fix problem if bad internet stops getting globs and fix bug where cant login

Author: bmeck

src/data/glob-patterns.ts

@@ -1,27 +1,27 @@
-import { IncomingMessage } from 'node:http';
-import * as https from 'node:https';
-import { once } from 'node:stream';
-import { text } from 'stream/consumers';
+import { IncomingMessage } from 'node:http'
+import * as https from 'node:https'
+import { once } from 'node:stream'
+import { text } from 'stream/consumers'
 import { flattenGlob } from '../util'
 
 export type GlobPatterns = Record<string, Record<string, { pattern: string }>>
 
-let globPatternsPromise: Promise<GlobPatterns> | undefined;
+let globPatternsPromise: Promise<GlobPatterns> | undefined
 
 const replaceCasedChars = (chars: string) =>
     chars.replace(/[a-zA-Z]/g, c => `[${c.toLowerCase()}${c.toUpperCase()}]`)
 
 // TODO: can VSCode do case insensitive match without this?
 function caseDesensitize(pattern: string) {
-    let out = '';
+    let out = ''
     const charGroup = /\[[^\]]+?\]/g
-    let lastIndex = 0;
+    let lastIndex = 0
     for (let match: RegExpExecArray | null = null; match = charGroup.exec(pattern);) {
-        out += replaceCasedChars(pattern.slice(lastIndex, match.index)) + match[0];
-        lastIndex = match.index + match[0].length;
+        out += replaceCasedChars(pattern.slice(lastIndex, match.index)) + match[0]
+        lastIndex = match.index + match[0].length
     }
-    out += replaceCasedChars(pattern.slice(lastIndex));
-    return out;
+    out += replaceCasedChars(pattern.slice(lastIndex))
+    return out
 }
 
 export async function getGlobPatterns() {
@@ -36,7 +36,7 @@ export async function getGlobPatterns() {
                 }
                 for (const eco in result) {
                     for (const name in result[eco]) {
-                        const target = result[eco][name];
+                        const target = result[eco][name]
                         target.pattern = caseDesensitize(flattenGlob(target.pattern))
                     }
                 }
@@ -45,7 +45,18 @@ export async function getGlobPatterns() {
             catch(err => {
                 // allow retry
                 globPatternsPromise = undefined
-                throw err
+                // snapshot of supported patterns
+                return {
+                    "cdx": { "json": { "pattern": "{bom,c{yclone,}dx[-.]*,*[-.]c{yclone,}dx}.json" }, "xml": { "pattern": "{bom,c{yclone,}dx[-.]*,*[-.]c{yclone,}dx}.xml" } },
+                    "gem": { "gemfileLock": { "pattern": "Gemfile.lock" } },
+                    "golang": { "gomod": { "pattern": "go.mod" }, "gosum": { "pattern": "go.sum" } },
+                    "maven": { "buildr": { "pattern": "Buildfile" }, "gradle": { "pattern": "{*.,}gradle{.lockfile,}" }, "ivy": { "pattern": "ivy.xml" }, "kotlin": { "pattern": "*.gradle.kts" }, "leiningen": { "pattern": "project.clj" }, "pomxml": { "pattern": "{*-*.,}pom{.xml,}" }, "sbt": { "pattern": "build.sbt" } },
+                    "npm": { "npmshrinkwrap": { "pattern": "npm-shrinkwrap.json" }, "packagejson": { "pattern": "package.json" }, "packagelockjson": { "pattern": "package-lock.json" }, "pnpmlock": { "pattern": "pnpm-lock.y{a,}ml" }, "pnpmworkspace": { "pattern": "pnpm-workspace.y{a,}ml" }, "yarnlock": { "pattern": "yarn.lock" } },
+                    "pypi": { "cdx-json": { "pattern": "{bom,c{yclone,}dx[-.]*,*[-.]c{yclone,}dx}.json" }, "cdx-xml": { "pattern": "{bom,c{yclone,}dx[-.]*,*[-.]c{yclone,}dx}.xml" }, "pipfile": { "pattern": "pipfile" }, "piplock": { "pattern": "pipfile.lock" }, "pkginfo": { "pattern": "{PKG-INFO,METADATA}" }, "poetry": { "pattern": "poetry.lock" }, "pylock": { "pattern": "pylock{,.*}.toml" }, "pyproject": { "pattern": "pyproject.toml" }, "requirements": { "pattern": "{*requirements{.frozen,{[-_]*,}.txt},requirements/*.txt}" }, "setuppy": { "pattern": "setup.py" }, "spdx-json": { "pattern": "*[-.]spdx.json" }, "uvlock": { "pattern": "uv.lock" } }, "spdx": { "json": { "pattern": "*[-.]spdx.json" } },
+                    "nuget": { "visualStudioSolution": { "pattern": "*.sln" }, "msbuildProject": { "pattern": "*.*proj" }, "targets": { "pattern": "*.targets" }, "props": { "pattern": "*.props" }, "msbuildProjectItems": { "pattern": "*.projitems" }, "nuspec": { "pattern": "*.nuspec" }, "packageConfig": { "pattern": "{packages.*.config,packages.config}" }, "packagesLock": { "pattern": "packages.lock.json" } },
+                    "socket": { "facts": { "pattern": ".socket.facts.json" } },
+                    "cargo": { "cargoToml": { "pattern": "Cargo.toml" }, "cargoLock": { "pattern": "Cargo.lock" } }
+                }
             })
     }
     return globPatternsPromise

