Command plugin whitelist? #1277
Assignees
Labels
enhancement
New feature or request
Comments
github-project-automation
bot
moved this to Unscreened
in Swift Extension for Visual Studio Code
plemarquand
added a commit
to plemarquand/vscode-swift
that referenced
this issue
Jan 3, 2025
Packages can define their own plugins either directly or through their
dependencies. These plugins define commands, and the extension exposes a
list of these when you use `> Swift: Run Command Plugin`.
If a command requires special permissions to write to disk or use the
network the user is prompted in the integrated terminal to type "yes".
This can be bypassed by passing a permission flag to the command such as
`--allow-writing-to-package-directory`. The extension does supply
permission flags for a small list of well known package plugins, however
if the user creates their own or uses one not on this list they must
enter "yes" every time they run the command plugin.
This patch introduces a new setting that can be specified globally or on
a per workspace folder basis that allows users to configure which
permission flags should be used when running the command.
The setting is defined under `swift.pluginPermissions`, and is specified
as an object in the following form:
```json
{
"PluginName:intent-name": {
"allowWritingToPackageDirectory": true,
"allowWritingToDirectory: "/some/path",
"allowNetworkConnections: "all",
"disableSandbox": true,
}
}
```
- The top level string key is the command id in the form
`command_name:intent_name`. For instance, swift-format's
format-source-code command would be specified as
`swift-format:format-source-code`
- Each permission in the permissions lookup is optional.
- `allowWritingToDirectory` can also be specified as an array of paths.
- The valid values for `allowNetworkConnections` can be found here:
https://github.com/swiftlang/swift-package-manager/blob/0401a2ae55077cfd1f4c0acd43ae0a1a56ab21ef/Sources/Commands/PackageCommands/PluginCommand.swift#L62
Issue: swiftlang#1277
plemarquand
moved this from Unscreened
to In Progress
in Swift Extension for Visual Studio Code
plemarquand
added a commit
that referenced
this issue
Jan 7, 2025
* Configurable Command Plugin Permissions
Packages can define their own plugins either directly or through their
dependencies. These plugins define commands, and the extension exposes a
list of these when you use `> Swift: Run Command Plugin`.
If a command requires special permissions to write to disk or use the
network the user is prompted in the integrated terminal to type "yes".
This can be bypassed by passing a permission flag to the command such as
`--allow-writing-to-package-directory`. The extension does supply
permission flags for a small list of well known package plugins, however
if the user creates their own or uses one not on this list they must
enter "yes" every time they run the command plugin.
This patch introduces a new setting that can be specified globally or on
a per workspace folder basis that allows users to configure which
permission flags should be used when running the command.
The setting is defined under `swift.pluginPermissions`, and is specified
as an object in the following form:
```json
{
"PluginName:intent-name": {
"allowWritingToPackageDirectory": true,
"allowWritingToDirectory: "/some/path",
"allowNetworkConnections: "all",
"disableSandbox": true,
}
}
```
- The top level string key is the command id in the form
`command_name:intent_name`. For instance, swift-format's
format-source-code command would be specified as
`swift-format:format-source-code`
- Each permission in the permissions lookup is optional.
- `allowWritingToDirectory` can also be specified as an array of paths.
- The valid values for `allowNetworkConnections` can be found here:
https://github.com/swiftlang/swift-package-manager/blob/0401a2ae55077cfd1f4c0acd43ae0a1a56ab21ef/Sources/Commands/PackageCommands/PluginCommand.swift#L62
Issue: #1277
plemarquand
added
the
needs verification
|
Fixed by #1297 |
award999
moved this from In Progress
to Needs Verification
in Swift Extension for Visual Studio Code
|
Verified with d88a5c8 |
matthewbastien
removed
the
needs verification
matthewbastien
moved this from Needs Verification
to Done
in Swift Extension for Visual Studio Code
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Running a command plugin asks for permission everytime.
This is specially annoying since the extension can't tell that a plugin requires perms ahead of time, so it can't just switch the panel where the cursor is, to the terminal panel, so i can at least quickly write
yesand move on.I think optimally the extension should maintain a whitelist of plugins with the permissions we've allowed them, and if a plugin has been whitelisted, then run it with one of those "allow this perm" SwiftPM plugin flags.
The text was updated successfully, but these errors were encountered: