Merge remote-tracking branch 'upstream/master' into dbartol/QLTest

Dave Bartolomeo · Dave Bartolomeo · commit 9e6100f383e6 · 2019-11-22T10:35:04.000-07:00
diff --git a/README.md b/README.md
@@ -4,6 +4,8 @@ This project is an extension for Visual Studio Code that adds rich language supp
 
 The extension is released. You can download it from the [Visual Studio Marketplace](https://marketplace.visualstudio.com/items?itemName=github.vscode-codeql).
 
+To see what has changed in the last few versions of the extension, see the [Changelog](https://github.com/github/vscode-codeql/blob/master/extensions/ql-vscode/CHANGELOG.md).
+
 ![CI status badge](https://github.com/github/vscode-codeql/workflows/Build%20Extension/badge.svg)
 
 ## Features
diff --git a/extensions/ql-vscode/CHANGELOG.md b/extensions/ql-vscode/CHANGELOG.md
@@ -0,0 +1,14 @@
+# CodeQL for Visual Studio Code: Changelog
+
+## 1.0.1 - 21 November 2019
+
+- Change `codeQL.cli.executablePath` to a per-machine setting, so it can no longer be set at the user or workspace level. This helps prevent arbitrary code execution when using a VS Code workspace from an untrusted source.
+- Improve the highlighting of the selected query result within the source code.
+- Improve the performance of switching between result tables in the CodeQL Query Results view.
+- Fix the automatic upgrading of CodeQL databases when using upgrade scripts from the workspace.
+- Allow removal of items from the CodeQL Query History view.
+
+
+## 1.0.0 - 14 November 2019
+
+Initial release of CodeQL for Visual Studio Code.
diff --git a/extensions/ql-vscode/README.md b/extensions/ql-vscode/README.md
@@ -7,6 +7,8 @@ This project is an extension for Visual Studio Code that adds rich language supp
 * Provides an easy way to run queries from the large, open source repository of [CodeQL security queries](https://github.com/Semmle/ql).
 * Adds IntelliSense to support you writing and editing your own CodeQL query and library files.
 
+To see what has changed in the last few versions of the extension, see the [Changelog](https://github.com/github/vscode-codeql/blob/master/extensions/ql-vscode/CHANGELOG.md).
+
 ## Quick start overview
 
 The information in this `README` file describes the quickest way to start using CodeQL.
diff --git a/extensions/ql-vscode/package.json b/extensions/ql-vscode/package.json
@@ -4,7 +4,7 @@
   "description": "CodeQL for Visual Studio Code",
   "author": "GitHub",
   "private": true,
-  "version": "1.0.1",
+  "version": "1.0.2",
   "publisher": "GitHub",
   "license": "MIT",
   "icon": "media/VS-marketplace-CodeQL-icon.png",
@@ -86,7 +86,7 @@
       "title": "CodeQL",
       "properties": {
         "codeQL.cli.executablePath": {
-          "scope": "window",
+          "scope": "machine",
           "type": "string",
           "default": "",
           "description": "Path to the CodeQL executable that should be used by the CodeQL extension. The executable is named `codeql` on Linux/Mac and `codeql.cmd` on Windows. This overrides all other CodeQL CLI settings."
diff --git a/extensions/ql-vscode/src/config.ts b/extensions/ql-vscode/src/config.ts
@@ -37,18 +37,16 @@ const DISTRIBUTION_SETTING = new Setting('cli', ROOT_SETTING);
 const CUSTOM_CODEQL_PATH_SETTING = new Setting('executablePath', DISTRIBUTION_SETTING);
 const INCLUDE_PRERELEASE_SETTING = new Setting('includePrerelease', DISTRIBUTION_SETTING);
 const PERSONAL_ACCESS_TOKEN_SETTING = new Setting('personalAccessToken', DISTRIBUTION_SETTING);
-const OWNER_NAME_SETTING = new Setting('owner', DISTRIBUTION_SETTING);
-const REPOSITORY_NAME_SETTING = new Setting('repository', DISTRIBUTION_SETTING);
 
 /** When these settings change, the distribution should be updated. */
-const DISTRIBUTION_CHANGE_SETTINGS = [CUSTOM_CODEQL_PATH_SETTING, INCLUDE_PRERELEASE_SETTING, PERSONAL_ACCESS_TOKEN_SETTING, OWNER_NAME_SETTING, REPOSITORY_NAME_SETTING];
+const DISTRIBUTION_CHANGE_SETTINGS = [CUSTOM_CODEQL_PATH_SETTING, INCLUDE_PRERELEASE_SETTING, PERSONAL_ACCESS_TOKEN_SETTING];
 
 export interface DistributionConfig {
   customCodeQlPath?: string;
   includePrerelease: boolean;
   personalAccessToken?: string;
-  ownerName: string;
-  repositoryName: string;
+  ownerName?: string;
+  repositoryName?: string;
   onDidChangeDistributionConfiguration?: Event<void>;
 }
 
@@ -114,14 +112,6 @@ export class DistributionConfigListener extends ConfigListener implements Distri
     return PERSONAL_ACCESS_TOKEN_SETTING.getValue() ? PERSONAL_ACCESS_TOKEN_SETTING.getValue() : undefined;
   }
 
-  public get ownerName(): string {
-    return OWNER_NAME_SETTING.getValue();
-  }
-
-  public get repositoryName(): string {
-    return REPOSITORY_NAME_SETTING.getValue();
-  }
-
   public get onDidChangeDistributionConfiguration(): Event<void> {
     return this._onDidChangeConfiguration.event;
   }
diff --git a/extensions/ql-vscode/src/interface.ts b/extensions/ql-vscode/src/interface.ts
@@ -98,6 +98,7 @@ export class InterfaceManager extends DisposableObject {
 
     super();
     this.push(this._diagnosticCollection);
+    this.push(vscode.window.onDidChangeTextEditorSelection(this.handleSelectionChange.bind(this)));
   }
 
   // Returns the webview panel, creating it if it doesn't already
@@ -398,16 +399,54 @@ export class InterfaceManager extends DisposableObject {
       sortState: info.sortState
     };
   }
+
+  private handleSelectionChange(event: vscode.TextEditorSelectionChangeEvent) {
+    if (event.kind === vscode.TextEditorSelectionChangeKind.Command) {
+      return; // Ignore selection events we caused ourselves.
+    }
+    let editor = vscode.window.activeTextEditor;
+    if (editor !== undefined) {
+      editor.setDecorations(shownLocationDecoration, []);
+      editor.setDecorations(shownLocationLineDecoration, []);
+    }
+  }
 }
 
+const findMatchBackground = new vscode.ThemeColor('editor.findMatchBackground');
+const findRangeHighlightBackground = new vscode.ThemeColor('editor.findRangeHighlightBackground');
+
+const shownLocationDecoration = vscode.window.createTextEditorDecorationType({
+  backgroundColor: findMatchBackground,
+});
+
+const shownLocationLineDecoration = vscode.window.createTextEditorDecorationType({
+  backgroundColor: findRangeHighlightBackground,
+  isWholeLine: true
+});
+
 async function showLocation(loc: ResolvableLocationValue, databaseItem: DatabaseItem): Promise<void> {
   const resolvedLocation = tryResolveLocation(loc, databaseItem);
   if (resolvedLocation) {
     const doc = await workspace.openTextDocument(resolvedLocation.uri);
     const editor = await Window.showTextDocument(doc, vscode.ViewColumn.One);
-    const sel = new vscode.Selection(resolvedLocation.range.start, resolvedLocation.range.end);
-    editor.selection = sel;
-    editor.revealRange(sel, vscode.TextEditorRevealType.InCenter);
+    let range = resolvedLocation.range;
+    // When highlighting the range, vscode's occurrence-match and bracket-match highlighting will
+    // trigger based on where we place the cursor/selection, and will compete for the user's attention.
+    // For reference:
+    // - Occurences are highlighted when the cursor is next to or inside a word or a whole word is selected.
+    // - Brackets are highlighted when the cursor is next to a bracket and there is an empty selection.
+    // - Multi-line selections explicitly highlight line-break characters, but multi-line decorators do not.
+    //
+    // For single-line ranges, select the whole range, mainly to disable bracket highlighting.
+    // For multi-line ranges, place the cursor at the beginning to avoid visual artifacts from selected line-breaks.
+    // Multi-line ranges are usually large enough to overshadow the noise from bracket highlighting.
+    let selectionEnd = (range.start.line === range.end.line)
+        ? range.end
+        : range.start;
+    editor.selection = new vscode.Selection(range.start, selectionEnd);
+    editor.revealRange(range, vscode.TextEditorRevealType.InCenter);
+    editor.setDecorations(shownLocationDecoration, [range]);
+    editor.setDecorations(shownLocationLineDecoration, [range]);
   }
 }
 
