Create Changelog.md (#537)

Changelog.md

@@ -0,0 +1,60 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.0.5] - 2023-05-25
+### Added
+- Add CHANGELOG.md
+
+### Fixed
+- Support ignore-case `i` and multi-line `m` modifiers on the Pattern property of Fixes.
+
+## [1.0.4] - 2023-05-24
+### Fixed
+- Fixes output sarif returning not applicable fixes
+
+## [1.0.3] - 2023-05-24
+### Fixed
+- Fixes output sarif for runs with rules with empty string for Recommendation and Description
+
+## [1.0.2] - 2023-05-24
+### Fixed
+- Fix output sarif for runs with rules with null string for Recommendation and Description
+
+## [1.0.1] - 2023-05-24
+This version is a major refactor of DevSkim.
+
+### Added
+- Added fix and suppress commands that operate on the output sarif from Analyze and the source code scanned with analyze to apply fixes/suppressions
+
+Usage: 
+```bash
+devskim analyze -I path/to/source -O myresults.sarif​
+devskim fix -I path/to/source -O myresults.sarif --dry-run --all​
+devskim suppress -I path/to/source -O myresults.sarif --dry-run --all
+```
+- Support jsonpath/xpath and ymlpath based rules
+- New `--options-json` argument to analyze to specify DevSkim configuration via a JSON file, including ability to Ignore rules only for specific languages
+- IDE extensions are now based on a unified C# Language Server, should have better performance and reliability and support new options like user provided Rules/Languages.
+- DevSkim Rule format is now an extension of Application Inspector rule format
+
+### Changed
+- Input/output files are now named parameters (-I/--source-code and -O/--output-file), not positional parameters
+
+Old: `devskim analyze path/to/src path/to/output.sarif -f sarif`
+
+New: `devskim analyze -I path/to/src -O path/to/out.sarif`
+- Sarif is now the default output format for the CLI
+- DevSkim targets .NET 6.0 and .NET 7.0
+- Rule self tests are now included directly in rule specification (must-match and must-not-match fields) and are checked by the Verify command.
+- Visual Studio Extension now targets VS 2022 instead of VS 2019.
+- VS Code Extension now requires VSC Engine 1.63 or later
+
+### Removed
+- Json is no longer supported as an output format argument to CLI
+- Pack, test and catalogue commands removed from CLI
+
+### Fixes
+- Rule improvements and DevSkim engine performance and reliablity improvements.

DevSkim-DotNet/Microsoft.DevSkim.CLI/Writers/SarifWriter.cs

@@ -241,25 +241,29 @@ private List<Fix> GetFixits(IssueRecord issue)
                 foreach (CodeFix fix in issue.Issue.Rule.Fixes.Where(codeFix => DevSkimRuleProcessor.IsFixable(issue.TextSample, codeFix)))
                 {
                     List<Replacement> replacements = new List<Replacement>();
-                    replacements.Add(new Replacement(new Region()
+                    var potentialReplacement = DevSkimRuleProcessor.Fix(issue.TextSample, fix);
+                    if (potentialReplacement is { })
                     {
-                        CharOffset = issue.Issue.Boundary.Index,
-                        CharLength = issue.Issue.Boundary.Length,
-                    }, new ArtifactContent() { Text = DevSkimRuleProcessor.Fix(issue.TextSample, fix) }, null));
+                        replacements.Add(new Replacement(new Region()
+                        {
+                            CharOffset = issue.Issue.Boundary.Index,
+                            CharLength = issue.Issue.Boundary.Length,
+                        }, new ArtifactContent() { Text =  potentialReplacement}, null));
 
-                    ArtifactChange[] changes = new ArtifactChange[]
-                    {
-                        new ArtifactChange(
-                            GetValueAndImplicitlyPopulateCache(issue.Filename),
-                            replacements,
-                            null)
-                    };
+                        ArtifactChange[] changes = new ArtifactChange[]
+                        {
+                            new ArtifactChange(
+                                GetValueAndImplicitlyPopulateCache(issue.Filename),
+                                replacements,
+                                null)
+                        };
 
-                    fixes.Add(new Fix()
-                    {
-                        ArtifactChanges = changes,
-                        Description = new Message() { Text = issue.Issue.Rule.Description }
-                    });
+                        fixes.Add(new Fix()
+                        {
+                            ArtifactChanges = changes,
+                            Description = new Message() { Text = issue.Issue.Rule.Description }
+                        });
+                    }
                 }
             }
             return fixes.ToList();

