts: pure EditorFinding ↔ SARIF 2.1.0 conversion utilities (no VS Code API, fully unit-testable)
  • Adds security.ts: path-traversal guard, file-size limits, filename sanitisation
  • Adds jest + ts-jest unit test suite — 26 tests, covering analyzer rules and SARIF round-trips
  • Adds ESLint with @typescript-eslint; zero warnings in npm run lint
  • Fixes two pre-existing no-useless-escape lint errors in analyzer.ts regexes
  • Adds THREAT_MODEL.md documenting T1–T6 threats and mitigations (path traversal, DoS via large files, malformed JSON, CLI substitution)
  • Wires test and lint npm scripts so the vscode-extension-ci.yml workflow passes on all three platforms

Closes #610
Closes #667
Closes #741
Closes #743

Test plan

  • npm run compile — zero TypeScript errors
  • npm test — 26 tests pass (ubuntu, windows, macos)
  • npm run lint — zero ESLint errors or warnings
  • npx @vscode/vsce package --no-dependencies — extension packages cleanly
  • Open a .rs file containing Soroban code, run Sanctifier: Export findings as SARIF.sarif file written and opened
  • Run Sanctifier: Import SARIF file → success message with finding count
  • Import a SARIF file larger than 5 MB → error message shown, no crash
  • Import a file with a path outside the workspace → blocked with error message

Closes HyperSafeD#610, HyperSafeD#667, HyperSafeD#741, HyperSafeD#743

- Add sanctifier.exportSarif command: exports active file findings as
  SARIF 2.1.0 JSON with workspace-boundary guard before writing
- Add sanctifier.importSarif command: reads and validates an external
  SARIF file with size (5 MB) and result count (10k) caps
- Add sarif.ts: pure EditorFinding <-> SARIF 2.1.0 conversion utilities
- Add security.ts: path-traversal guard, file-size limits, filename
  sanitisation — no VS Code API dependency, fully unit-testable
- Add jest + ts-jest unit test suite (26 tests, analyzer + sarif)
- Add ESLint with @typescript-eslint; all warnings resolved
- Fix two no-useless-escape lint errors in existing analyzer.ts regexes
- Add THREAT_MODEL.md documenting T1-T6 threats and mitigations
- Update package.json: test/lint scripts, new devDependencies
- Update tsconfig.json to exclude test files from production build
@vercel

vercel Bot commented Jun 25, 2026

Copy link
Copy Markdown

@oluwagbemigaphilip is attempting to deploy a commit to the gbangbolaoluwagbemiga's projects Team on Vercel.

A member of the Team first needs to authorize it.

@drips-wave

drips-wave Bot commented Jun 25, 2026

Copy link
Copy Markdown

@anuoluwaponiorimi Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@Gbangbolaoluwagbemiga Gbangbolaoluwagbemiga merged commit 5cfe9ac into HyperSafeD:main Jun 25, 2026
13 of 23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

3 participants