Skip to content

Initial Setup #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 19 commits into from
Mar 1, 2023
Merged

Initial Setup #1

merged 19 commits into from
Mar 1, 2023

Conversation

matthewnitschke-wk
Copy link
Contributor

@matthewnitschke-wk matthewnitschke-wk commented Feb 23, 2023
edited
Loading

Initial project setup for a dart scip indexer

An example of a uploaded code intel can be found on the syncdeps_dart repo

@rmconsole-wf
Copy link

rmconsole-wf commented Feb 23, 2023
edited by rmconsole3-wf
Loading

Merge Requirements Met ✅

Request Rosie to automerge this pull request by including @Workiva/release-management-p in a comment.

General Information

Ticket(s): None found in title
Code Review(s): #1
Release Image Tags:

Reviewers: alanknight-wk, matthewnitschke-wk

Additional Information

Watchlist Notifications: None

	When this pull is merged I will add it to the following release:
	Version: scip-dart 0.1.0
	Release Ticket(s): None

Note: This is a shortened report. Click here to view Rosie's full evaluation.
Last updated on Wednesday, March 01 03:17 PM CST

@aviary-wf
Copy link

aviary-wf commented Feb 23, 2023
edited
Loading

Security Insights

The items listed below may not capture all security relevant changes. Before providing a security review, be sure to review the entire PR for security impact.

