feat: 敏感信息告警Linter

Author: yini-chen

package.json

@@ -15,7 +15,13 @@
   ],
   "activationEvents": [
     "onStartFinished",
-    "onWebviewPanel:alicloud-api-webview"
+    "onWebviewPanel:alicloud-api-webview",
+    "onLanguage:javascript",
+    "onLanguage:typescript",
+    "onLanguage:go",
+    "onLanguage:php",
+    "onLanguage:python",
+    "onLanguage:java"
   ],
   "main": "./dist/extension",
   "contributes": {
@@ -24,6 +30,10 @@
         "command": "alicloud.api.autoImport",
         "title": "导入依赖"
       },
+      {
+        "command": "alicloud.api.akSecurityHelper",
+        "title": "凭据的安全使用方案"
+      },
       {
         "command": "alicloud.api.feedback",
         "title": "反馈",

src/commands.ts

@@ -2,6 +2,7 @@ import { PontManager } from "pontx-manager";
 import * as _ from "lodash";
 import * as vscode from "vscode";
 import {
+  AKHelperWithLanguage,
   findAlicloudAPIConfig,
   findInterface,
   getSpecInfoFromName,
@@ -200,39 +201,6 @@ export class AlicloudApiCommands {
       });
     });
 
-    // vscode.commands.registerCommand("alicloud.api.regenerateAPIMocks", async (event) => {
-    //   const filePaths: string[] = (event.path || "")?.split("/");
-    //   const lastMocksIndex = filePaths.lastIndexOf("mocks");
-    //   const names = filePaths.slice(lastMocksIndex + 1);
-    //   names.push(names.pop().replace(".ts", ""));
-
-    //   if (service.pontManager.localPontSpecs?.[0]?.name) {
-    //     showProgress("重新生成 API Mocks", service.pontManager, async (log) => {
-    //       log("代码生成中...");
-    //       await wait(100);
-
-    //       let specName, modName, apiName;
-    //       if (names.length === 3) {
-    //         [specName, modName, apiName] = names;
-    //       } else {
-    //         [specName, apiName] = names;
-    //       }
-    //       const mocksPlugin = await service.pontManager.innerManagerConfig.plugins.mocks?.instance;
-    //       const mocksOptions = await service.pontManager.innerManagerConfig.plugins.mocks?.options;
-    //       const mocksCode = await mocksPlugin.getAPIMockCode(
-    //         service.pontManager,
-    //         mocksOptions,
-    //         apiName,
-    //         modName,
-    //         specName,
-    //       );
-    //       fs.writeFileSync(event.path, mocksCode, "utf-8");
-
-    //       log("API Mocks 生成成功！");
-    //       vscode.window.showInformationMessage("API Mocks生成成功！");
-    //     });
-    //   }
-    // });
     vscode.commands.registerCommand("alicloud.api.autoImport", (...argus) => {
       const diagnostic = argus[0];
       const missingDep = argus[1];
@@ -243,6 +211,17 @@ export class AlicloudApiCommands {
       }
     });
 
+    vscode.commands.registerCommand("alicloud.api.akSecurityHelper", (...argus) => {
+      const document = argus[0];
+      if (AKHelperWithLanguage[document.languageId]) {
+        vscode.env.openExternal(vscode.Uri.parse(AKHelperWithLanguage[document.languageId]));
+      } else {
+        vscode.env.openExternal(
+          vscode.Uri.parse("https://help.aliyun.com/zh/sdk/developer-reference/ak-security-scheme"),
+        );
+      }
+    });
+
     vscode.commands.registerCommand("alicloud.api.fetchRemote", (config) => {
       const pontManager = service.pontManager;
 
@@ -329,23 +308,5 @@ export class AlicloudApiCommands {
         spec: spec?.apis?.[`${result.apiKey}`],
       });
     });
-    // vscode.commands.registerTextEditorCommand("alicloud.api.viewMocks", async (editor, edit) => {
-    //   const isSingleSpec = PontManager.checkIsSingleSpec(service.pontManager);
-    //   const result = (await findInterface(editor, !isSingleSpec, service.pontManager)) || ({} as any);
-    //   const spec = PontManager.getSpec(service.pontManager, result.specName);
-
-    //   if (!result.apiName) {
-    //     vscode.window.showErrorMessage("未找到该 OpenAPI");
-    //     return;
-    //   }
-
-    //   const namespace = [result.specName, result.modName, result.apiName].filter((id) => id).join("/");
-    //   const mocksFilePath = path.join(service.pontManager.innerManagerConfig.outDir, "mocks", namespace + ".ts");
-    //   vscode.commands.executeCommand("vscode.open", vscode.Uri.file(mocksFilePath));
-    // });
-
-    // vscode.commands.registerCommand('alicloud.api.refreshPontExplorer', () => {
-    //   service.treeDataProvider.refresh();
-    // });
   }
 }

