Merge pull request #23 from RefactorSecurity/export-notes

Export notes

Author: v8vito

README.md

@@ -91,6 +91,10 @@ gosec -fmt=json -out=gosec-results.json ./...
 semgrep scan --json -o semgrep-results.json --config=auto .
 ```
 
+## Exporting notes in popular formats
+
+Currently we only support exporting notes to Markdown, but other formats such as HTML are coming soon.
+
 ## Extension Settings
 
 Various settings for the extension can be configured in VSCode's User Settings page (`CMD+Shift+P` / `Ctrl + Shift + P` -> _Preferences: Open Settings (UI)_):

package-lock.json

@@ -3,7 +3,7 @@
   "displayName": "Security Notes",
   "description": "Create notes during a security code review. Import your favorite SAST tool results and collaborate with others.",
   "icon": "resources/security_notes_logo.png",
-  "version": "1.2.0",
+  "version": "1.3.0",
   "publisher": "refactor-security",
   "private": false,
   "license": "MIT",
@@ -233,6 +233,11 @@
           "type": "webview",
           "name": "Import Tool Results",
           "id": "import-tool-results-view"
+        },
+        {
+          "type": "webview",
+          "name": "Export Notes",
+          "id": "export-notes-view"
         }
       ]
     },

package.json

@@ -4,7 +4,8 @@ import * as vscode from 'vscode';
 import { NoteStatus } from './models/noteStatus';
 import { NoteComment } from './models/noteComment';
 import { Resource } from './reactions/resource';
-import { ImportToolResultsWebview } from './webviews/importToolResultsWebview';
+import { ImportToolResultsWebview } from './webviews/import-tool-results/importToolResultsWebview';
+import { ExportNotesWebview } from './webviews/export-notes/exportNotesWebview';
 import { commentController } from './controllers/comments';
 import { reactionHandler } from './handlers/reaction';
 import { saveNotesToFileHandler } from './handlers/saveNotesToFile';
@@ -232,6 +233,15 @@ export function activate(context: vscode.ExtensionContext) {
     ),
   );
 
+  // webview for exporting notes
+  const exportNotesWebview = new ExportNotesWebview(context.extensionUri, noteMap);
+  context.subscriptions.push(
+    vscode.window.registerWebviewViewProvider(
+      ExportNotesWebview.viewType,
+      exportNotesWebview,
+    ),
+  );
+
   // load persisted comments from file
   const persistedThreads = loadNotesFromFile();
   persistedThreads.forEach((thread) => {

resources/close_inverse.svg

@@ -0,0 +1,41 @@
+/* eslint-disable no-undef */
+
+// This script will be run within the webview itself
+// It cannot access the main VS Code APIs directly.
+(function () {
+  const vscode = acquireVsCodeApi();
+
+  document
+    .querySelector('.export-notes-button')
+    .addEventListener('click', () => onButtonClicked());
+
+  function onButtonClicked() {
+    // selected notes
+    let vulnerable = document.getElementById('vulnerable-notes').checked;
+    let notVulnerable = document.getElementById('not-vulnerable-notes').checked;
+    let todo = document.getElementById('todo-notes').checked;
+    let noStatus = document.getElementById('no-status-notes').checked;
+    let status = {
+      vulnerable,
+      notVulnerable,
+      todo,
+      noStatus,
+    };
+
+    // additional options
+    let includeCodeSnippet = document.getElementById('include-code-snippet').checked;
+    let includeReplies = document.getElementById('include-note-replies').checked;
+    let includeAuthors = document.getElementById('include-authors').checked;
+    let options = {
+      includeCodeSnippet,
+      includeReplies,
+      includeAuthors,
+    };
+
+    // export format
+    let formatSelect = document.getElementById('format-select');
+    let format = formatSelect.options[formatSelect.selectedIndex].value;
+
+    vscode.postMessage({ type: 'exportNotes', status, options, format });
+  }
+})();

src/extension.ts

@@ -16,7 +16,6 @@ h3,
 h4,
 h5,
 h6,
-p,
 ol,
 ul {
 	margin: 0;
@@ -28,3 +27,8 @@ img {
 	max-width: 100%;
 	height: auto;
 }
+
+p {
+	line-height: 25px;   /* within paragraph */
+	font-weight: normal;
+}

src/webviews/assets/exportNotes.js

@@ -73,7 +73,7 @@ button.secondary:hover {
 	background: var(--vscode-button-secondaryHoverBackground);
 }
 
-input:not([type='checkbox']),
+input:not([type='checkbox']):not([type='radio']),
 select,
 textarea {
 	display: block;

src/webviews/assets/main.js src/webviews/assets/importToolResults.jssrc/webviews/assets/main.js renamed to src/webviews/assets/importToolResults.js

@@ -0,0 +1,210 @@
+'use strict';
+
+import * as vscode from 'vscode';
+import { fullPathToRelative } from '../../utils';
+
+export class ExportNotesWebview implements vscode.WebviewViewProvider {
+  public static readonly viewType = 'export-notes-view';
+
+  private _view?: vscode.WebviewView;
+  private noteMap: Map<string, vscode.CommentThread>;
+
+  constructor(
+    private readonly _extensionUri: vscode.Uri,
+    noteMap: Map<string, vscode.CommentThread>,
+  ) {
+    this.noteMap = noteMap;
+  }
+
+  public resolveWebviewView(
+    webviewView: vscode.WebviewView,
+    _context: vscode.WebviewViewResolveContext,
+    _token: vscode.CancellationToken,
+  ) {
+    this._view = webviewView;
+
+    webviewView.webview.options = {
+      // Allow scripts in the webview
+      enableScripts: true,
+      localResourceRoots: [this._extensionUri],
+    };
+
+    webviewView.webview.html = this._getHtmlForWebview(webviewView.webview);
+
+    webviewView.webview.onDidReceiveMessage((data) => {
+      switch (data.type) {
+        case 'exportNotes': {
+          exportNotes(data.status, data.options, data.format, this.noteMap);
+        }
+      }
+    });
+  }
+
+  private _getHtmlForWebview(webview: vscode.Webview) {
+    const scriptUri = webview.asWebviewUri(
+      vscode.Uri.joinPath(
+        this._extensionUri,
+        'src',
+        'webviews',
+        'assets',
+        'exportNotes.js',
+      ),
+    );
+    const styleResetUri = webview.asWebviewUri(
+      vscode.Uri.joinPath(this._extensionUri, 'src', 'webviews', 'assets', 'reset.css'),
+    );
+    const styleVSCodeUri = webview.asWebviewUri(
+      vscode.Uri.joinPath(
+        this._extensionUri,
+        'src',
+        'webviews',
+        'assets',
+        'vscode.css',
+      ),
+    );
+    const styleMainUri = webview.asWebviewUri(
+      vscode.Uri.joinPath(this._extensionUri, 'src', 'webviews', 'assets', 'main.css'),
+    );
+
+    return `<!DOCTYPE html>
+			  <html lang="en">
+				  <head>
+					  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+            <link href="${styleResetUri}" rel="stylesheet">
+            <link href="${styleVSCodeUri}" rel="stylesheet">
+            <link href="${styleMainUri}" rel="stylesheet">
+				  </head>
+				  <body>
+            <p>Select the notes you want to export:</p>
+            <p>
+              <input type="checkbox" id="vulnerable-notes" value="vulnerable-notes" checked>
+              <label for="vulnerable-notes"> Vulnerable</label></br>
+              <input type="checkbox" id="not-vulnerable-notes" value="not-vulnerable-notes" checked>
+              <label for="not-vulnerable-notes"> Not Vulnerable</label></br>
+              <input type="checkbox" id="todo-notes" value="todo-notes" checked>
+              <label for="todo-notes"> TODO</label></br>
+              <input type="checkbox" id="no-status-notes" value="no-status-notes" checked>
+              <label for="no-status-notes"> No Status</label></br>
+            </p>
+            </br>
+
+            <p>Select additional options:</p>
+            <p>
+              <input type="checkbox" id="include-code-snippet" name="include-code-snippet" value="include-code-snippet" checked>
+              <label for="include-code-snippet"> Include code snippet</label></br>
+            </p>
+            <p>
+              <input type="checkbox" id="include-note-replies" name="include-note-replies" value="include-note-replies" checked>
+              <label for="include-note-replies"> Include note replies</label></br>
+            </p>
+            <p>
+              <input type="checkbox" id="include-authors" name="include-authors" value="include-authors" checked>
+              <label for="include-authors"> Include authors</label></br>
+            </p>
+            </br>
+
+            <p>Select export format:</p>
+            <p>
+              <select id="format-select">
+              <option value="markdown">Markdown</option>
+              </select>
+            </p>
+            </br>
+
+            <p>
+              <button class="export-notes-button">Export</button>
+            </p>
+
+            <script src="${scriptUri}"></script>
+				  </body>
+			  </html>`;
+  }
+}
+
+async function exportNotes(
+  status: any,
+  options: any,
+  format: string,
+  noteMap: Map<string, vscode.CommentThread>,
+) {
+  // filter notes based on selected status
+  const selectedNotes = [...noteMap]
+    .map(([_id, note]) => {
+      const firstComment = note.comments[0].body.toString();
+      if (
+        (status.vulnerable && firstComment.startsWith('[Vulnerable] ')) ||
+        (status.notVulnerable && firstComment.startsWith('[Not Vulnerable] ')) ||
+        (status.todo && firstComment.startsWith('[TODO] ')) ||
+        status.noStatus
+      ) {
+        return note;
+      }
+    })
+    .filter((element) => element !== undefined);
+
+  if (!selectedNotes.length) {
+    vscode.window.showInformationMessage('[Export] No notes met the criteria.');
+    return;
+  }
+
+  switch (format) {
+    case 'markdown': {
+      const outputs = await Promise.all(
+        selectedNotes.map(async (note: any) => {
+          // include code snippet
+          if (options.includeCodeSnippet) {
+            const codeSnippet = await exportCodeSnippet(note.uri, note.range);
+            return codeSnippet + exportComments(note, options);
+          }
+          return exportComments(note, options);
+        }),
+      );
+
+      const document = await vscode.workspace.openTextDocument({
+        content: outputs.join(''),
+        language: 'markdown',
+      });
+      vscode.window.showTextDocument(document);
+    }
+  }
+}
+
+function exportComments(note: vscode.CommentThread, options: any) {
+  // export first comment
+  let output = '';
+  output += exportComment(
+    note.comments[0].body.toString(),
+    options.includeAuthors ? note.comments[0].author.name : undefined,
+  );
+
+  // include replies
+  if (options.includeReplies) {
+    note.comments.slice(1).forEach((comment: vscode.Comment) => {
+      output += exportComment(
+        comment.body.toString(),
+        options.includeAuthors ? comment.author.name : undefined,
+      );
+    });
+  }
+
+  output += `\n-----\n`;
+  return output;
+}
+
+function exportComment(body: string, author: string | undefined) {
+  if (author) {
+    return `\n**${author}** - ${body}\n`;
+  }
+  return `\n${body}\n`;
+}
+
+async function exportCodeSnippet(uri: vscode.Uri, range: vscode.Range) {
+  const output = await vscode.workspace.openTextDocument(uri).then(async (document) => {
+    const newRange = new vscode.Range(range.start.line, 0, range.end.line + 1, 0);
+    const codeSnippet = await document.getText(newRange).trimEnd();
+    return `\nCode snippet \`${fullPathToRelative(
+      uri.fsPath,
+    )}\`:\n\n\`\`\`\n${codeSnippet}\n\`\`\`\n`;
+  });
+  return output;
+}