-
Notifications
You must be signed in to change notification settings - Fork 29.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Workspace Trust for Extension Authors #120251
Comments
Workspace Trust Extension GuideWhat is Workspace Trust?Workspace Trust is a feature driven by the security risks associated with unintended code execution when a user opens a workspace in VS Code. For example, consider that a language extension, in order to provide functionality may execute code from the currently loaded workspace. In this scenario, the user should trust that the contents of the workspace are not malicious. Workspace Trust centralizes this decision within VS Code so that extension authors do not have to handle this themselves. VS Code will offer static declaration and API support to onboard extensions quickly without the need to duplicate code across extensions. OnboardingStatic DeclarationsIn your extension's capabilities:
untrustedWorkspaces:
{ supported: true } |
{ supported: false, description: string } |
{ supported: 'limited', description: string, restrictedConfigurations?: string[] } For the
For the 💡The value for the For the How do I decide how my extension should support untrusted workspaces?To help extension authors understand what is in scope for Workspace Trust, we have created a list of questions to consider. Does my extension have a
|
For those subscribed, we are now ready to share the API and guidance for onboarding to workspace trust for extension authors. This is the first time sharing the guidance to a broader audience so please post questions here and we can update it for clarity. Thanks for your engagement. |
Is Workspace Trust going to land in the upcoming release? |
The setting to enable the feature will remain disabled by default in the upcoming release |
@sbatten thank you for providing guidance on how trusted workspaces would work. I am concerned about your default behaviour and my expectations would be that extensions that provide web views, side bar views, pseudo terminals and commands you can run in terminal, and work with workspace files, would still function as before when this feature is released. I would rather see this feature as opt-in for extensions that want to be enabled for trusted workspaces, and work as before for untrusted workspaces. I think the behavior you describe is the opposite.
|
@sbatten Is there a way to prompt the user, "To enable this feature, you must trust the workspace"? For extensions that provide actions a user can execute, simply hiding (and disabling) that functionality may be bad UX. For example, the ESLint extension - at the moment - will prompt the user to execute As another example, I have an extension that provides code lenses for profiling benchmarks (CPU/memory use). If I hide these code lenses in untrusted workspaces, I'm sure someone will report that as a bug ("the benchmark code lens doesn't show up for my workspace"). I'd like the API to include something like this: export namespace workspace {
export function shouldExecuteActionRequiringTrust(description: string, alertOnFailure: bool, details?: string): Promise<bool>
} If the workspace is not yet trusted and has not yet been prompted, this would show a prompt asking if the user wants to trust the workspace. If the workspace is untrusted and |
@RandomFractals @firelizzard18 Thanks for your engagement. @RandomFractals you are correct in your understanding of the behavior. It is indeed opt-out, not opt-in. As this is a security feature, we must make the security-conscious decision to disable extensions that execute code and do not tell us about their trust support. We provide a user setting to override whether an extension supports untrusted workspaces locally to unblock users that have extensions that are slow to adopt. This puts the control in the hands of the user and is safe by default. @firelizzard18 We hear this feedback. It is something we considered when coming up with the current strategy and we will keep our ears to ground on its necessity. With our current UX, we attempt to guide the user into one of two modes of operation, and they must make an explicit choice. In this way, we market the restricted mode for code browsing and navigation, but not active development since active development typically requires execution and thus trust. We anticipate that a majority of users workflows are with trusted folders and thus should not choose restricted mode to do active development. For this reason, the guidance is:
|
@sbatten thanks for your follow up. Sounds like the default behavior has already been decided on. I get why you'd want to configure extension activation and execution this way from security standpoint for untrusted workspaces. What concerns me most about this approach is that it will create a potential stream of updates and some rework for extension developers similar to how we had to scramble and handle webview resources last year. I can also see a lot of users filing issues in extensions related to this new feature if configuration of this functionality is not well exposed in vscode UI for extensions and documented when you release it.
That part sounds like it might be ok, if you also provides proper prompts and notifications when switching between trusted and untrested workspaces. I am not sure if @eamodio still does his monthly extension developers calls, but I think it would be great if we could do one for this functionality and you show us the whole flow of how it functions, and we hear other extension developers provide feedback that way before you realease this feature. There are only a few devs who expressed interest in learning more about this feature. So, should be manageable to get a few devs on a call for ext. devs review. |
Hello, thanks for providing this information and way to follow as we prepare for the roll-out. Can you paste some screenshots showing the user facing part of it? It would help me understand what choices I make as an extension developer. |
How do trusted workspaces impact language servers that are not implemented directly as vscode extensions? Will their clients require configuration to receive file change updates over LSP in untrusted workspaces? |
@rebornix how do new notebooks, custom kernels, code cells, and custom notebook renderers function in these new utrunsted workspaces??? They do execute code from cells :) |
@m-hilgendorf I think the security mechanism here is if your extension doesn't load then VS Code won't even have an opportunity to launch your language server or run any code of yours to connect to an externally started language server. @RandomFractals the extensions providing notebook support will very likely simply not load in an untrusted workspace, so there won't be anything available to execute the cells. |
@RandomFractals you can check out notebooks and workspace trust updates here #118584 @PEZ Since we are still polishing the UX pieces, I recommend you checkout the latest in VS Code Insiders by enabling the feature with
@m-hilgendorf Without any onboarding, these extensions won't activate and thus don't have any vulnerabilities. @TylerLeonhardt has locally onboarded the powershell extension to demo how extensions using LSP could onboard. I think he can provide more details. |
super! will try that setting in insiders and run a test Rest Book to see where we at. Thanks for the pointer to the untrusted notebooks and workspaces thread. |
@sbatten am I doing this right? seems to have no effect. |
@RandomFractals That setting should be set to true in order to enable workspace trust (it turns on the feature but does not mean anything is trusted). It should require a restart to apply. |
@RandomFractals, it needs to be configured in User settings. |
VS code 1.57 introduced a 'trust' feature that is applied to the current workspace, restricting extension access based on trust level. The insiders build allows individual extensions to have a trust level, by default they are untrusted. Untrusted extensions cannot be activated, thus failing the test. We are not particularly concerned with this functionality in regards to other extensions, so we will just disable it entirely when testing. We should look into this more for our own extension as far as UX is concerned (what should our extension be capable of given a minimum trust level?) ref: microsoft/vscode#120251 Considerations for the toolkit (to be added to `package.json`): ```javascript capabilities: untrustedWorkspaces: { supported: true } | { supported: false, description: string } | { supported: 'limited', description: string, restrictedConfigurations?: string[] } ``` By default, extensions do not support untrusted workspaces. This seems to be the best option for the toolkit for now. In other words, we do not need to update anything unless we want to add a `description` string for why we do not support untrusted workspaces.
