Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

C# Extension throws error on hover over diagnostic from Semgrep Extension. #7505

Open
jkinsfather opened this issue Sep 3, 2024 · 2 comments
Open

C# Extension throws error on hover over diagnostic from Semgrep Extension. #7505

jkinsfather opened this issue Sep 3, 2024 · 2 comments
Assignees
@JoeRobich
Labels
Bug Triaged
Milestone
September2024

Comments

@jkinsfather
Copy link

Type: Bug

Issue Description

The C# extension cannot handle code actions when there are diagnostics from the Semgrep Extension included in the request.

Hovering over a Semgrep diagnostic causes the C# extension to throw a Request textDocument/codeAction failed. error.

Steps to Reproduce

  1. Install the C# extension
  2. Install the Semgrep extension
  3. Install the Semgrep CLI tool locally: 'brew install semgrep'
  4. Create a new .cs file with the following contents:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using RazorEngine;
using RazorEngine.Templating;

    namespace RazorVulnerableApp.Controllers
{
    public class HomeController : Controller
    {
        [HttpPost]
        [ValidateInput(false)]
        public ActionResult Index(string inert, string razorTpl)
        {
            // WARNING This code is vulnerable on purpose: do not use in production and do not take it as an example!
            // ruleid: razor-template-injection
            ViewBag.RenderedTemplate = Razor.Parse(razorTpl);
            ViewBag.Template = razorTpl;
            return View();
        }
    }
}
  1. Run a Semgrep scan with the VS Code command Semgrep: scan all files in workspace.
  2. Hover over the Semgrep diagnostic on line 19 of the file.
  3. Note the error thrown by the C# extension as a popup in the lower right-hand corner with the message Request textDocument/codeAction failed.

Expected Behavior

The C# extension should not throw an error when hovering over the diagnostic from another extension.

Actual Behavior

The C# extension throws an error when hovering over a diagnostic from the Semgrep extension.

