From ff8698f619bae4b2f406990ad3e2a5e2714dcb99 Mon Sep 17 00:00:00 2001 From: Aditya Bist Date: Fri, 7 Sep 2018 16:25:19 -0700 Subject: [PATCH] Security: Added warning for all vsix extensions (#2406) * added warning for all vsix extensions * added sql carbon tag * added dont show warning for extensions --- .../electron-browser/extensionsActions.ts | 65 +++++++++++++++---- 1 file changed, 54 insertions(+), 11 deletions(-) diff --git a/src/vs/workbench/parts/extensions/electron-browser/extensionsActions.ts b/src/vs/workbench/parts/extensions/electron-browser/extensionsActions.ts index cd64eb0b5a..fd32a1c89e 100644 --- a/src/vs/workbench/parts/extensions/electron-browser/extensionsActions.ts +++ b/src/vs/workbench/parts/extensions/electron-browser/extensionsActions.ts @@ -52,6 +52,8 @@ import { IEditorGroupsService } from 'vs/workbench/services/group/common/editorG import { ExtensionsInput } from 'vs/workbench/parts/extensions/common/extensionsInput'; import product from 'vs/platform/node/product'; import { ContextSubMenu } from 'vs/base/browser/contextmenu'; +// {{SQL CARBON EDIT}} +import { IStorageService } from 'vs/platform/storage/common/storage'; const promptDownloadManually = (extension: IGalleryExtension, message: string, instantiationService: IInstantiationService, notificationService: INotificationService, openerService: IOpenerService) => { const downloadUrl = `${product.extensionsGallery.serviceUrl}/publishers/${extension.publisher}/vsextensions/${extension.name}/${extension.version}/vspackage`; @@ -2656,7 +2658,9 @@ export class InstallVSIXAction extends Action { label = InstallVSIXAction.LABEL, @IExtensionsWorkbenchService private extensionsWorkbenchService: IExtensionsWorkbenchService, @INotificationService private notificationService: INotificationService, - @IWindowService private windowService: IWindowService + @IWindowService private windowService: IWindowService, + // {{SQL CARBON EDIT}} + @IStorageService private storageService: IStorageService ) { super(id, label, 'extension-action install-vsix', true); } @@ -2671,17 +2675,56 @@ export class InstallVSIXAction extends Action { if (!result) { return TPromise.as(null); } + return TPromise.join(result.map(vsix => { + // {{SQL CARBON EDIT}} + if (!this.storageService.getBoolean(vsix)) { + this.notificationService.prompt( + Severity.Warning, + localize('thirdPartyExtension.vsix', 'This is a third party extension and might involve security risks. Are you sure you want to install this extension?'), + [ + { + label: localize('thirdPartExt.yes', 'Yes'), + run: () => { + this.extensionsWorkbenchService.install(vsix).then(() => { + this.notificationService.prompt( + Severity.Info, + localize('InstallVSIXAction.success', "Successfully installed the extension. Reload to enable it."), + [{ + label: localize('InstallVSIXAction.reloadNow', "Reload Now"), + run: () => this.windowService.reloadWindow() + }] + ); + }); + } + }, + { + label: localize('thirdPartyExt.no', 'No'), + run: () => { return TPromise.as(null); } + }, + { + label: localize('thirdPartyExt.dontShowAgain', 'Don\'t Show Again'), + isSecondary: true, + run: () => { + this.storageService.store(vsix, true); + return TPromise.as(null); + } + } + ] + ); + } else { + this.extensionsWorkbenchService.install(vsix).then(() => { + this.notificationService.prompt( + Severity.Info, + localize('InstallVSIXAction.success', "Successfully installed the extension. Reload to enable it."), + [{ + label: localize('InstallVSIXAction.reloadNow', "Reload Now"), + run: () => this.windowService.reloadWindow() + }] + ); + }); + } - return TPromise.join(result.map(vsix => this.extensionsWorkbenchService.install(vsix))).then(() => { - this.notificationService.prompt( - Severity.Info, - localize('InstallVSIXAction.success', "Successfully installed the extension. Reload to enable it."), - [{ - label: localize('InstallVSIXAction.reloadNow', "Reload Now"), - run: () => this.windowService.reloadWindow() - }] - ); - }); + })); }); } }