(1) Security relevant changes were detected
  • Watched file aviary.yaml added
    • (15) Potential secrets were detected
  • Potential secret found in lib/src/gen/scip.pbjson.dart on line 32:
    base64Decode('CgxUZXh0RW5jb2RpbmcSGwoXVW5zcGVjaWZpZWRUZXh0RW5jb2RpbmcQABIICgRVVEY4EAESCQoFVVRGMTYQAg==');
  • Potential secret found in lib/src/gen/scip.pbjson.dart on line 48:
    64Decode('CgpTeW1ib2xSb2xlEhkKFVVuc3BlY2lmaWVkU3ltYm9sUm9sZRAAEg4KCkRlZmluaXRpb24QARIKCgZJbXBvcnQQAhIPCgtXcml0ZUFjY2VzcxAEEg4KClJlYWRBY2Nlc3MQCBINCglHZW5lcmF0ZWQQEBIICgRUZXN0ECA=');
  • Potential secret found in lib/src/gen/scip.pbjson.dart on line 105:
    64Decode('CgpTeW50YXhLaW5kEhkKFVVuc3BlY2lmaWVkU3ludGF4S2luZBAAEgsKB0NvbW1lbnQQARIYChRQdW5jdHVhdGlvbkRlbGltaXRlchACEhYKElB1bmN0dWF0aW9uQnJhY2tldBADEgsKB0tleXdvcmQQBBIZChFJZGVudGlmaWVyS2V5d29yZBAEGgIIARIWChJJZGVudGlmaWVyT3BlcmF0b3IQBRIOCgpJZGVudGlmaWVyEAYSFQoRSWRlbnRpZmllckJ1aWx0aW4QBxISCg5JZGVudGlmaWVyTnVsbBAIEhYKEklkZW50aWZpZXJDb25zdGFudBAJEhsKF0lkZW50aWZpZXJNdXRhYmxlR2xvYmFsEAoSFwoTSWRlbnRpZmllclBhcmFtZXRlchALEhMKD0lkZW50aWZpZXJMb2NhbBAMEhYKEklkZW50aWZpZXJTaGFkb3dlZBANEhcKE0lkZW50aWZpZXJOYW1lc3BhY2UQDhIYChBJZGVudGlmaWVyTW9kdWxlEA4aAggBEhYKEklkZW50aWZpZXJGdW5jdGlvbhAPEiAKHElkZW50aWZpZXJGdW5jdGlvbkRlZmluaXRpb24QEBITCg9JZGVudGlmaWVyTWFjcm8QERIdChlJZGVudGlmaWVyTWFjcm9EZWZpbml0aW9uEBISEgoOSWRlbnRpZmllclR5cGUQExIZChVJZGVudGlmaWVyQnVpbHRpblR5cGUQFBIXChNJZGVudGlmaWVyQXR0cmlidXRlEBUSDwoLUmVnZXhFc2NhcGUQFhIRCg1SZWdleFJlcGVhdGVkEBcSEQoNUmVnZXhXaWxkY2FyZBAYEhIKDlJlZ2V4RGVsaW1pdGVyEBkSDQoJUmVnZXhKb2luEBoSEQoNU3RyaW5nTGl0ZXJhbBAbEhcKE1N0cmluZ0xpdGVyYWxFc2NhcGUQHBIYChRTdHJpbmdMaXRlcmFsU3BlY2lhbBAdEhQKEFN0cmluZ0xpdGVyYWxLZXkQHhIUChBDaGFyYWN0ZXJMaXRlcmFsEB8SEgoOTnVtZXJpY0xpdGVyYWwQIBISCg5Cb29sZWFuTGl0ZXJhbBAhEgcKA1RhZxAiEhAKDFRhZ0F0dHJpYnV0ZRAjEhAKDFRhZ0RlbGltaXRlchAkGgIQAQ==');
  • Potential secret found in lib/src/gen/scip.pbjson.dart on line 119:
    64Decode('CghTZXZlcml0eRIXChNVbnNwZWNpZmllZFNldmVyaXR5EAASCQoFRXJyb3IQARILCgdXYXJuaW5nEAISDwoLSW5mb3JtYXRpb24QAxIICgRIaW50EAQ=');
  • Potential secret found in lib/src/gen/scip.pbjson.dart on line 131:
    64Decode('Cg1EaWFnbm9zdGljVGFnEhwKGFVuc3BlY2lmaWVkRGlhZ25vc3RpY1RhZxAAEg8KC1VubmVjZXNzYXJ5EAESDgoKRGVwcmVjYXRlZBAC');