src/extension.ts

@@ -1,6 +1,4 @@
 "use strict";
-// The module 'vscode' contains the VS Code extensibility API
-// Import the module and reference it with the alias vscode in your code below
 import { PontManager } from "pontx-manager";
 import PontMetaFetchPlugin from "pontx-meta-fetch-plugin";
 import * as vscode from "vscode";
@@ -16,12 +14,29 @@ import autoCompletion from "./provider/autoCompletion";
 import autofix from "./provider/autofix";
 import hoverInfo from "./provider/hoverProvider";
 import { getProfileInfoInstance } from "./profileManager";
+import { updateDiagnostics } from "./provider/linter";
 
 export async function activate(context: vscode.ExtensionContext) {
-  // if (!vscode.workspace.rootPath) {
-  //   return;
-  // }
-  // registerConfigSchema(context);
+  // 插件诊断器
+  const collection = vscode.languages.createDiagnosticCollection("test");
+  if (vscode.window.activeTextEditor) {
+    updateDiagnostics(vscode.window.activeTextEditor.document, collection);
+  }
+  context.subscriptions.push(
+    vscode.window.onDidChangeActiveTextEditor((editor) => {
+      if (editor) {
+        updateDiagnostics(editor.document, collection);
+      }
+    }),
+  );
+  context.subscriptions.push(
+    vscode.workspace.onDidChangeTextDocument((editor) => {
+      if (editor) {
+        updateDiagnostics(editor.document, collection);
+      }
+    }),
+  );
+
   const pontxConfig = await findAlicloudAPIConfig(context);
 
   if (!pontxConfig) {

src/provider/autofix.ts

@@ -2,9 +2,10 @@
  * @description: Quick fix need to be used with a Linter
  */
 import * as vscode from "vscode";
-import { containsAnySubstring, fileSel, getSpecInfoFromName } from "../utils";
+import { containsAnySubstring, fileSel, getSpecInfoFromName, SDKLanguageLabel } from "../utils";
 import { getDepsByLanguage } from "../common/generateImport";
 import { alicloudAPIMessageService } from "../Service";
+import { LintRules } from "./linter";
 
 class CodeActionProvider {
   provideCodeActions(
@@ -21,16 +22,13 @@ class CodeActionProvider {
       const document = editor.document;
       const errorText = document.getText(item?.range);
       const service = alicloudAPIMessageService;
-      const products = service.pontManager.localPontSpecs
-        .map((pontSpec) => {
-          return getSpecInfoFromName(pontSpec?.name)[0];
-        })
+      const products = service.pontManager.localPontSpecs.map((pontSpec) => {
+        return getSpecInfoFromName(pontSpec?.name)[0];
+      });
 
+      // 未导入依赖的诊断建议
       if (getDepsByLanguage(errorText, item.range)?.includes(errorText) || containsAnySubstring(errorText, products)) {
-        const autoImportAction = new vscode.CodeAction(
-          item.message + "导入依赖",
-          vscode.CodeActionKind.QuickFix,
-        );
+        const autoImportAction = new vscode.CodeAction(item.message + "导入依赖", vscode.CodeActionKind.QuickFix);
         const newDiagnostic = new vscode.Diagnostic(item.range, "importLists", vscode.DiagnosticSeverity.Error);
         // 自动修复命令注册
         autoImportAction.command = {
@@ -40,6 +38,23 @@ class CodeActionProvider {
         };
         return autoImportAction;
       }
+
+      // AccessKey 可能泄露的诊断建议
+      const lintResult = LintRules?.find((rule) => rule.source === item.source);
+      if (lintResult) {
+        // 自动修复命令注册
+        const codeAction = new vscode.CodeAction(
+          `${lintResult.methods[0]?.title}（${SDKLanguageLabel[document.languageId] || "阿里云 SDK"}）`,
+          vscode.CodeActionKind.QuickFix,
+        );
+        codeAction.command = {
+          title: `${lintResult.methods[0]?.title}（${SDKLanguageLabel[document.languageId] || "阿里云 SDK"}）`,
+          command: lintResult.methods[0]?.command,
+          arguments: [document],
+        };
+
+        return codeAction;
+      }
     });
 
     return result;

