From 70f48e59aa06c310334cc8c6a449acd4d5027aa9 Mon Sep 17 00:00:00 2001
From: Benjamin Pasero <benjamin.pasero@microsoft.com>
Date: Wed, 14 Jun 2023 08:47:18 +0200
Subject: [PATCH 1/2] UNC allow list checks cannot be disabled in extension
 host (#184989)

---
 src/vs/base/node/unc.d.ts                             |  5 +++++
 src/vs/base/node/unc.js                               | 11 ++++++++++-
 .../utilityProcess/electron-main/utilityProcess.ts    |  8 ++++++--
 3 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/src/vs/base/node/unc.d.ts b/src/vs/base/node/unc.d.ts
index 75e53310c8ceb..d131bba5d85ad 100644
--- a/src/vs/base/node/unc.d.ts
+++ b/src/vs/base/node/unc.d.ts
@@ -23,3 +23,8 @@ export function addUNCHostToAllowlist(allowedHost: string | string[]): void;
  * path validation.
  */
 export function disableUNCAccessRestrictions(): void;
+
+/**
+ * Whether UNC Host allow list in node.js is disabled.
+ */
+export function isUNCAccessRestrictionsDisabled(): boolean;
diff --git a/src/vs/base/node/unc.js b/src/vs/base/node/unc.js
index 71bd2fbcbbfa0..fec29e12bb543 100644
--- a/src/vs/base/node/unc.js
+++ b/src/vs/base/node/unc.js
@@ -117,11 +117,20 @@
 			process.enableUNCAccessChecks = false;
 		}
 
+		function isUNCAccessRestrictionsDisabled() {
+			if (process.platform !== 'win32') {
+				return false;
+			}
+
+			return process.enableUNCAccessChecks === false;
+		}
+
 		return {
 			getUNCHostAllowlist,
 			addUNCHostToAllowlist,
 			getUNCHost,
-			disableUNCAccessRestrictions
+			disableUNCAccessRestrictions,
+			isUNCAccessRestrictionsDisabled
 		};
 	}
 
diff --git a/src/vs/platform/utilityProcess/electron-main/utilityProcess.ts b/src/vs/platform/utilityProcess/electron-main/utilityProcess.ts
index 522956e5b076a..f2276db039658 100644
--- a/src/vs/platform/utilityProcess/electron-main/utilityProcess.ts
+++ b/src/vs/platform/utilityProcess/electron-main/utilityProcess.ts
@@ -17,7 +17,7 @@ import { ILifecycleMainService } from 'vs/platform/lifecycle/electron-main/lifec
 import { removeDangerousEnvVariables } from 'vs/base/common/processes';
 import { deepClone } from 'vs/base/common/objects';
 import { isWindows } from 'vs/base/common/platform';
-import { getUNCHostAllowlist } from 'vs/base/node/unc';
+import { isUNCAccessRestrictionsDisabled, getUNCHostAllowlist } from 'vs/base/node/unc';
 
 export interface IUtilityProcessConfiguration {
 
@@ -259,7 +259,11 @@ export class UtilityProcess extends Disposable {
 		}
 		env['VSCODE_CRASH_REPORTER_PROCESS_TYPE'] = configuration.type;
 		if (isWindows) {
-			env['NODE_UNC_HOST_ALLOWLIST'] = getUNCHostAllowlist().join('\\');
+			if (isUNCAccessRestrictionsDisabled()) {
+				env['NODE_DISABLE_UNC_ACCESS_CHECKS'] = '1';
+			} else {
+				env['NODE_UNC_HOST_ALLOWLIST'] = getUNCHostAllowlist().join('\\');
+			}
 		}
 
 		// Remove any environment variables that are not allowed

From 18296cb9727205644c847c59b0eafed016fd7279 Mon Sep 17 00:00:00 2001
From: Benjamin Pasero <benjamin.pasero@microsoft.com>
Date: Wed, 14 Jun 2023 10:11:55 +0200
Subject: [PATCH 2/2] Update src/vs/base/node/unc.js

Co-authored-by: Robo <hop2deep@gmail.com>
---
 src/vs/base/node/unc.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/vs/base/node/unc.js b/src/vs/base/node/unc.js
index fec29e12bb543..4e774d1114ab3 100644
--- a/src/vs/base/node/unc.js
+++ b/src/vs/base/node/unc.js
@@ -119,7 +119,7 @@
 
 		function isUNCAccessRestrictionsDisabled() {
 			if (process.platform !== 'win32') {
-				return false;
+				return true;
 			}
 
 			return process.enableUNCAccessChecks === false;