  • Potential secret found in lib/src/gen/scip.pbjson.dart on line 234:
    64Decode('CghMYW5ndWFnZRIXChNVbnNwZWNpZmllZExhbmd1YWdlEAASCAoEQUJBUBA8EgcKA0FQTBAxEgcKA0FkYRAnEggKBEFnZGEQLRIMCghBc2NpaURvYxBWEgwKCEFzc2VtYmx5EDoSBwoDQXdrEEISBwoDQmF0EEQSCgoGQmliVGVYEFESBQoBQxAiEgkKBUNPQk9MEDsSBwoDQ1BQECMSBwoDQ1NTEBoSCgoGQ1NoYXJwEAESCwoHQ2xvanVyZRAIEhAKDENvZmZlZXNjcmlwdBAVEg4KCkNvbW1vbkxpc3AQCRIHCgNDb3EQLxIICgREYXJ0EAMSCgoGRGVscGhpEDkSCAoERGlmZhBYEg4KCkRvY2tlcmZpbGUQUBIKCgZEeWFsb2cQMhIKCgZFbGl4aXIQERIKCgZFcmxhbmcQEhIKCgZGU2hhcnAQKhIICgRGaXNoEEESCAoERmxvdxAYEgsKB0ZvcnRyYW4QOBIOCgpHaXRfQ29tbWl0EFsSDgoKR2l0X0NvbmZpZxBZEg4KCkdpdF9SZWJhc2UQXBIGCgJHbxAhEgoKBkdyb292eRAHEggKBEhUTUwQHhIICgRIYWNrEBQSDgoKSGFuZGxlYmFycxBaEgsKB0hhc2tlbGwQLBIJCgVJZHJpcxAuEgcKA0luaRBIEgUKAUoQMxIICgRKU09OEEsSCAoESmF2YRAGEg4KCkphdmFTY3JpcHQQFhITCg9KYXZhU2NyaXB0UmVhY3QQXRILCgdKc29ubmV0EEwSCQoFSnVsaWEQNxIKCgZLb3RsaW4QBBIJCgVMYVRlWBBTEggKBExlYW4QMBIICgRMZXNzEBsSBwoDTHVhEAwSDAoITWFrZWZpbGUQTxIMCghNYXJrZG93bhBUEgoKBk1hdGxhYhA0EgcKA05peBBNEgkKBU9DYW1sECkSDwoLT2JqZWN0aXZlX0MQJBIRCg1PYmplY3RpdmVfQ1BQECUSBwoDUEhQEBMSCQoFUExTUUwQRhIICgRQZXJsEA0SDgoKUG93ZXJTaGVsbBBDEgoKBlByb2xvZxBHEgoKBlB5dGhvbhAPEgUKAVIQNhIKCgZSYWNrZXQQCxIICgRSYWt1EA4SCQoFUmF6b3IQPhIICgRSZVNUEFUSCAoEUnVieRAQEggKBFJ1c3QQKBIHCgNTQVMQPRIICgRTQ1NTEB0SBwoDU01MECsSBwoDU1FMEEUSCAoEU2FzcxAcEgkKBVNjYWxhEAUSCgoGU2NoZW1lEAoSDwoLU2hlbGxTY3JpcHQQQBILCgdTa3lsYXJrEE4SCQoFU3dpZnQQAhIICgRUT01MEEkSBwoDVGVYEFISDgoKVHlwZVNjcmlwdBAXEhMKD1R5cGVTY3JpcHRSZWFjdBBeEg8KC1Zpc3VhbEJhc2ljED8SBwoDVnVlEBkSCwoHV29sZnJhbRA1EgcKA1hNTBAfEgcKA1hTTBAgEggKBFlBTUwQShIHCgNaaWcQJg==');
  • Potential secret found in lib/src/gen/scip.pbjson.dart on line 271:
    64Decode('CghUb29sSW5mbxISCgRuYW1lGAEgASgJUgRuYW1lEhgKB3ZlcnNpb24YAiABKAlSB3ZlcnNpb24SHAoJYXJndW1lbnRzGAMgAygJUglhcmd1bWVudHM=');
  • Potential secret found in lib/src/gen/scip.pbjson.dart on line 284:
    64Decode('CghEb2N1bWVudBIaCghsYW5ndWFnZRgEIAEoCVIIbGFuZ3VhZ2USIwoNcmVsYXRpdmVfcGF0aBgBIAEoCVIMcmVsYXRpdmVQYXRoEjIKC29jY3VycmVuY2VzGAIgAygLMhAuc2NpcC5PY2N1cnJlbmNlUgtvY2N1cnJlbmNlcxIxCgdzeW1ib2xzGAMgAygLMhcuc2NpcC5TeW1ib2xJbmZvcm1hdGlvblIHc3ltYm9scw==');
  • Potential secret found in lib/src/gen/scip.pbjson.dart on line 296:
    64Decode('CgZTeW1ib2wSFgoGc2NoZW1lGAEgASgJUgZzY2hlbWUSJwoHcGFja2FnZRgCIAEoCzINLnNjaXAuUGFja2FnZVIHcGFja2FnZRIyCgtkZXNjcmlwdG9ycxgDIAMoCzIQLnNjaXAuRGVzY3JpcHRvclILZGVzY3JpcHRvcnM=');
  • Potential secret found in lib/src/gen/scip.pbjson.dart on line 308:
    64Decode('CgdQYWNrYWdlEhgKB21hbmFnZXIYASABKAlSB21hbmFnZXISEgoEbmFtZRgCIAEoCVIEbmFtZRIYCgd2ZXJzaW9uGAMgASgJUgd2ZXJzaW9u');
  • Potential secret found in lib/src/gen/scip.pbjson.dart on line 344:
    64Decode('CgpEZXNjcmlwdG9yEhIKBG5hbWUYASABKAlSBG5hbWUSJAoNZGlzYW1iaWd1YXRvchgCIAEoCVINZGlzYW1iaWd1YXRvchIvCgZzdWZmaXgYAyABKA4yFy5zY2lwLkRlc2NyaXB0b3IuU3VmZml4UgZzdWZmaXgipQEKBlN1ZmZpeBIVChFVbnNwZWNpZmllZFN1ZmZpeBAAEg0KCU5hbWVzcGFjZRABEg8KB1BhY2thZ2UQARoCCAESCAoEVHlwZRACEggKBFRlcm0QAxIKCgZNZXRob2QQBBIRCg1UeXBlUGFyYW1ldGVyEAUSDQoJUGFyYW1ldGVyEAYSCQoFTWFjcm8QCRIICgRNZXRhEAcSCQoFTG9jYWwQCBoCEAE=');
  • Potential secret found in lib/src/gen/scip.pbjson.dart on line 356:
    64Decode('ChFTeW1ib2xJbmZvcm1hdGlvbhIWCgZzeW1ib2wYASABKAlSBnN5bWJvbBIkCg1kb2N1bWVudGF0aW9uGAMgAygJUg1kb2N1bWVudGF0aW9uEjgKDXJlbGF0aW9uc2hpcHMYBCADKAsyEi5zY2lwLlJlbGF0aW9uc2hpcFINcmVsYXRpb25zaGlwcw==');
  • Potential secret found in lib/src/gen/scip.pbjson.dart on line 370:
    64Decode('CgxSZWxhdGlvbnNoaXASFgoGc3ltYm9sGAEgASgJUgZzeW1ib2wSIQoMaXNfcmVmZXJlbmNlGAIgASgIUgtpc1JlZmVyZW5jZRIrChFpc19pbXBsZW1lbnRhdGlvbhgDIAEoCFIQaXNJbXBsZW1lbnRhdGlvbhIsChJpc190eXBlX2RlZmluaXRpb24YBCABKAhSEGlzVHlwZURlZmluaXRpb24SIwoNaXNfZGVmaW5pdGlvbhgFIAEoCFIMaXNEZWZpbml0aW9u');
  • Potential secret found in lib/src/gen/scip.pbjson.dart on line 385:
    64Decode('CgpPY2N1cnJlbmNlEhQKBXJhbmdlGAEgAygFUgVyYW5nZRIWCgZzeW1ib2wYAiABKAlSBnN5bWJvbBIhCgxzeW1ib2xfcm9sZXMYAyABKAVSC3N5bWJvbFJvbGVzEjUKFm92ZXJyaWRlX2RvY3VtZW50YXRpb24YBCADKAlSFW92ZXJyaWRlRG9jdW1lbnRhdGlvbhIxCgtzeW50YXhfa2luZBgFIAEoDjIQLnNjaXAuU3ludGF4S2luZFIKc3ludGF4S2luZBIyCgtkaWFnbm9zdGljcxgGIAMoCzIQLnNjaXAuRGlhZ25vc3RpY1ILZGlhZ25vc3RpY3M=');
  • Potential secret found in lib/src/gen/scip.pbjson.dart on line 399:
    64Decode('CgpEaWFnbm9zdGljEioKCHNldmVyaXR5GAEgASgOMg4uc2NpcC5TZXZlcml0eVIIc2V2ZXJpdHkSEgoEY29kZRgCIAEoCVIEY29kZRIYCgdtZXNzYWdlGAMgASgJUgdtZXNzYWdlEhYKBnNvdXJjZRgEIAEoCVIGc291cmNlEicKBHRhZ3MYBSADKA4yEy5zY2lwLkRpYWdub3N0aWNUYWdSBHRhZ3M=');

