Skip to content

Commit

Permalink
Add allow list of valid notebook command uris (#163322) (#21701) (#21707
Browse files Browse the repository at this point in the history 
)

* Add allow list of valid notebook command uris (#163322)

This restricts notebooks to run three command uris. These 3 commands should all be safe to run, even with untrusted inputs

* Fix incorrectly resolved merge conflict

Co-authored-by: Matt Bierner <matb@microsoft.com>

Co-authored-by: Matt Bierner <matb@microsoft.com>
  • Loading branch information
@kburtram @mjbvz
kburtram and mjbvz committed Jan 23, 2023
1 parent b7ec773 commit cf5e0fe
Showing 1 changed file with 27 additions and 31 deletions.
58 changes: 27 additions & 31 deletions src/vs/workbench/contrib/notebook/browser/view/renderers/backLayerWebView.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -539,24 +539,8 @@ var requirejs = (function() {
return;
}

if (matchesScheme(link, Schemas.command)) {
const ret = /command\:workbench\.action\.openLargeOutput\?(.*)/.exec(link);
if (ret && ret.length === 2) {
const outputId = ret[1];
this.openerService.open(CellUri.generateCellOutputUri(this.documentUri, outputId));
return;
}
console.warn('Command links are deprecated and will be removed, use message passing instead: https://github.com/microsoft/vscode/issues/123601');
}

if (matchesScheme(link, Schemas.command)) {
if (this.workspaceTrustManagementService.isWorkspaceTrusted()) {
this.openerService.open(link, { fromUserGesture: true, allowContributedOpeners: true, allowCommands: true });
} else {
console.warn('Command links are disabled in untrusted workspaces');
}
} else if (matchesSomeScheme(link, Schemas.vscodeNotebookCell, Schemas.http, Schemas.https, Schemas.mailto)) {
this.openerService.open(link, { fromUserGesture: true, allowContributedOpeners: true, allowCommands: true });
if (matchesSomeScheme(link, Schemas.vscodeNotebookCell, Schemas.http, Schemas.https, Schemas.mailto)) {
this.openerService.open(link, { fromUserGesture: true, allowContributedOpeners: true, allowCommands: false });
}
}));

Expand Down Expand Up @@ -666,23 +650,35 @@ var requirejs = (function() {
}
case 'clicked-link': {
let linkToOpen: URI | string | undefined;

if (matchesScheme(data.href, Schemas.command)) {
const ret = /command\:workbench\.action\.openLargeOutput\?(.*)/.exec(data.href);
if (ret && ret.length === 2) {
const outputId = ret[1];
const group = this.editorGroupService.activeGroup;

if (group) {
if (group.activeEditor) {
group.pinEditor(group.activeEditor);
// We allow a very limited set of commands
const uri = URI.parse(data.href);
switch (uri.path) {
case 'workbench.action.openLargeOutput': {
const outputId = uri.query;
const group = this.editorGroupService.activeGroup;
if (group) {
if (group.activeEditor) {
group.pinEditor(group.activeEditor);
}
}
}

this.openerService.open(CellUri.generateCellOutputUri(this.documentUri, outputId));
return;
this.openerService.open(CellUri.generateCellOutputUri(this.documentUri, outputId));
return;
}
case 'github-issues.authNow':
case 'workbench.extensions.search':
case 'workbench.action.openSettings': {
this.openerService.open(data.href, { fromUserGesture: true, allowCommands: true });
return;
}
}

return;
}
if (matchesSomeScheme(data.href, Schemas.http, Schemas.https, Schemas.mailto, Schemas.command, Schemas.vscodeNotebookCell, Schemas.vscodeNotebook)) {

if (matchesSomeScheme(data.href, Schemas.http, Schemas.https, Schemas.mailto, Schemas.vscodeNotebookCell, Schemas.vscodeNotebook)) {
linkToOpen = data.href;
} else if (!/^[\w\-]+:/.test(data.href)) {
if (this.documentUri.scheme === Schemas.untitled) {
Expand Down Expand Up @@ -711,7 +707,7 @@ var requirejs = (function() {
}

if (linkToOpen) {
this.openerService.open(linkToOpen, { fromUserGesture: true, allowCommands: true });
this.openerService.open(linkToOpen, { fromUserGesture: true, allowCommands: false });
}
break;
}
Expand Down

0 comments on commit cf5e0fe

Please sign in to comment.