Logs

C# log

[Error - 10:57:41 AM] [LanguageServerHost] System.UriFormatException: Invalid URI: The Authority/Host could not be parsed.
   at System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind, UriCreationOptions& creationOptions)
   at System.Uri..ctor(String uriString)
   at Roslyn.LanguageServer.Protocol.DocumentUriConverter.Read(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options) in /_/src/LanguageServer/Protocol/Protocol/Converters/DocumentUriConverter.cs:line 17
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.Metadata.JsonPropertyInfo`1.ReadJsonAndSetMember(Object obj, ReadStack& state, Utf8JsonReader& reader)
   at System.Text.Json.Serialization.Converters.ObjectDefaultConverter`1.OnTryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value)
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.Metadata.JsonPropertyInfo`1.ReadJsonAndSetMember(Object obj, ReadStack& state, Utf8JsonReader& reader)
   at System.Text.Json.Serialization.Converters.ObjectDefaultConverter`1.OnTryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value)
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.JsonConverter`1.ReadCore(Utf8JsonReader& reader, JsonSerializerOptions options, ReadStack& state)
   at System.Text.Json.JsonSerializer.Read[TValue](Utf8JsonReader& reader, JsonTypeInfo`1 jsonTypeInfo)
   at Roslyn.LanguageServer.Protocol.VSExtensionConverter`2.Read(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options) in /_/src/LanguageServer/Protocol/Protocol/Extensions/Converters/VSExtensionConverter.cs:line 25
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.JsonCollectionConverter`2.OnTryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, TCollection& value)
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.Metadata.JsonPropertyInfo`1.ReadJsonAndSetMember(Object obj, ReadStack& state, Utf8JsonReader& reader)
   at System.Text.Json.Serialization.Converters.ObjectDefaultConverter`1.OnTryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value)
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.JsonConverter`1.ReadCore(Utf8JsonReader& reader, JsonSerializerOptions options, ReadStack& state)
   at System.Text.Json.JsonSerializer.Read[TValue](Utf8JsonReader& reader, JsonTypeInfo`1 jsonTypeInfo)
   at Roslyn.LanguageServer.Protocol.VSExtensionConverter`2.Read(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options) in /_/src/LanguageServer/Protocol/Protocol/Extensions/Converters/VSExtensionConverter.cs:line 25
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.Metadata.JsonPropertyInfo`1.ReadJsonAndSetMember(Object obj, ReadStack& state, Utf8JsonReader& reader)
   at System.Text.Json.Serialization.Converters.ObjectDefaultConverter`1.OnTryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value)
   at System.Text.Json.Serialization.JsonConverter`1.TryRead(Utf8JsonReader& reader, Type typeToConvert, JsonSerializerOptions options, ReadStack& state, T& value, Boolean& isPopulatedValue)
   at System.Text.Json.Serialization.JsonConverter`1.ReadCore(Utf8JsonReader& reader, JsonSerializerOptions options, ReadStack& state)
   at System.Text.Json.JsonSerializer.ReadFromSpan[TValue](ReadOnlySpan`1 utf8Json, JsonTypeInfo`1 jsonTypeInfo, Nullable`1 actualByteCount)
   at System.Text.Json.JsonSerializer.Deserialize[TValue](JsonElement element, JsonSerializerOptions options)
   at Microsoft.CommonLanguageServerProtocol.Framework.SystemTextJsonLanguageServer`1.DeserializeRequest[TRequest](Object serializedRequest, RequestHandlerMetadata metadata) in /_/src/LanguageServer/Microsoft.CommonLanguageServerProtocol.Framework/SystemTextJsonLanguageServer.cs:line 30
   at Microsoft.CommonLanguageServerProtocol.Framework.QueueItem`1.TryDeserializeRequest[TRequest](AbstractLanguageServer`1 languageServer, RequestHandlerMetadata requestHandlerMetadata, Boolean isMutating, TRequest& request) in /_/src/LanguageServer/Microsoft.CommonLanguageServerProtocol.Framework/QueueItem.cs:line 117
[Error - 10:57:41 AM] Request textDocument/codeAction failed.
  Message: Invalid URI: The Authority/Host could not be parsed.
  Code: -32000 
[object Object]
[LanguageServerHost] [06:04:19.029][End]textDocument/codeAction
[LanguageServerHost] No request parameters given, using default language handler
[LanguageServerHost] [06:04:31.798][Start]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] [06:04:31.799][End]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] No request parameters given, using default language handler
[LanguageServerHost] [06:04:33.132][Start]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] [06:04:33.133][End]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] No request parameters given, using default language handler
[LanguageServerHost] [06:04:54.962][Start]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] [06:04:54.963][End]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] No request parameters given, using default language handler
[LanguageServerHost] [06:04:56.392][Start]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] [06:04:56.393][End]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] No request parameters given, using default language handler
[LanguageServerHost] [06:05:00.973][Start]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] [06:05:00.974][End]workspace/buildOnlyDiagnosticIds
[LanguageServerHost] Using C# from request text document
[LanguageServerHost] /Users/jkinsfather/repo/apps/dvcsharp-api/semgrep_test.cs found in workspace Host
[LanguageServerHost] [06:05:01.218][Start]textDocument/codeLens
[LanguageServerHost] [06:05:01.220][End]textDocument/codeLens
[LanguageServerHost] Using C# from data text document
[LanguageServerHost] /Users/jkinsfather/repo/apps/dvcsharp-api/semgrep_test.cs found in workspace Host
[LanguageServerHost] [06:05:01.474][Start]codeLens/resolve
[LanguageServerHost] [06:05:01.481][End]codeLens/resolve
[LanguageServerHost] Using C# from request text document

C# LSP Trace Logs

Environment information

VSCode version: 1.92.2
C# Extension: 2.39.29
Using OmniSharp: false

Dotnet Information .NET SDK: Version: 8.0.401 Commit: 811edcc344 Workload version: 8.0.400-manifests.b6724b7a MSBuild version: 17.11.4+37eb419ad

Runtime Environment:
OS Name: Mac OS X
OS Version: 14.6
OS Platform: Darwin
RID: osx-arm64
Base Path: /usr/local/share/dotnet/sdk/8.0.401/

.NET workloads installed:
Configured to use loose manifests when installing new manifests.
There are no installed workloads to display.

