-
Notifications
You must be signed in to change notification settings - Fork 16
feat(secrets): JIT Snyk Learn lessons for Secrets findings [EDU-4754] #1265
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
SnykOleg
wants to merge
25
commits into
main
Choose a base branch
from
edu-4754-secrets-learn-jit
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+715
−84
Open
Changes from all commits
Commits
Show all changes
25 commits
Select commit
Hold shift + click to select a range
54c86b5
feat(learn): support JIT lessons for Snyk Secrets findings [EDU-4754]
SnykOleg 89f213c
feat(secrets): populate Issue.LessonUrl during scan via learn.Service…
SnykOleg 448e4c2
feat(secrets): render Snyk Learn link in details panel [EDU-4754]
SnykOleg 495a433
Merge branch 'main' into edu-4754-secrets-learn-jit
SnykOleg 9e8df31
refactor(server): inject learn.Service via withContext middleware [ED…
SnykOleg 3b238bb
refactor(secrets): consume learn.Service from request context, fuse L…
SnykOleg d240ba7
merge(main): resolve server DI conflicts for edu-4754 branch [EDU-4754]
SnykOleg 8be3271
fix(secrets): inject learn service into scan context for autosave par…
SnykOleg f4a2c0c
test(secrets): assert LessonUrl in FindingsConverter via context lear…
SnykOleg 0ca69bc
docs: document secrets Learn JIT tested scenarios [EDU-4754]
SnykOleg 2870bc6
fix(secrets): align IDE issue card with product review [EDU-4754]
SnykOleg 86ec301
chore: PR #1265 product review preview images [EDU-4754]
SnykOleg 0295bfe
chore: PR #1265 product review preview images [EDU-4754]
SnykOleg 3505dc9
chore: remove PR preview PNGs from branch [EDU-4754]
SnykOleg be13ef1
chore: remove PR preview PNGs from branch [EDU-4754]
SnykOleg 0e2f362
fix(secrets): copy deps map in enrichContext for thread safety [EDU-4…
SnykOleg 33e6557
docs: move secrets issue panel docs under UI rendering section [EDU-4…
SnykOleg 770918f
chore: PR #1265 no-learn preview for product review [EDU-4754]
SnykOleg 61d573d
chore: remove PR preview PNG from branch [EDU-4754]
SnykOleg 6883fb1
Merge branch 'main' into edu-4754-secrets-learn-jit
SnykOleg aede219
Merge branch 'main' into edu-4754-secrets-learn-jit
SnykOleg d3bcd17
Merge branch 'main' into edu-4754-secrets-learn-jit
SnykOleg 814c8ca
merge(main): sync edu-4754-secrets-learn-jit with main [EDU-4754]
SnykOleg 6b098ae
merge: integrate remote branch history [EDU-4754]
SnykOleg 18fcdbc
Merge branch 'main' into edu-4754-secrets-learn-jit
basti-snyk File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should fix — a Secrets finding with no CWE gets an arbitrary, unrelated lesson. This case passes an empty rule and relies on "CWE intersection through the all-lessons fall-through." That works only when the finding actually has a CWE. When it doesn't (
extractProblemsreturnscwes=nilwhenever there's nocweproblem), the lookup goes: empty rule + empty ecosystem → all-lessons branch →filterForCWEswith an empty CWE list, whichfilterLessonWithComparatorFunctreats as a no-op and returns the full list →GetLessonpickslessons[0]. So the "Learn how to remediate Secrets securely" link points at an arbitrary, unrelated lesson (and the selection is non-deterministic across runs, sinceGetAll()iterates a map).Two reviewers flagged this independently. Suggested fix: in the Secrets path (or in
enrichWithLearnLesson) skip the lookup / return no lesson when there is no CWE match, so a CWE-less secret gets no link rather than a wrong one. Add a real-service (non-mock) test assertingLessonUrlis empty for a no-CWE secret with a non-empty Learn cache — the current tests mockGetLessonand never exercise this path.— AI review