Skip to content

Commit ced2893

Browse files
authored
Add link in Vulnerabilities Info Bar to Fix with GitHub Copilot (#7036)
1 parent acb51a1 commit ced2893

43 files changed

Lines changed: 854 additions & 107 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

Directory.Packages.props

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,7 @@
6464
<PackageVersion Include="Microsoft.TeamFoundationServer.ExtendedClient" Version="16.153.0" />
6565
<PackageVersion Include="Microsoft.Test.Apex.VisualStudio" Version="18.0.0-preview-1-10723-180" />
6666
<PackageVersion Include="Microsoft.TestPlatform.Portable" Version="17.1.0" />
67+
<PackageVersion Include="Microsoft.VisualStudio.Copilot" Version="18.0.848-alpha" />
6768
<PackageVersion Include="Microsoft.VisualStudio.LanguageServices" Version="4.3.1" />
6869
<PackageVersion Include="Microsoft.VisualStudio.Markdown.Platform" Version="17.14.76-preview" />
6970
<PackageVersion Include="Microsoft.VisualStudio.ProjectSystem" Version="17.4.221-pre" />

NuGet.Config

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
<package pattern="Azure.Core " />
2121
<package pattern="ben.demystifier" />
2222
<package pattern="castle.core" />
23+
<package pattern="Google.Protobuf" />
2324
<package pattern="Humanizer.Core" />
2425
<package pattern="ilrepack" />
2526
<package pattern="lucene.net" />
@@ -73,7 +74,7 @@
7374
<package pattern="microsoft.test.apex.visualstudio" />
7475
<package pattern="Microsoft.VisualStudio.*" />
7576
<package pattern="Microsoft.VisualStudioEng.MicroBuild.Core" />
76-
<package pattern="Microsoft.VSSDK.BuildTools" />
77+
<package pattern="Microsoft.VSSDK.*" />
7778
<package pattern="stdole" />
7879
<package pattern="streamjsonrpc" />
7980
<package pattern="vslangproj" />

src/NuGet.Clients/NuGet.PackageManagement.UI/NuGet.PackageManagement.UI.csproj

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@
2525
</ItemGroup>
2626

2727
<ItemGroup>
28+
<PackageReference Include="Microsoft.VisualStudio.Copilot" ExcludeAssets="runtime" />
2829
<PackageReference Include="Microsoft.VisualStudio.Markdown.Platform" />
2930
<PackageReference Include="Microsoft.VisualStudio.Sdk" />
3031
<PackageReference Include="Microsoft.VisualStudio.Shell.Styles" />
Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
// Copyright (c) .NET Foundation. All rights reserved.
2+
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
3+
4+
namespace NuGet.PackageManagement.Telemetry
5+
{
6+
public enum FixVulnerabilitiesWithCopilotErrorType
7+
{
8+
None,
9+
CopilotNotReady,
10+
ServiceBrokerNotAvailable,
11+
CopilotServiceNotAvailable,
12+
McpToolServiceNotAvailable,
13+
CopilotAccessDenied
14+
}
15+
}

src/NuGet.Clients/NuGet.PackageManagement.VisualStudio/Telemetry/HyperlinkType.cs

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,6 @@ public enum HyperlinkType
1414
DeprecationAlternativeDetails,
1515
DeprecationAlternativePackageItem,
1616
VulnerabilityAdvisory,
17-
VulnerabilityAdvisoryGHCopilotDocs,
1817
OptionsBlocked,
1918
OwnerProfile,
2019
OwnerProfileDetailsPane

src/NuGet.Clients/NuGet.PackageManagement.VisualStudio/Telemetry/NavigatedTelemetryEvent.cs

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,8 @@ public class NavigatedTelemetryEvent : TelemetryEvent
2626

2727
internal const string AlternativePackageIdPropertyName = "AlternativePackageId";
2828

29+
internal const string ErrorTypePropertyName = "ErrorType";
30+
2931
/// <summary>
3032
/// General Navigation event with an origin specified.
3133
/// </summary>
@@ -81,6 +83,16 @@ public static NavigatedTelemetryEvent CreateWithVulnerabilityInfoBarManagePackag
8183
return navigatedTelemetryEvent;
8284
}
8385