DevSkim-DotNet/Microsoft.DevSkim.LanguageServer/TextDocumentSyncHandler.cs

@@ -72,8 +72,11 @@ private async Task<Unit> GenerateDiagnosticsForTextDocumentAsync(string text, in
                         var targetText = text.Substring(issue.Boundary.Index, issue.Boundary.Length);
                         if (fix.Replacement is not null && DevSkimRuleProcessor.IsFixable(targetText, fix))
                         {
-                            string potentialFix = DevSkimRuleProcessor.Fix(targetText, fix);
-                            codeFixes.Add(new CodeFixMapping(diag, potentialFix, uri.ToUri(), $"Replace with {potentialFix}", version, issue.Boundary.Index, issue.Boundary.Index + issue.Boundary.Length, false));
+                            string? potentialFix = DevSkimRuleProcessor.Fix(targetText, fix);
+                            if (potentialFix is { })
+                            {
+                                codeFixes.Add(new CodeFixMapping(diag, potentialFix, uri.ToUri(), $"Replace with {potentialFix}", version, issue.Boundary.Index, issue.Boundary.Index + issue.Boundary.Length, false));
+                            }
                         }
                     }
                     // Add suppression options

DevSkim-DotNet/Microsoft.DevSkim/DevSkimRuleProcessor.cs

@@ -73,28 +73,59 @@ public IEnumerable<Issue> Analyze(string text, string fileName)
         }
 
         /// <summary>
-        ///     Applies given fix on the provided source code line
+        ///     Applies given fix on the provided source code line.
+        ///     Recommended to call <see cref="IsFixable"/> first to ensure the fix is intended for the target.
         /// </summary>
         /// <param name="text"> Source code line </param>
         /// <param name="fixRecord"> Fix record to be applied </param>
         /// <returns> Fixed source code line </returns>
-        public static string Fix(string text, CodeFix fixRecord)
+        public static string? Fix(string text, CodeFix fixRecord)
         {
-            string result = string.Empty;
+            string? result = null;
 
-            if (fixRecord?.FixType is { } fr && fr == FixType.RegexReplace)
+            if (fixRecord?.FixType is { } and FixType.RegexReplace)
             {
-                if (fixRecord.Pattern is { })
+                if (fixRecord.Pattern is { } fixPattern)
                 {
-                    //TODO: Better pattern search and modifiers
-                    Regex regex = new Regex(fixRecord.Pattern.Pattern ?? string.Empty);
-                    result = regex.Replace(text, fixRecord.Replacement ?? string.Empty);
+                    Regex? regex = SearchPatternToRegex(fixPattern);
+                    if (regex is { })
+                    {
+                        result = regex.Replace(text, fixRecord.Replacement ?? string.Empty);
+                    }
                 }
             }
 
             return result;
         }
 
+        private static Regex? SearchPatternToRegex(SearchPattern pattern)
+        {
+            RegexOptions options = RegexOptions.None;
+            if (pattern.Modifiers.Contains("i"))
+            {
+                options |= RegexOptions.IgnoreCase;
+            }
+            if (pattern.Modifiers.Contains("m"))
+            {
+                options |= RegexOptions.Multiline;
+            }
+
+            if (pattern.Pattern is { })
+            {
+                try
+                {
+                    Regex regex = new Regex(pattern.Pattern, options);
+                    return regex;
+                }
+                catch (Exception e)
+                {
+                    // failed to construct regex for fix
+                }    
+            }
+
+            return null;
+        }
+
         /// <summary>
         ///     Checks if the target source can be fixed with the provided fix
         /// </summary>
@@ -105,10 +136,13 @@ public static bool IsFixable(string text, CodeFix fixRecord)
         {
             if (fixRecord?.FixType is { } fr && fr == FixType.RegexReplace)
             {
-                if (fixRecord.Pattern is { })
+                if (fixRecord.Pattern is { } fixPattern)
                 {
-                    Regex regex = new Regex(fixRecord.Pattern.Pattern ?? string.Empty);
-                    return regex.IsMatch(text);
+                    Regex? regex = SearchPatternToRegex(fixPattern);
+                    if (regex is { })
+                    {
+                        return regex.IsMatch(text);
+                    }
                 }
             }
 

Pipelines/cli/devskim-cli-release.yml

@@ -7,6 +7,9 @@ trigger:
   branches:
     include:
     - main
+  paths:
+    exclude:
+    - *.md
 pr: none
 
 resources:

Pipelines/vs/devskim-visualstudio-release.yml

@@ -7,6 +7,9 @@ trigger:
   branches:
     include:
     - main
+  paths:
+    exclude:
+    - *.md
 pr: none
 
 resources:

Pipelines/vscode/devskim-vscode-release.yml

@@ -7,6 +7,9 @@ trigger:
   branches:
     include:
     - main
+  paths:
+    exclude:
+    - *.md
 pr: none
 
 resources: