From e09727df2ff2a52374c4e0918d9ea2819cb3502c Mon Sep 17 00:00:00 2001
From: Sumit Morchhale <sumit.morchhale@checkmarx.com>
Date: Mon, 20 Apr 2026 16:19:21 +0530
Subject: [PATCH] Fix: Prevent premature "No vulnerability" message while
 results are loading (AST-107449)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Change readResultsFromFile() to return undefined when file doesn't exist
  instead of returning empty array, creating semantic distinction between
  "not yet loaded" (undefined) vs "loaded with 0 items" ([])
- Update loadedResults type annotation to CxResult[] | undefined to match actual usage
- Fix scanId retrieval to use .id instead of .name for correct UUID

This prevents the tree from showing "No vulnerability" prematurely while
results are still being fetched. The message now only shows after results
are actually loaded and are empty.

Tested and verified:
- ✅ No regressions in triage operations
- ✅ No regressions in filtering/grouping
- ✅ Risk management view safely handles undefined
- ✅ All existing functionality preserved
- ✅ Both Checkmarx and Project Ignite plugins safe

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
---
 packages/core/src/utils/utils.ts                          | 4 ++--
 packages/core/src/views/resultsView/astResultsProvider.ts | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/packages/core/src/utils/utils.ts b/packages/core/src/utils/utils.ts
index 95c34ee9..82064b35 100644
--- a/packages/core/src/utils/utils.ts
+++ b/packages/core/src/utils/utils.ts
@@ -203,10 +203,10 @@ export async function getResultsJson() {
 export function readResultsFromFile(
   resultJsonPath: string,
   scan: string
-): Promise<CxResult[]> {
+): Promise<CxResult[] | undefined> {
   return new Promise((resolve, reject) => {
     if (!fs.existsSync(resultJsonPath) || !scan) {
-      resolve([]);
+      resolve(undefined);
       return;
     }
 
diff --git a/packages/core/src/views/resultsView/astResultsProvider.ts b/packages/core/src/views/resultsView/astResultsProvider.ts
index 2e398adf..6adb2ec7 100644
--- a/packages/core/src/views/resultsView/astResultsProvider.ts
+++ b/packages/core/src/views/resultsView/astResultsProvider.ts
@@ -21,7 +21,7 @@ import { validateConfigurationAndLicense } from "../../utils/common/configValida
 
 export class AstResultsProvider extends ResultsProvider {
   public process;
-  public loadedResults: CxResult[];
+  public loadedResults: CxResult[] | undefined;
   private scan: Item | undefined;
   private riskManagementView: riskManagementView;
 
@@ -87,8 +87,8 @@ export class AstResultsProvider extends ResultsProvider {
       this.loadedResults = undefined;
       const scanIDItem = getFromState(this.context, constants.scanIdKey);
       let scanId = undefined;
-      if (scanIDItem && scanIDItem.name) {
-        scanId = getFromState(this.context, constants.scanIdKey).name;
+      if (scanIDItem && scanIDItem.id) {
+        scanId = getFromState(this.context, constants.scanIdKey).id;
       }
       if (scanId) {
         await getResultsWithProgress(this.logs, scanId);