86+
/// <summary>
87+
/// Navigating from the Vulnerability InfoBar to Fix Vulnerabilities with GitHub Copilot.
88+
/// </summary>
89+
public static NavigatedTelemetryEvent CreateWithVulnerabilityInfoBarFixWithCopilot(FixVulnerabilitiesWithCopilotErrorType errorType)
90+
{
91+
NavigatedTelemetryEvent navigatedTelemetryEvent = new(NavigationType.Button, NavigationOrigin.VulnerabilityInfoBar_FixVulnerabilitiesWithCopilot);
92+
navigatedTelemetryEvent[ErrorTypePropertyName] = errorType;
93+
return navigatedTelemetryEvent;
94+
}
95+
8496
/// <summary>
8597
/// Navigating an External hyperlink from VS.
8698
/// </summary>

src/NuGet.Clients/NuGet.PackageManagement.VisualStudio/Telemetry/NavigationOrigin.cs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ public enum NavigationOrigin
1212
Options_LocalsCommand_ClearAll,
1313
PMUI_ExternalLink,
1414
PMUI_PackageSourceMapping_Configure,
15-
VulnerabilityInfoBar_ManagePackages
15+
VulnerabilityInfoBar_ManagePackages,
16+
VulnerabilityInfoBar_FixVulnerabilitiesWithCopilot
1617
}
1718
}

src/NuGet.Clients/NuGet.SolutionRestoreManager/Resources.Designer.cs

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/NuGet.Clients/NuGet.SolutionRestoreManager/Resources.resx

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -197,7 +197,8 @@ To prevent NuGet from restoring packages during build, open the Visual Studio Op
197197
<value>'{0}' items do not have the same value(s) across all target frameworks. Remove any condition from MSBuild files for '{0}' items.</value>
198198
<comment>{0} - MSBuild item type. For example, NuGetAuditSuppress</comment>
199199
</data>
200-
<data name="InfoBar_HyperlinkGHCopilotDocs" xml:space="preserve">
201-
<value>How to fix with GitHub Copilot</value>
200+
<data name="InfoBar_HyperlinkFixVulnerabilitiesWithCopilot" xml:space="preserve">
201+
<value>Fix with GitHub Copilot</value>
202+
<comment>Do not translate GitHub or Copilot</comment>
202203
</data>
203-
</root>
204+
</root>

src/NuGet.Clients/NuGet.SolutionRestoreManager/VulnerablePackagesInfoBar.cs

Lines changed: 27 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111
using Microsoft.VisualStudio.Imaging;
1212
using Microsoft.VisualStudio.Shell;
1313
using Microsoft.VisualStudio.Shell.Interop;
14+
using Microsoft.VisualStudio.Threading;
1415
using NuGet.Common;
1516
using NuGet.PackageManagement;
1617
using NuGet.PackageManagement.Telemetry;
@@ -23,27 +24,25 @@ namespace NuGet.SolutionRestoreManager
2324
[PartCreationPolicy(CreationPolicy.Shared)]
2425
public class VulnerablePackagesInfoBar : IVulnerabilitiesNotificationService, IVsInfoBarUIEvents
2526
{
26-
private const string LogEntrySource = "NuGet Package Manager";
27-
2827
private IAsyncServiceProvider _asyncServiceProvider = AsyncServiceProvider.GlobalProvider;
2928
internal IVsInfoBarUIElement? _infoBarUIElement;
3029
internal bool _infoBarVisible = false; // InfoBar is currently being displayed in the Solution Explorer
3130
internal bool _wasInfoBarClosed = false; // InfoBar was closed by the user, using the 'x'(close) in the InfoBar
3231
internal bool _wasInfoBarHidden = false; // InfoBar was hid, this is caused because there are no more vulnerabilities to address
3332
private uint? _eventCookie; // To hold the connection cookie
34-
private InfoBarHyperlink _hyperlinkPmui;
35-
private InfoBarHyperlink _hyperlinkGHCopilotDocs;
33+
private IVsInfoBarActionItem? _launchPackageManagerActionItem;
34+
private IVsInfoBarActionItem? _fixVulnerabilitiesActionItem;
3635

3736
private Lazy<IPackageManagerLaunchService>? PackageManagerLaunchService { get; }
37+
private Lazy<IFixVulnerabilitiesService>? FixVulnerabilitiesService { get; }
3838
private ISolutionManager? SolutionManager { get; }
3939