src/provider/linter.ts

@@ -0,0 +1,82 @@
+/**
+ * @description: Linter of the Code
+ */
+import * as vscode from "vscode";
+import { fileSel } from "../utils";
+
+class Rule {
+  LintName: string;
+  pattern: string;
+  message: string;
+  source: string;
+  information: string;
+  methods: Array<{
+    title: string;
+    command: string;
+  }>;
+}
+export const LintRules: Array<Rule> = [
+  {
+    LintName: "AccessKey-KeyValue",
+    source: "Alicloud AccessKey Lint",
+    pattern:
+      '(?<keyword>access|key|secret|scret|ak|sk)[^\\w\\n]*(?:\\n)?(?<separator>["\'\\s]*[:=@,]\\s*(?:"|\')?|\\w*"\\s*?,\\s*?")[\\s"\']*(?<key>[0-9A-Za-z]{14,40})(?<suffix>["\'\\s]*)',
+    message: "工程代码泄露可能会导致 AccessKey 泄露，并威胁账号下所有资源的安全性。",
+    information: "在此处透露了 AccessKey。",
+    methods: [{ title: "凭据的安全使用方案", command: "alicloud.api.akSecurityHelper" }],
+  },
+  {
+    LintName: "AccessKey-NewAK",
+    source: "Alicloud AccessKey Lint",
+    information: "在此处透露了 AccessKey。",
+    pattern:
+      "^LTAI(?=.*[A-Z])(?=.*[a-z])(?=.*\\d)[A-Za-z\\d]{12}$|^LTAI(?=.*[A-Z])(?=.*[a-z])(?=.*\\d)[A-Za-z\\d]{16}$|^LTAI(?=.*[A-Z])(?=.*[a-z])(?=.*\\d)[A-Za-z\\d]{18}$|^LTAI(?=.*[A-Z])(?=.*[a-z])(?=.*\\d)[A-Za-z\\d]{20}$|^LTAI(?=.*[A-Z])(?=.*[a-z])(?=.*\\d)[A-Za-z\\d]{22}$",
+    message: "工程代码泄露可能会导致 AccessKey 泄露，并威胁账号下所有资源的安全性。",
+    methods: [{ title: "凭据的安全使用方案", command: "alicloud.api.akSecurityHelper" }],
+  },
+];
+
+function searchCode(
+  diagnosticCollection: vscode.Diagnostic[],
+  rule: Rule,
+  text: string,
+  document: vscode.TextDocument,
+) {
+  const regex = new RegExp(rule.pattern, "gi");
+  let match;
+  while ((match = regex.exec(text)) !== null) {
+    const range = new vscode.Range(document.positionAt(match.index), document.positionAt(regex.lastIndex));
+    const matchText = document.getText(range);
+    if (!diagnosticCollection?.find((item) => item.code === matchText)) {
+      diagnosticCollection.push({
+        code: "",
+        message: rule.message,
+        range: range,
+        severity: vscode.DiagnosticSeverity.Error,
+        source: rule.source,
+        relatedInformation: [
+          new vscode.DiagnosticRelatedInformation(new vscode.Location(document.uri, range), rule.information),
+        ],
+      });
+    }
+  }
+}
+
+export async function updateDiagnostics(
+  document: vscode.TextDocument,
+  collection: vscode.DiagnosticCollection,
+): Promise<void> {
+  if ((fileSel as any)?.find((sel) => sel.language === document.languageId)) {
+    const text = document.getText();
+
+    let diagnosticCollection: vscode.Diagnostic[] = [];
+
+    LintRules.forEach((rule) => {
+      searchCode(diagnosticCollection, rule, text, document);
+    });
+
+    collection.set(document.uri, diagnosticCollection);
+  } else {
+    collection.clear();
+  }
+}

src/utils.ts

@@ -487,13 +487,32 @@ export const getRequiredParamsValue = (product: string, version: string, api: st
 
 export const fileSel: vscode.DocumentSelector = [
   { scheme: "file", language: "typescript" },
+  { scheme: "file", language: "javascript" },
   { scheme: "file", language: "go" },
   { scheme: "file", language: "java" },
   { scheme: "file", language: "csharp" },
   { scheme: "file", language: "python" },
   { scheme: "file", language: "php" },
 ];
 
+export const SDKLanguageLabel = {
+  typescript: "V2.0 Node.js SDK",
+  javascript: "V2.0 Node.js SDK",
+  go: "V2.0 Go SDK",
+  java: "V2.0 Java SDK",
+  python: "V2.0 Python SDK",
+  php: "V2.0 PHP SDK",
+};
+
+export const AKHelperWithLanguage = {
+  typescript: "https://help.aliyun.com/zh/sdk/developer-reference/v2-manage-node-js-access-credentials",
+  javascript: "https://help.aliyun.com/zh/sdk/developer-reference/v2-manage-node-js-access-credentials",
+  java: "https://help.aliyun.com/zh/sdk/developer-reference/v2-manage-access-credentials",
+  go: "https://help.aliyun.com/zh/sdk/developer-reference/v2-manage-go-access-credentials",
+  python: "https://help.aliyun.com/zh/sdk/developer-reference/v2-manage-python-access-credentials",
+  php: "https://help.aliyun.com/zh/sdk/developer-reference/v2-manage-php-access-credentials",
+};
+
 export const containsAnySubstring = (targetStr, substrings) => {
   const language = vscode.window.activeTextEditor?.document.languageId;
   if (language !== "typescript") {