src/data/socket-api-config.ts

@@ -7,14 +7,15 @@ import { IncomingMessage } from 'node:http'
 import { text } from 'node:stream/consumers'
 import constants from '@socketsecurity/registry/lib/constants'
 import { addDisposablesTo } from '../util'
+import { log } from 'node:console'
 
 const { SOCKET_PUBLIC_API_TOKEN } = constants
 
 export type APIConfig = {
     apiKey: string
 }
 
-let apiConf: APIConfig | {} | undefined
+let apiConf: APIConfig | undefined
 
 let dataHome = process.platform === 'win32'
     ? process.env['LOCALAPPDATA']
@@ -97,18 +98,19 @@ async function loadConfig(update?: boolean) {
 
 async function findAPIConfig() {
     if (!apiConf) {
-        apiConf = {}
+        apiConf = undefined
         let keyInfo: OrganizationsRecord | null
         const envKey = process.env.SOCKET_SECURITY_API_TOKEN ?? process.env.SOCKET_SECURITY_API_KEY
         if (envKey) {
             keyInfo = await getOrganizations(envKey)
-            if (keyInfo) {
-                apiConf = getConfigFromSettings(envKey)
+            apiConf = {
+                apiKey: envKey
             }
+        } else {
+            await loadConfig()
         }
-        if (!(apiConf as APIConfig).apiKey) await loadConfig()
     }
-    return (apiConf as APIConfig).apiKey ? apiConf as APIConfig : null
+    return (apiConf as APIConfig)?.apiKey ? apiConf as APIConfig : null
 }
 
 let existingFindCall: Promise<APIConfig | null> | null = null
@@ -121,64 +123,87 @@ export async function getExistingAPIConfig() {
     return result
 }
 