4040
[ImportingConstructor]
41-
public VulnerablePackagesInfoBar(ISolutionManager solutionManager, Lazy<IPackageManagerLaunchService> packageManagerLaunchService)
41+
public VulnerablePackagesInfoBar(ISolutionManager solutionManager, Lazy<IPackageManagerLaunchService> packageManagerLaunchService, Lazy<IFixVulnerabilitiesService> fixVulnerabilitiesService)
4242
{
43-
_hyperlinkPmui = new InfoBarHyperlink(Resources.InfoBar_HyperlinkMessage);
44-
_hyperlinkGHCopilotDocs = new InfoBarHyperlink(Resources.InfoBar_HyperlinkGHCopilotDocs, "https://aka.ms/nugetmcp/auditFix");
4543
SolutionManager = solutionManager;
4644
PackageManagerLaunchService = packageManagerLaunchService;
45+
FixVulnerabilitiesService = fixVulnerabilitiesService;
4746
SolutionManager.SolutionClosed += OnSolutionClosed;
4847
}
4948

@@ -163,44 +162,38 @@ public void OnClosed(IVsInfoBarUIElement infoBarUIElement)
163162
public void OnActionItemClicked(IVsInfoBarUIElement infoBarUIElement, IVsInfoBarActionItem actionItem)
164163
{
165164
ThreadHelper.ThrowIfNotOnUIThread();
166-
if (actionItem != null)
165+
if (actionItem == _launchPackageManagerActionItem)
167166
{
168-
if (actionItem.ActionContext == _hyperlinkGHCopilotDocs.ActionContext)
169-
{
170-
LaunchGitHubCopilotDocs();
171-
}
172-
else
173-
{
174-
PackageManagerLaunchService?.Value.LaunchSolutionPackageManager();
175-
var evt = NavigatedTelemetryEvent.CreateWithVulnerabilityInfoBarManagePackages();
176-
TelemetryActivity.EmitTelemetryEvent(evt);
177-
}
178-
}
179-
}
180-
181-
private void LaunchGitHubCopilotDocs()
182-
{
183-
try
184-
{
185-
System.Diagnostics.Process.Start(_hyperlinkGHCopilotDocs.ActionContext);
186-
var evt = NavigatedTelemetryEvent.CreateWithExternalLink(HyperlinkType.VulnerabilityAdvisoryGHCopilotDocs);
167+
PackageManagerLaunchService?.Value.LaunchSolutionPackageManager();
168+
var evt = NavigatedTelemetryEvent.CreateWithVulnerabilityInfoBarManagePackages();
187169
TelemetryActivity.EmitTelemetryEvent(evt);
188170
}
189-
catch (System.ComponentModel.Win32Exception ex)
171+
else if (actionItem == _fixVulnerabilitiesActionItem)
190172
{
191-
ActivityLog.LogError(LogEntrySource, ex.ToString());
173+
NuGetUIThreadHelper.JoinableTaskFactory.RunAsync(async () =>
174+
{
175+
if (FixVulnerabilitiesService == null)
176+
{
177+
return;
178+
}
179+
180+
await FixVulnerabilitiesService.Value.LaunchFixVulnerabilitiesAsync(CancellationToken.None);
181+
}).PostOnFailure(nameof(VulnerablePackagesInfoBar));
192182
}
193183
}
194184

195185
protected InfoBarModel GetInfoBarModel()
196186
{
197-
IEnumerable<IVsInfoBarTextSpan> textSpans = new IVsInfoBarTextSpan[]
198-
{
187+
_launchPackageManagerActionItem = new InfoBarHyperlink(Resources.InfoBar_HyperlinkMessage);
188+
_fixVulnerabilitiesActionItem = new InfoBarHyperlink(Resources.InfoBar_HyperlinkFixVulnerabilitiesWithCopilot);
189+
190+
IEnumerable<IVsInfoBarTextSpan> textSpans =
191+
[
199192
new InfoBarTextSpan(Resources.InfoBar_TextMessage + " "),
200-
_hyperlinkPmui,
193+
_launchPackageManagerActionItem,
201194
new InfoBarTextSpan(" | "),
202-
_hyperlinkGHCopilotDocs
203-
};
195+
_fixVulnerabilitiesActionItem
196+
];
204197

205198
return new InfoBarModel(
206199
textSpans,

0 commit comments

Comments
 (0)