I maintain a VS Code extension which has a setting which is currently marked with |
I do not think there is a way other than bumping vscode engine version. |
@sbatten What is the motivation behind asking debug extensions to mark themselves as safe for untrusted workspaces? |
@vadimcn I think that's covered already. From the description in this comment:
So I don't think debug extensions will be able to debug in an untrusted workspace, no matter what they mark themselves for. |
Yes, I've seen that comment. I still don't understand the motivation for asking debug extensions to set "supported": true. Is there any behavioral difference between this and "supported": false? |
That makes sense. I think it will have to be up to extension authors to determine based on the guidance above. If the only thing an extension provides is debugging, I think that is functionally equivalent to |
…limited' The workspace trust guide for extension authors can be found here: microsoft/vscode#120251 Importantly the sectino for evaluating whether the extension should work in an untrusted workspace asks "Does my extension treat any contents of the workspace as code?". The answer to this is "yes" for the extension because we execute `ngcc` from the `node_modules` folder. However, this isn't always necessary and becomes less so with time. As library authors publish their libraries with Ivy instructions, we will not need to run `ngcc`. This commit updates the workspace trust to indicate that it's 'limited' support due to `ngcc`. In addition the command to run `ngcc` is disabled on the server and removed from the command palette.
…limited' The workspace trust guide for extension authors can be found here: microsoft/vscode#120251 Importantly the sectino for evaluating whether the extension should work in an untrusted workspace asks "Does my extension treat any contents of the workspace as code?". The answer to this is "yes" for the extension because we execute `ngcc` from the `node_modules` folder. However, this isn't always necessary and becomes less so with time. As library authors publish their libraries with Ivy instructions, we will not need to run `ngcc`. This commit updates the workspace trust to indicate that it's 'limited' support due to `ngcc`. In addition the command to run `ngcc` is disabled on the server and removed from the command palette.
…limited' The workspace trust guide for extension authors can be found here: microsoft/vscode#120251 Importantly the sectino for evaluating whether the extension should work in an untrusted workspace asks "Does my extension treat any contents of the workspace as code?". The answer to this is "yes" for the extension because we execute `ngcc` from the `node_modules` folder. However, this isn't always necessary and becomes less so with time. As library authors publish their libraries with Ivy instructions, we will not need to run `ngcc`. This commit updates the workspace trust to indicate that it's 'limited' support due to `ngcc`. In addition the command to run `ngcc` is disabled on the server and removed from the command palette.
…limited' The workspace trust guide for extension authors can be found here: microsoft/vscode#120251 Importantly the sectino for evaluating whether the extension should work in an untrusted workspace asks "Does my extension treat any contents of the workspace as code?". The answer to this is "yes" for the extension because we execute `ngcc` from the `node_modules` folder. However, this isn't always necessary and becomes less so with time. As library authors publish their libraries with Ivy instructions, we will not need to run `ngcc`. This commit updates the workspace trust to indicate that it's 'limited' support due to `ngcc`. In addition the command to run `ngcc` is disabled on the server and removed from the command palette.
…limited' (#1695) The workspace trust guide for extension authors can be found here: microsoft/vscode#120251 Importantly the sectino for evaluating whether the extension should work in an untrusted workspace asks "Does my extension treat any contents of the workspace as code?". The answer to this is "yes" for the extension because we execute `ngcc` from the `node_modules` folder. However, this isn't always necessary and becomes less so with time. As library authors publish their libraries with Ivy instructions, we will not need to run `ngcc`. This commit updates the workspace trust to indicate that it's 'limited' support due to `ngcc`. In addition the command to run `ngcc` is disabled on the server and removed from the command palette.
This issue will be updated as information becomes available. Please subscribe and check back.
This issue will function as the landing page for extension authors while Workspace Trust is in development. If you are an extension author, please subscribe to this issue to receive notifications when the issue is updated.
Note that the feature has been in the works for some time now and we are nearing the phase where we would like extension authors to test it out and provide feedback. Once it is ready, we will post the extension authoring guide in this issue so that you can try adopting the new API.
To learn more about the development of the feature, check out our development issue: #106488
The text was updated successfully, but these errors were encountered: