Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support workspace trust #506

Closed
rgrunber opened this issue Jun 9, 2021 · 0 comments · Fixed by #512
Closed

Support workspace trust #506

rgrunber opened this issue Jun 9, 2021 · 0 comments · Fixed by #512
Assignees
@rgrunber
Labels
enhancement New feature or request
Milestone
0.17.0

Comments

@rgrunber
Copy link
Member

rgrunber commented Jun 9, 2021
edited

See redhat-developer/vscode-java#1926 for reference.

Current options/capabilities under consideration for restriction in an untrusted workspace :

  • xml.java.home & xml.server.vmargs
    • We partly restrict these. It can be set in the workspace, but we detect it and prompt the user for xml.java.home and restrict javaagent for xml.server.vmargs
  • xml.server.binary.{path,args,trustedHashes}
    • We already restrict these and can't be set by the workspace
  • xml.validation.resolveExternalEntities
    • We don't restrict this at all, so we could do that, and certainly restrict it with workspace trust
  • Downloading the XML server binary : should we restrict this entirely when untrusted ?
  • xml.validation.enabled
    • Should this be set to false when a workspace is untrusted ?
@datho7561 datho7561 added the enhancement New feature or request label Jun 9, 2021
@rgrunber rgrunber self-assigned this Jun 16, 2021
rgrunber added a commit to rgrunber/vscode-xml that referenced this issue Jun 16, 2021
@rgrunber
Add support for workspace trust
1374ef6 
- Restrict workspace access to some settings in untrusted mode
- Fixes redhat-developer#506

Signed-off-by: Roland Grunberg <rgrunber@redhat.com>
@rgrunber rgrunber mentioned this issue Jun 16, 2021
Merged
@rgrunber rgrunber added this to the 0.17.0 milestone Jun 16, 2021
rgrunber added a commit to rgrunber/vscode-xml that referenced this issue Jun 17, 2021
@rgrunber
Add support for workspace trust
4691ccf 
- Restrict workspace access to some settings in untrusted mode
- Fixes redhat-developer#506

Signed-off-by: Roland Grunberg <rgrunber@redhat.com>
datho7561 pushed a commit that referenced this issue Jun 17, 2021
@rgrunber @datho7561
Add support for workspace trust
ba035f9 
- Restrict workspace access to some settings in untrusted mode
- Fixes #506

Signed-off-by: Roland Grunberg <rgrunber@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rgrunber rgrunber

Labels
enhancement New feature or request
Projects
None yet
Milestone
0.17.0
Development

Successfully merging a pull request may close this issue.

Add support for workspace trust rgrunber/vscode-xml
2 participants
@rgrunber @datho7561