Transcript
Hi, everybody. This is Davide, and today I'm gonna demo the Visual Studio Code extension for Clayton. So let's jump into it.
I this is Visual Studio Code, and I already installed, the Kraton extension and already checked out a demo project.
So, this is the main branch.
I already created the feature branch because what, what I'm gonna demonstrate today is essentially the the main use case is to show you how it works, the Klayton Visual Studio Code extension for new development.
So here, since I already connected this project and already created this branch, I have, immediately one one scan of the latest commit.
And if we see the the history, we the git history, we can see that I have this new controller and, essentially, Klayton detected eleven issues.
So I can open the Kraton report directly in my IDE. I can navigate the the list of issues by, the location. So in this case, the file or the rules.
So we have essentially two main problems, one about CRADA and the FLS bypass and one about so called statements.
Now for the sake of the demo, I created also another branch where I will essentially that is starting from this branch that I I just showed you.
But, I gonna try to fix, some of these issues to demonstrate how, let's say, the the the extension works and the the experience the development experience.
So I will start with this CRADA for us issues.
As I said, here, you can navigate directly in your ID, or, obviously, you can still, go from here directly to the web UI and, you know, the the access, all the information that are available, in the in the reports, all the resources, and more details about the the issue itself.
But, directly from here, actually, it's pretty easy to go through all the issues and try to fix them once, obviously, you you have, awareness about the, actual fix. So in this case, there is this this operations here that are, are performed without any check.
So the first thing that obviously, I have very handy the fix for this. So the first thing I gonna fix is this, Cloudflarex issues and we can quickly show.
How. So let's in order to trigger the scan I need to essentially commit and push the changes. So first of all, overall, I need to save them, then commit and push.
And then I would get, since I'm tracking this branch in Clayton, I would get, quickly a scan directly in my, ID.
Now in the meantime, we wait for the scan. We could also, go through the other issues.
So, essentially, I have here a very similar issue, but for this other method. So I would copy the same fix.
In this case, I need to fix this for the object broker. Okay. So I can delete these other checks that are not relevant.
And let's do the same also here.
So in the meantime, I got the result of the previous commit. So let's do this.
So just for the sake of the demo I will not be very specific in the git comments, but anyway. So I got here a new scan.
Okay.
Now if I open the scan I can see that there are less issues. Actually you can see also more details into here. I fixed three actually, sorry, four issues in the secure policy and specifically the the one that I was expecting about the CRUD fRS.
Here, one yeah. One interesting detail is that, so the the the scan is not performed locally, but actually is performed in the cloud by the Klaytn engine.
And the reason is that it's not, just a scan of the current file, but actually is a scan of the full code base because, the type of scan that Clayton can perform is, take takes into consideration the whole context of the code base.
And it's not like just a linking rule of, let's say, this line.
So in this case, actually, I wanted also to show I didn't fix, the issue as I expected.
And mainly because here, actually, even if it's the same object here, I mean, the same object is the right object, the checks is performed on the right object.
Here I should create a bolt. Since it's an insert, I should check for these permissions and I guess the same is here.
Insert.
Actually, there is one more here.
Okay.
I should check and now everything should be good for this Grad FLS issues. So one, two, three.
I should have addressed all of them.
And I get now a new scan. In the meantime I will start to work on, an unbounded SOQL statement. So here, yeah, another issue is that these statements have no they are unbounded essentially, so I will do something a little bit silly but just for the purpose of the demo I will add limit one thousand.
Here we got the scan and as as I expected I fixed all the issues for that for the CRUD FLS violation.
And now the missing one is this, SOQL statements. So I will fix them.
Adding that limit, add limit to unbounded queries and push the last change. So now I should be done with my work because, essentially, I added the new feature.
And, thanks to the Versus Code extension directly from my idea, I was able to essentially move forward and, already fix some of the, yeah, potential issues that I was going to introduce, directly in my ID without even opening a pull request.
So, one yeah.
Here you go. Oh, sorry.
Ah, yeah. There is nothing to open actually because there are no issues.
And, yeah, and my file looks good. No no complaints.
I was adding one last comment is that this project was configured, here there is extension sorry.
Create on configuration.
So here my project is configured to essentially exclude legacy code. So this is a filter that we have on top of, of the scan so that I can essentially ignore if I'm focusing on a new development. I can ignore issues that are on, let's say, they that they were introduced before the adoption of Kraton essentially, in a nutshell.
So now it looks good but I, this, essentially this extension could be good also to be used to tackle technical debt.
Okay, I guess that's all.
Hopefully this was helpful and informative, so let us know. Thank you.
