token validation feature in ide

package.json

@@ -2,7 +2,7 @@
     "name": "jfrog-vscode-extension",
     "displayName": "JFrog",
     "description": "Security scanning for your Go, npm, Pypi, Maven and NuGet projects.",
-    "version": "2.11.7",
+    "version": "2.11.6",
     "license": "Apache-2.0",
     "icon": "resources/extensionIcon.png",
     "repository": {
@@ -332,7 +332,7 @@
     "dependencies": {
         "adm-zip": "~0.5.9",
         "fs-extra": "~10.1.0",
-        "jfrog-client-js": "^2.8.0",
+        "jfrog-client-js": "^2.9.0",
         "jfrog-ide-webview": "https://releases.jfrog.io/artifactory/ide-webview-npm/jfrog-ide-webview/-/jfrog-ide-webview-0.2.14.tgz",
         "js-yaml": "^4.1.0",
         "json2csv": "~5.0.7",

src/main/connect/connectionManager.ts

@@ -967,7 +967,7 @@ export class ConnectionManager implements ExtensionComponent, vscode.Disposable
                 .xray()
                 .jasconfig()
                 .getJasConfig();
-            this._logManager.logMessage('Successfully got token validation from platform', 'DEBUG');
+            this._logManager.logMessage('Got token validation value:' + response.enable_token_validation_scanning +' from platform', 'DEBUG');
             return response.enable_token_validation_scanning;
         } catch (error) {
             this._logManager.logMessage('Failed getting token validation from platform', 'DEBUG');

src/main/scanLogic/scanManager.ts

@@ -109,6 +109,13 @@ export class ScanManager implements ExtensionComponent {
         if (scanDetails.multiScanId) {
             params = { msi: scanDetails.multiScanId };
         }
+        if (scanDetails.jasRunnerFactory.supportedScans.tokenValidation) {
+            if (params) {
+                params.tokenValidation = scanDetails.jasRunnerFactory.supportedScans.tokenValidation
+            } else {
+                params = {tokenValidation: scanDetails.jasRunnerFactory.supportedScans.tokenValidation}
+            }
+        }
         for (const runner of jasRunners) {
             if (runner.shouldRun()) {
                 scansPromises.push(

src/main/scanLogic/scanRunners/analyzerManager.ts

@@ -10,8 +10,6 @@ import { Configuration } from '../../utils/configuration';
 import { Translators } from '../../utils/translators';
 import { BinaryEnvParams } from './jasRunner';
 import { LogUtils } from '../../log/logUtils';
-import { DYNAMIC_TOKEN_VALIDATION_MIN_XRAY_VERSION } from './secretsScan';
-import * as semver from 'semver';
 
 /**
  * Analyzer manager is responsible for running the analyzer on the workspace.
@@ -151,34 +149,8 @@ export class AnalyzerManager {
         };
     }
 
-    private isTokenValidationEnabled(): string {
-        let xraySemver: semver.SemVer = new semver.SemVer(this._connectionManager.xrayVersion);
-        if (xraySemver.compare(DYNAMIC_TOKEN_VALIDATION_MIN_XRAY_VERSION) < 0) {
-            this._logManager.logMessage(
-                'You cannot use dynamic token validation feature on xray version ' +
-                    this._connectionManager.xrayVersion +
-                    ' as it requires xray version ' +
-                    DYNAMIC_TOKEN_VALIDATION_MIN_XRAY_VERSION,
-                'INFO'
-            );
-            return 'false';
-        }
-        if (Configuration.enableTokenValidation()) {
-            return 'true';
-        }
-        let response: Promise<boolean> = this._connectionManager.isTokenValidationPlatformEnabled();
-        let tokenValidation: boolean = false;
-        response.then(res => {
-            tokenValidation = res;
-        });
-        if (tokenValidation || process.env.JF_VALIDATE_SECRETS) {
-            return 'true';
-        }
 
-        return 'false';
-    }
-
-    private populateOptionalInformation(binaryVars: NodeJS.ProcessEnv, params?: BinaryEnvParams) {
+    private async populateOptionalInformation(binaryVars: NodeJS.ProcessEnv, params?: BinaryEnvParams) {
         // Optional proxy information - environment variable
         let proxyHttpUrl: string | undefined = process.env['HTTP_PROXY'];
         let proxyHttpsUrl: string | undefined = process.env['HTTPS_PROXY'];
@@ -190,7 +162,10 @@ export class AnalyzerManager {
             proxyHttpUrl = 'http://' + proxyUrl;
             proxyHttpsUrl = 'https://' + proxyUrl;
         }
-        binaryVars[AnalyzerManager.JF_VALIDATE_SECRETS] = this.isTokenValidationEnabled();
+
+        if (params?.tokenValidation && params.tokenValidation == true) {
+            binaryVars[AnalyzerManager.JF_VALIDATE_SECRETS] = "true"
+        }
         if (proxyHttpUrl) {
             binaryVars[AnalyzerManager.ENV_HTTP_PROXY] = this.addOptionalProxyAuthInformation(proxyHttpUrl);
         }

src/main/scanLogic/scanRunners/analyzerModels.ts

@@ -97,8 +97,7 @@ export interface FileRegion {
     startColumn: number;
     endColumn: number;
     snippet?: ResultContent;
-    tokenValidation?: string;
-    metadata?: string;
+    properties: { [key: string]: string };
 }
 
 export interface ResultContent {

src/main/scanLogic/scanRunners/jasRunner.ts

@@ -40,6 +40,7 @@ interface RunRequest {
 export interface BinaryEnvParams {
     executionLogDirectory?: string;
     msi?: string;
+    tokenValidation?: boolean;
 }
 
 /**

src/main/scanLogic/sourceCodeScan/supportedScans.ts

@@ -2,14 +2,27 @@ import { ConnectionManager } from '../../connect/connectionManager';
 import { ConnectionUtils, EntitlementScanFeature } from '../../connect/connectionUtils';
 import { LogManager } from '../../log/logManager';
 import { ScanUtils } from '../../utils/scanUtils';
+import * as semver from 'semver';
+import { DYNAMIC_TOKEN_VALIDATION_MIN_XRAY_VERSION } from '../scanRunners/secretsScan';
+import { Configuration } from '../../utils/configuration';
 
 export class SupportedScans {
     private _applicability?: boolean;
     private _sast?: boolean;
     private _iac?: boolean;
     private _secrets?: boolean;
+    private _tokenValidation?: boolean;
     constructor(private _connectionManager: ConnectionManager, protected _logManager: LogManager) {}
 
+    get tokenValidation(): boolean | undefined { 
+        return this._tokenValidation
+    }
+
+    public setTokenValidation(value: boolean| undefined): SupportedScans {
+        this._tokenValidation = value;
+        return this;
+    }
+
     get applicability(): boolean | undefined {
         return this._applicability;
     }
@@ -72,6 +85,11 @@ export class SupportedScans {
                 .then(res => this.setSast(res))
                 .catch(err => ScanUtils.onScanError(err, this._logManager, true))
         );
+        requests.push(
+            this.isTokenValidationEnabled()
+            .then(res => this.setTokenValidation(res))
+            .catch(err => ScanUtils.onScanError(err, this._logManager, true))
+        );
         await Promise.all(requests);
         return this;
     }
@@ -102,4 +120,30 @@ export class SupportedScans {
     public async isSastSupported(): Promise<boolean> {
         return await ConnectionUtils.testXrayEntitlementForFeature(this._connectionManager.createJfrogClient(), EntitlementScanFeature.Sast);
     }
+
+     /**
+     * Check if token validation scan is enabled
+     */
+     public async isTokenValidationEnabled(): Promise<boolean> {
+        let xraySemver: semver.SemVer = new semver.SemVer(this._connectionManager.xrayVersion);
+        if (xraySemver.compare(DYNAMIC_TOKEN_VALIDATION_MIN_XRAY_VERSION) < 0) {
+            this._logManager.logMessage(
+                'You cannot use dynamic token validation feature on xray version ' +
+                    this._connectionManager.xrayVersion +
+                    ' as it requires xray version ' +
+                    DYNAMIC_TOKEN_VALIDATION_MIN_XRAY_VERSION,
+                'INFO'
+            );
+            return false;
+        }
+        if (Configuration.enableTokenValidation()) {
+            return true;
+        }
+        let tokenValidation: boolean = await this._connectionManager.isTokenValidationPlatformEnabled();
+        if (tokenValidation || process.env.JF_VALIDATE_SECRETS) {
+            return true;
+        }
+
+        return false;
+    }
 }

src/main/treeDataProviders/issuesTree/codeFileTree/secretsTreeNode.ts

@@ -27,8 +27,8 @@ export class SecretTreeNode extends CodeIssueTreeNode {
             issue.severity,
             issue.ruleName
         );
-        this._tokenValidation = location.tokenValidation;
-        this._metadata = location.metadata;
+        this._tokenValidation = location.properties?.tokenValidation;
+        this._metadata = location.properties?.metadata;
         this._snippet = location.snippet?.text;
         this._fullDescription = issue.fullDescription;
     }

src/main/treeDataProviders/utils/analyzerUtils.ts

@@ -96,10 +96,12 @@ export class AnalyzerUtils {
             );
             let fileIssue: SecurityIssue = AnalyzerUtils.getOrCreateSecurityIssue(fileWithIssues, analyzeIssue, fullDescription);
             let newLocation: FileRegion = location.physicalLocation.region;
-            newLocation.tokenValidation = analyzeIssue.properties?.tokenValidation
-                ? (analyzeIssue.properties.tokenValidation.trim() as keyof typeof TokenStatus)
-                : '';
-            newLocation.metadata = analyzeIssue.properties?.metadata ? analyzeIssue.properties.metadata.trim() : '';
+            let properties: {[key: string]: string} = {
+               "tokenValidation": analyzeIssue.properties?.tokenValidation
+                ? (analyzeIssue.properties.tokenValidation.trim() as keyof typeof TokenStatus) : '',
+                "metadata": analyzeIssue.properties?.metadata ? analyzeIssue.properties.metadata.trim() : ''
+            }
+            newLocation.properties = properties
             fileIssue.locations.push(newLocation);
         });
     }

src/test/tests/utils/testAnalyzer.test.ts

@@ -78,8 +78,8 @@ export function assertTokenValidationResult(
         let fileNode: CodeFileTreeNode = getTestCodeFileNode(testRoot, expectedFileIssues.full_path);
         expectedFileIssues.issues.forEach((expectedIssues: SecurityIssue) => {
             expectedIssues.locations.forEach((expectedLocation: FileRegion) => {
-                assert.deepEqual(getTestIssueNode(fileNode, expectedLocation).metadata, expectedLocation.metadata);
-                assert.deepEqual(getTestIssueNode(fileNode, expectedLocation).tokenValidation, expectedLocation.tokenValidation);
+                assert.deepEqual(getTestIssueNode(fileNode, expectedLocation).metadata, expectedLocation.properties?.metadata);
+                assert.deepEqual(getTestIssueNode(fileNode, expectedLocation).tokenValidation, expectedLocation.properties?.tokenValidation);
             });
         });
     });

src/test/tests/utils/testIntegration.test.ts

@@ -228,17 +228,17 @@ export function assertIssuesTokenValidationExist(
                         responseFilesWithIssues,
                         expectedIssues.ruleId,
                         expectedLocation
-                    ).tokenValidation,
-                    expectedLocation.tokenValidation
+                    ).properties?.tokenValidation,
+                    expectedLocation.properties?.tokenValidation
                 );
                 assert.deepEqual(
                     getTestLocation(
                         path.join(testDataRoot, expectedFileWithIssues.full_path),
                         responseFilesWithIssues,
                         expectedIssues.ruleId,
                         expectedLocation
-                    ).metadata,
-                    expectedLocation.metadata
+                    ).properties?.metadata,
+                    expectedLocation.properties?.metadata
                 );
             });
         });