    • Action Items

    • Request infosec review via Slack: #support-infosec
    • Validate potential secrets and report non-dev secrets to InfoSec before removing
    • Verify aviary.yaml coverage of security relevant code

    Questions or Comments? Reach out on Slack: #support-infosec.

    @matthewnitschke-wk matthewnitschke-wk changed the title Spike on scip-parser Initial Setup Feb 26, 2023
    @matthewnitschke-wk matthewnitschke-wk marked this pull request as ready for review February 27, 2023 15:23
    @alanknight-wk
    Copy link

    Wow! Nice work. And it seems to work on the example pretty nicely already. And fast! I don't know if that's because the example package is small, or if sourcegraph is happier with the SCIP representation.

    I noticed code in there for trying to handle SDK packages. It would be pretty cool if we actually indexed the SDK and at least some of our external dependencies. But that's bells and whistles.

    Various comments, ranging from tiny naming nits to hand-wavy "this must need comments, because I don't understand it" :-)

    alanknight-wk
    alanknight-wk reviewed Feb 28, 2023
    View reviewed changes
    @matthewnitschke-wk
    Copy link
    Contributor Author

    I noticed code in there for trying to handle SDK packages. It would be pretty cool if we actually indexed the SDK and at least some of our external dependencies. But that's bells and whistles.

    Yea! I agree, I'm not sure where we could upload those assets though, as we dont host dart/sdk on our sourcegraph instance.

    Scip includes metadata on external symbols though, so for things like String, we actually can see doc comments (and whatever else we wanted to include, like @deprecated) So excluding goto definition and find references, external package symbols are "indexed"

    Ex:
    Screenshot 2023-02-28 at 9 39 49 PM

    alanknight-wk
    alanknight-wk reviewed Mar 1, 2023
    View reviewed changes
    @alanknight-wk
    Copy link

    I noticed code in there for trying to handle SDK packages. It would be pretty cool if we actually indexed the SDK and at least some of our external dependencies. But that's bells and whistles.

    Yea! I agree, I'm not sure where we could upload those assets though, as we dont host dart/sdk on our sourcegraph instance.

    Scip includes metadata on external symbols though, so for things like String, we actually can see doc comments (and whatever else we wanted to include, like @deprecated) So excluding goto definition and find references, external package symbols are "indexed"

    Ex: Screenshot 2023-02-28 at 9 39 49 PM

    Possibly what I'd most like is that if I see the doc string, there was a link to to the external package docs, so I could see more information on it/related things.

    alanknight-wk
    alanknight-wk approved these changes Mar 1, 2023
    View reviewed changes
    lib/src/symbol.dart

    /// Generates symbols for a specific file.
    ///
    /// Each sourcefile should use its own instance of `SymbolGenerator`
    Copy link

    Choose a reason for hiding this comment

    The reason will be displayed to describe this comment to others. Learn more.

    But this doesn't know which file it belongs to? Does each file needs its own just for the _localElementRegistry? Is there a way we can tell if you use the wrong SymbolGenerator for a file?

    Copy link
    Contributor Author

    Choose a reason for hiding this comment

    The reason will be displayed to describe this comment to others. Learn more.

    Not really, and its also not a "requirement"

    the id just needs to be unique per file, and I implemented it this way to just be consistent with how scip-typescript does it

    @matthewnitschke-wk
    Copy link
    Contributor Author

    QA +1

    Snapshots generate expected results

    @matthewnitschke-wk
    Copy link
    Contributor Author

    🚀 @Workiva/release-management-p 🚢

    rmconsole-wf
    rmconsole-wf approved these changes Mar 1, 2023
    View reviewed changes
    Copy link

    @rmconsole-wf rmconsole-wf left a comment

    Choose a reason for hiding this comment

    The reason will be displayed to describe this comment to others. Learn more.

    +1 from RM

    @rmconsole3-wf rmconsole3-wf merged commit 56a72c5 into master Mar 1, 2023
    @rmconsole-readonly-wk rmconsole-readonly-wk mentioned this pull request Mar 2, 2023
    Merged
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Reviewers

    @rmconsole-wf rmconsole-wf rmconsole-wf approved these changes

    @alanknight-wk alanknight-wk alanknight-wk approved these changes

    Assignees
    No one assigned
    Labels
    Merge Requirements Met RM Ready
    Projects
    None yet
    Milestone
    No milestone
    Development

    Successfully merging this pull request may close these issues.
    5 participants
    @matthewnitschke-wk @rmconsole-wf @aviary-wf @alanknight-wk @rmconsole3-wf