Host:
Version: 8.0.8
Architecture: arm64
Commit: 08338fcaa5

.NET SDKs installed:
8.0.401 [/usr/local/share/dotnet/sdk]

.NET runtimes installed:
Microsoft.AspNetCore.App 8.0.8 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 8.0.8 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App]

Other architectures found:
None

Environment variables:
Not set

global.json file:
Not found

Learn more:
https://aka.ms/dotnet/info

Download .NET:
https://aka.ms/dotnet/download

Visual Studio Code Extensions
Extension Author Version Folder Name
black-formatter ms-python 2024.2.0 ms-python.black-formatter-2024.2.0
cmake twxs 0.0.17 twxs.cmake-0.0.17
cmake-tools ms-vscode 1.19.49 ms-vscode.cmake-tools-1.19.49
cpptools ms-vscode 1.21.6 ms-vscode.cpptools-1.21.6-darwin-arm64
cpptools-extension-pack ms-vscode 1.3.0 ms-vscode.cpptools-extension-pack-1.3.0
cpptools-themes ms-vscode 2.0.0 ms-vscode.cpptools-themes-2.0.0
csdevkit ms-dotnettools 1.9.55 ms-dotnettools.csdevkit-1.9.55-darwin-arm64
csharp ms-dotnettools 2.39.29 ms-dotnettools.csharp-2.39.29-darwin-arm64
debugpy ms-python 2024.10.0 ms-python.debugpy-2024.10.0-darwin-arm64
intellicode-api-usage-examples VisualStudioExptTeam 0.2.8 visualstudioexptteam.intellicode-api-usage-examples-0.2.8
java redhat 1.34.0 redhat.java-1.34.0-darwin-arm64
json Meezilla 0.1.2 meezilla.json-0.1.2
json ZainChen 2.0.2 zainchen.json-2.0.2
org-mode tootone 0.5.0 tootone.org-mode-0.5.0
prettify-json mohsen1 0.0.3 mohsen1.prettify-json-0.0.3
preview-vscode searKing 2.3.7 searking.preview-vscode-2.3.7
python ms-python 2024.12.3 ms-python.python-2024.12.3-darwin-arm64
sarif-viewer MS-SarifVSCode 3.4.4 ms-sarifvscode.sarif-viewer-3.4.4
semgrep Semgrep 1.8.2 semgrep.semgrep-1.8.2
sr-jsonnet-extension SR 0.14.0 sr.sr-jsonnet-extension-0.14.0
vscode-ansi iliazeus 1.1.7 iliazeus.vscode-ansi-1.1.7
vscode-dotnet-runtime ms-dotnettools 2.1.5 ms-dotnettools.vscode-dotnet-runtime-2.1.5
vscode-gradle vscjava 3.16.4 vscjava.vscode-gradle-3.16.4
vscode-java-debug vscjava 0.58.0 vscjava.vscode-java-debug-0.58.0
vscode-java-dependency vscjava 0.24.0 vscjava.vscode-java-dependency-0.24.0
vscode-java-pack vscjava 0.29.0 vscjava.vscode-java-pack-0.29.0
vscode-java-test vscjava 0.42.0 vscjava.vscode-java-test-0.42.0
vscode-jsonnet Grafana 0.6.1 grafana.vscode-jsonnet-0.6.1
vscode-maven vscjava 0.44.0 vscjava.vscode-maven-0.44.0
vscode-pylance ms-python 2024.8.2 ms-python.vscode-pylance-2024.8.2
vscode-yaml redhat 1.15.0 redhat.vscode-yaml-1.15.0
vscodeintellicode VisualStudioExptTeam 1.3.1 visualstudioexptteam.vscodeintellicode-1.3.1