-export async function usePublicConfig(force?: boolean) {
-    if (force || !getExistingAPIConfig()) {
-        const apiKey = SOCKET_PUBLIC_API_TOKEN
-        await saveConfig(apiKey, [])
-        changeAPIConf.fire()
-    }
-    return apiConf as APIConfig
-}
-
-export async function getAPIConfig(force?: boolean) {
-    if (!force) {
-        const existingConf = await getExistingAPIConfig()
-        if (existingConf) return existingConf
+let pendingNewConfig: Promise<APIConfig | null> | null = null
+export async function getAPIConfig() {
+    const existingConf = await getExistingAPIConfig()
+    if (existingConf) {
+        return existingConf
     }
-    let organizations: OrganizationsRecord
-    let apiKey = await vscode.window.showInputBox({
-        title: 'Socket Security API Token',
-        placeHolder: 'Leave this blank to use a public token',
-        prompt: 'Enter your API token from https://socket.dev/',
-        async validateInput(value) {
-            if (!value) return
-            organizations = (await getOrganizations(value))!
-            if (!organizations) return 'Invalid API key'
-        }
-    })
-    if (apiKey === undefined) {
-        return null
+    if (pendingNewConfig) {
+        return pendingNewConfig
     }
-    let enforcedOrgs: string[] = []
-    if (!apiKey) {
-        apiKey = SOCKET_PUBLIC_API_TOKEN
-        organizations = (await getOrganizations(apiKey))!
-    } else {
-        let organizationsList = Object.values(organizations!.organizations!)
-        if (organizationsList.length) {
-            (organizationsList[0] as OrgInfo)
-            const options: (vscode.QuickPickItem & { id: string | null })[] = [
-                ...organizationsList.map(org => {
-                    return {
-                        label: org.name,
-                        id: org.id,
+    async function getNewConfig() {
+        let organizations: OrganizationsRecord
+        let apiKey = null
+        while (true) {
+            const loginChoice = await vscode.window.showInformationMessage('Socket Security requires authentication for full functionality.',
+                'Authenticate',
+                'Stay logged out'
+            )
+            // they chose to ignore the prompt or opted to be logged out
+            // it will come back later
+            if (loginChoice === 'Stay logged out' || !loginChoice) {
+                break
+            }
+            if (loginChoice === 'Authenticate') {
+                apiKey = await vscode.window.showInputBox({
+                    title: 'Socket Security API Token',
+                    placeHolder: 'Leave this blank to stay logged out',
+                    prompt: 'Enter your API token from https://socket.dev/',
+                    async validateInput(value) {
+                        if (!value) return
+                        organizations = (await getOrganizations(value))!
+                        if (!organizations) return 'Invalid API key'
                     }
-                }),
-                {
-                    label: 'None',
-                    id: null
+                })
+                // vscode gives undefined if focus is lost, this is error prone UX
+                // show the informative message again that they can ignore
+                // only consider the user to have made a choice if they enter a value
+                if (typeof apiKey === 'string') {
+                    break
                 }
-            ]
-            const result = await vscode.window.showQuickPick(options, {
-                title: 'Which organization\'s policies should Socket enforce system-wide?'
-            })
-            if (result?.id) enforcedOrgs = [result.id]
+            }
         }
+        let enforcedOrgs: string[] = []
+        if (!apiKey || apiKey === SOCKET_PUBLIC_API_TOKEN) {
+            // dont save to disk and don't ask for orgs
+            apiConf = {
+                apiKey: SOCKET_PUBLIC_API_TOKEN
+            }
+            changeAPIConf.fire()
+            return apiConf
+        } else {
+            let organizationsList = Object.values(organizations!.organizations!)
+            if (organizationsList.length) {
+                (organizationsList[0] as OrgInfo)
+                const options: (vscode.QuickPickItem & { id: string | null })[] = [
+                    ...organizationsList.map(org => {
+                        return {
+                            label: org.name,
+                            id: org.id,
+                        }
+                    }),
+                    {
+                        label: 'None',
+                        id: null
+                    }
+                ]
+                const result = await vscode.window.showQuickPick(options, {
+                    title: 'Which organization\'s policies should Socket enforce system-wide?'
+                })
+                if (result?.id) enforcedOrgs = [result.id]
+            }
+        }
+        await saveConfig(apiKey, enforcedOrgs)
+        apiConf = getConfigFromSettings(apiKey)
+        changeAPIConf.fire()
+        return apiConf
     }
-    await saveConfig(apiKey, enforcedOrgs)
-    apiConf = getConfigFromSettings(apiKey)
-    changeAPIConf.fire()
-    return apiConf as APIConfig
+    pendingNewConfig = getNewConfig()
+    pendingNewConfig.finally(() => {
+        pendingNewConfig = null
+    })
+    return pendingNewConfig
 }
 
 export function init(disposables?: vscode.Disposable[]) {
@@ -194,7 +219,7 @@ export function init(disposables?: vscode.Disposable[]) {
         watcher.onDidChange(() => loadConfig(true)),
         watcher.onDidCreate(() => loadConfig(true)),
         watcher.onDidDelete(() => {
-            apiConf = {}
+            apiConf = undefined
         })
     )
 }

src/infra/log.ts

@@ -4,6 +4,6 @@ const logger = vscode.window.createOutputChannel('Socket Security', {
     log: true
 })
 
