Merge branch 'master' into remove-vendor

package.json

@@ -139,6 +139,7 @@
     "devDependencies": {
         "@types/ini": "^1.3.31",
         "@types/json-to-ast": "^2.1.2",
+        "@types/micromatch": "^4.0.2",
         "@types/node": "^16.11.7",
         "@types/vscode": "^1.26.0",
         "@typescript-eslint/eslint-plugin": "^5.42.0",

src/data/socket-api-config.ts

@@ -17,6 +17,7 @@ export type IssueRules = Record<string, boolean | {
 
 export type APIConfig = {
     apiKey: string;
+    enforcedRules: IssueRules;
     defaultRules: IssueRules;
     orgRules: { id: string; name: string; issueRules: IssueRules }[]
 }
@@ -168,12 +169,13 @@ function getConfigFromSettings(apiKey: string, settings: KeyInfo, enforcedOrgs:
 
     return {
         apiKey,
-        defaultRules: mergeDefaults(enforcedRules, settings.defaultIssueRules),
+        enforcedRules,
+        defaultRules: settings.defaultIssueRules,
         orgRules: Object.values(settings.organizations).map(({ id, name, issueRules }) => {
             return {
                 id,
                 name,
-                issueRules: mergeDefaults(mergeRules(issueRules, enforcedRules), settings.defaultIssueRules)
+                issueRules: mergeDefaults(issueRules, settings.defaultIssueRules)
             }
         })
     }

src/extension.ts

@@ -207,7 +207,7 @@ export async function activate(context: ExtensionContext) {
                 if (relevantIssues && relevantIssues.length) {
                     const diagnosticsToShow = (await Promise.all(relevantIssues.map(
                         async (issue) => {
-                            const severity = getDiagnosticSeverity(issue.type, issue.severity, baseRules, socketYamlConfig)
+                            const severity = getDiagnosticSeverity(issue.type, issue.severity, apiConf.enforcedRules, baseRules, socketYamlConfig)
                             if (severity == null) return null
                             const diag = new vscode.Diagnostic(
                                 issue.range,

src/ui/file.ts

@@ -188,7 +188,7 @@ export function activate(
                 for (const [severity, types] of pkgIssues) {
                     for (const [type, descriptions] of types) {
                         for (const description of descriptions) {
-                            if (getDiagnosticSeverity(type, severity, issueRules, socketYamlConfig) != null) {
+                            if (getDiagnosticSeverity(type, severity, apiConf.enforcedRules, issueRules, socketYamlConfig) != null) {
                                 relevantIssues.push({
                                     type,
                                     severity,

src/util.ts

@@ -1,18 +1,18 @@
 import type { SocketYml } from '@socketsecurity/config';
 import * as toml from 'toml-eslint-parser';
 import * as vscode from 'vscode';
-import { IssueRules, ruleStrength } from './data/socket-api-config';
+import { IssueRules, mergeDefaults, mergeRules, ruleStrength } from './data/socket-api-config';
 
 export const DIAGNOSTIC_SOURCE_STR = 'SocketSecurity'
 export const EXTENSION_PREFIX = 'socket-security'
 
 const SEVERITY_LEVELS = ['low', 'middle', 'high', 'critical'];
 
-export function getDiagnosticSeverity(type: string, severity: string, issueRules: IssueRules, socketYamlConfig: SocketYml): vscode.DiagnosticSeverity | null {
-    const fullRules: IssueRules = { ...socketYamlConfig.issueRules }
-    for (const rule in issueRules) {
-        if (!(rule in fullRules)) fullRules[rule] = issueRules[rule]
-    }
+export function getDiagnosticSeverity(type: string, severity: string, enforcedRules: IssueRules, issueRules: IssueRules, socketYamlConfig: SocketYml): vscode.DiagnosticSeverity | null {
+    const fullRules: IssueRules = mergeDefaults(
+        mergeRules(enforcedRules, socketYamlConfig.issueRules),
+        issueRules
+    )
     const editorConfig = vscode.workspace.getConfiguration(EXTENSION_PREFIX)
     const handling = ruleStrength(fullRules[type])
     if (handling < 2) return null