Extension version: 2.39.29
VS Code version: Code 1.92.2 (Universal) (fee1edb8d6d72a0ddff41e5f71a671c23ed924b9, 2024-08-14T17:29:30.058Z)
OS version: Darwin arm64 23.6.0
Modes:

System Info
Item Value
CPUs Apple M2 Pro (10 x 2400)
GPU Status 2d_canvas: enabled
canvas_oop_rasterization: enabled_on
direct_rendering_display_compositor: disabled_off_ok
gpu_compositing: enabled
multiple_raster_threads: enabled_on
opengl: enabled_on
rasterization: enabled
raw_draw: disabled_off_ok
skia_graphite: disabled_off
video_decode: enabled
video_encode: enabled
webgl: enabled
webgl2: enabled
webgpu: enabled
webnn: disabled_off
Load (avg) 3, 3, 3
Memory (System) 16.00GB (0.06GB free)
Process Argv --crash-reporter-id 830ea1cb-5cd9-4878-9098-4764a60399f9
Screen Reader no
VM 0%
A/B Experiments 
vsliv368cf:30146710
vspor879:30202332
vspor708:30202333
vspor363:30204092
vscod805cf:30301675
binariesv615:30325510
vsaa593:30376534
py29gd2263:31024239
c4g48928:30535728
azure-dev_surveyone:30548225
a9j8j154:30646983
962ge761:30959799
pythongtdpath:30769146
welcomedialog:30910333
pythonnoceb:30805159
asynctok:30898717
pythonregdiag2:30936856
pythonmypyd1:30879173
h48ei257:31000450
pythontbext0:30879054
accentitlementst:30995554
dsvsc016:30899300
dsvsc017:30899301
dsvsc018:30899302
cppperfnew:31000557
dsvsc020:30976470
pythonait:31006305
dsvsc021:30996838
g316j359:31013175
pythoncenvpt:31062603
a69g1124:31058053
dvdeprecation:31068756
dwnewjupytercf:31046870
newcmakeconfigv2:31071590
impr_priority:31102340
refactort:31108082
pythonrstrctxt:31112756
flightc:31119335
wkspc-onlycs-t:31111718
wkspc-ranged-t:31125599
fje88620:31121564
aajjf12562cf:31125794
@dibarbet
Copy link
Member

dibarbet commented Sep 3, 2024

@jkinsfather if you have it, could you also include the full JSON of the failing code action request? It should be in the 'C# LSP Trace Logs' output window when dotnet.server.trace is set to Trace (looks like you have that enabled).

I suspect that the semgrep diagnostic has an invalid URI somewhere in it, which is getting serialized in the code action request.

@dibarbet dibarbet added this to the September2024 milestone Sep 3, 2024
@jkinsfather
Copy link
Author

jkinsfather commented Sep 3, 2024
edited
Loading

@dibarbet here is a zip of the 'C# LSP Trace Logs'
7-C# LSP Trace Logs.log.zip

Is this the correct JSON?

[Trace - 1:08:33 PM] Sending request 'textDocument/codeAction - (2)'.
Params: {
    "textDocument": {
        "uri": "file:///Users/jkinsfather/repo/apps/dvcsharp-api/semgrep_test.cs"
    },
    "range": {
        "start": {
            "line": 9,
            "character": 1
        },
        "end": {
            "line": 9,
            "character": 1
        }
    },
    "context": {
        "diagnostics": [],
        "triggerKind": 2
    }
}

[Trace - 1:08:33 PM] Received response 'textDocument/codeAction - (2)' in 62ms. Request failed: The task was cancelled. (-32800).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JoeRobich JoeRobich

Labels
Bug Triaged
Projects
None yet
Milestone
September2024
Development

No branches or pull requests
3 participants
@JoeRobich @dibarbet @jkinsfather