Skip to content
Permalink
Browse files Browse the repository at this point in the history
[bios] Add replCommand trust mechanism
  • Loading branch information
dramforever committed Apr 24, 2021
1 parent dc9f3c1 commit bc7f6f0
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 1 deletion.
6 changes: 6 additions & 0 deletions package.json
Expand Up @@ -144,6 +144,12 @@
"default": true,
"markdownDescription": "Whether GHCi sessions for workspaces linger after closing all associated documents.\n\nWhen enabled, the GHCi startup time is saved but takes more memory when idle. When disabled, kills GHCi after all associated files are closed, saves memory but takes time to restart. GHCi for a single file never linger."
},
"ghcSimple.trustedReplCommandConfigs": {
"type": "object",
"default": {},
"scope": "application",
"markdownDescription": "Using a `#ghcSimple.replCommand#` configuration from an untrusted workspace can pose a security risk. Whenever such a configuration occurs, you will be notified and if you choose to trust it, it will be recorded here."
},
"ghcSimple.startupCommands.all": {
"type": "array",
"items": {
Expand Down
35 changes: 34 additions & 1 deletion src/bios/config.ts
Expand Up @@ -89,12 +89,45 @@ async function singleConfig(cwd?: string): Promise<Configuration> {
}
}

const alreadyShown = new Set();

function handleReplCommandTrust(
workspaceUri: vscode.Uri,
replCommand: string
): boolean {
if (workspaceUri.scheme !== 'file') return false;
const config = vscode.workspace.getConfiguration('ghcSimple', null);
const insp = config.inspect('trustedReplCommandConfigs').globalValue ?? {};
if (insp[workspaceUri.fsPath] === replCommand) {
return true;
} else {
if (! alreadyShown.has(workspaceUri.fsPath)) {
alreadyShown.add(workspaceUri.fsPath);
vscode.window.showWarningMessage(
`This workspace ${workspaceUri.fsPath} wants to run "${replCommand}" to start GHCi.\n\nAllow if you understand this and trust it.`,
'Allow', 'Ignore'
).then((value) => {
alreadyShown.delete(workspaceUri.fsPath);
if (value == 'Allow') {
const trusted = config.get('trustedReplCommandConfigs');
trusted[workspaceUri.fsPath] = replCommand;
config.update('trustedReplCommandConfigs', trusted, vscode.ConfigurationTarget.Global);
}
})
}
return false;
}
}

/** Configuration for a custom command */
async function customConfig(
replScope: 'workspace' | 'file',
replCommand: string,
workspaceUri: vscode.Uri
): Promise<Configuration> {
): Promise<Configuration | null> {
if (! handleReplCommandTrust(workspaceUri, replCommand))
return null;

if (replCommand.indexOf('$stack_ide_targets') !== -1) {
const sit = await getStackIdeTargets(workspaceUri);
replCommand.replace(/\$stack_ide_targets/g, sit.join(' '));
Expand Down

0 comments on commit bc7f6f0

Please sign in to comment.