-logger.appendLine('Socket Security extension started')
+logger.info('Socket Security extension started')
 
 export default logger;

src/ui/decorations.ts

@@ -8,7 +8,6 @@ import { PURLPackageData } from './purl-alerts-and-scores/manager';
 import { SUPPORTED_LSP_LANGUAGE_IDS_TO_PARSER } from './languages';
 import { isPythonBuiltin } from '../data/python/interpreter';
 import * as Module from 'module';
-import { log } from 'console'
 import { getGlobPatterns } from '../data/glob-patterns'
 
 export async function activate(context: vscode.ExtensionContext) {
@@ -50,7 +49,7 @@ class DecorationTypes {
             height: '12px',
         },
     });
-    logger.info('Created error decoration', this.errorDecoration.key);
+    // logger.debug('Created error decoration', this.errorDecoration.key);
     this.warningDecoration = vscode.window.createTextEditorDecorationType({
         isWholeLine: true,
         after: {
@@ -60,11 +59,11 @@ class DecorationTypes {
             height: '12px',
         },
     });
-    logger.info('Created warning decoration', this.warningDecoration.key);
+    // logger.debug('Created warning decoration', this.warningDecoration.key);
     this.informativeDecoration = vscode.window.createTextEditorDecorationType({
         isWholeLine: true
     });
-    logger.info('Created informative decoration', this.informativeDecoration.key);
+    // logger.debug('Created informative decoration', this.informativeDecoration.key);
 }
 }
 
@@ -383,8 +382,8 @@ class DecorationManagerForDocument {
         const thisDocUpdateSignal = this.currentDocUpdate.signal;
         const externals = await parseExternals(doc);
         if (!externals) return;
-        logger.info(`Parsed externals for ${docURI}:`, externals.size, 'externals found, aborted:', thisDocUpdateSignal.aborted);
-        logger.info([...externals.keys()].join(', '));
+        logger.debug(`Parsed externals for ${docURI}:`, externals.size, 'externals found, aborted:', thisDocUpdateSignal.aborted);
+        logger.debug([...externals.keys()].join(', '));
         if (thisDocUpdateSignal.aborted) {
             console.info(`Decoration update for ${docURI} was aborted (parsing externals took longer than next update), skipping.`);
             return;
@@ -454,16 +453,16 @@ class DecorationManagerForDocument {
     async #decorateEverything(thisDecorationUpdateSignal = this.currentDocUpdate.signal) {
         if (!this.isDirty) return;
         let pending = [];
-        logger.info(`Updating decorations for ${this.docURI} with externals:`, this.externalRefs.size, 'externals found');
+        logger.debug(`Updating decorations for ${this.docURI} with externals:`, this.externalRefs.size, 'externals found');
         for (const editor of vscode.window.visibleTextEditors) {
             const editorURI = editor.document.uri.toString() as TextDocumentURIString;
             if (editorURI === this.docURI) {
-                logger.info(`Matching editor ${editorURI} for decoration update`);
+                logger.debug(`Matching editor ${editorURI} for decoration update`);
                 pending.push(editor)
             }
         }
         if (pending.length === 0) {
-            logger.info(`No editors found for ${this.docURI}, skipping decoration update`);
+            logger.debug(`No editors found for ${this.docURI}, skipping decoration update`);
             return;
         }
         this.createDecorations();

src/ui/file.ts

@@ -5,6 +5,6 @@ import {activate as activateDecorations} from './decorations'
 export function activate(
     context: vscode.ExtensionContext,
 ) {
-    logger.appendLine('Socket Security extension started decorating files')
+    logger.debug('Socket Security extension started decorating files')
     activateDecorations(context);
 }