forked from DonJayamanne/pythonVSCode
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsecurity.ts
More file actions
53 lines (48 loc) · 1.64 KB
/
security.ts
File metadata and controls
53 lines (48 loc) · 1.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
import * as vscode from 'vscode';
import { PythonEnvInfo } from './base/info';
import { isParentPath } from './common/externalDependencies';
/**
* Keeps track of which environments are safe to execute.
*/
export interface IEnvironmentsSecurity {
/**
* Returns `true` the environment is safe to execute, `false` otherwise.
*/
isEnvSafe(env: PythonEnvInfo): boolean;
/**
* Mark all environments to be safe to execute.
*/
markAllEnvsAsSafe(): void;
}
/**
* Keeps track of which environments are safe to execute.
*/
export class EnvironmentsSecurity implements IEnvironmentsSecurity {
/**
* Carries `true` if it's secure to run all environment executables, `false` otherwise.
*/
private areAllEnvsSafe = false;
public isEnvSafe(env: PythonEnvInfo): boolean {
if (this.areAllEnvsSafe) {
return true;
}
const folders = vscode.workspace.workspaceFolders;
if (!folders) {
return true;
}
for (const root of folders.map((f) => f.uri.fsPath)) {
// Note `env.searchLocation` carries the root where the env was discovered which may
// not be related this workspace root. Hence use `env.executable.filename` directly.
if (isParentPath(env.executable.filename, root)) {
// For now we consider all "workspace environments" to be unsafe by default.
return false;
}
}
return true;
}
public markAllEnvsAsSafe(): void {
this.areAllEnvsSafe = true;
}
}