p24307168
/
kylin-code
forked from openkylin/kylin-code
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

security patch for high severity CVEs (i.e., CVE-2023-36742 & CVE-2022-41034 & CVE-2023-24893)

This commit is contained in:
v7ea 2023-11-16 16:48:07 +08:00
parent 34865f792c
commit faf7c98bd5
4 changed files with 45 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
extensions/npm/src/features/packageJSONContribution.ts
View File

@ -254,10 +254,11 @@ export class PackageJSONContribution implements IJSONContribution {
private isValidNPMName(name: string): boolean { private isValidNPMName(name: string): boolean {
// following rules from https://github.com/npm/validate-npm-package-name // following rules from https://github.com/npm/validate-npm-package-name
if (!name || name.length > 214 || name.match(/^[_.]/)) { // leading slash added as additional security measure
if (!name || name.length > 214 || name.match(/^[-_.\s]/)) {
return false; return false;
} }
const match = name.match(/^(?:@([^/]+?)[/])?([^/]+?)$/); const match = name.match(/^(?:@([^/~\s)('!*]+?)[/])?([^/~)('!*\s]+?)$/);
if (match) { if (match) {
const scope = match[1]; const scope = match[1];
if (scope && encodeURIComponent(scope) !== scope) { if (scope && encodeURIComponent(scope) !== scope) {
@ -285,7 +286,7 @@ export class PackageJSONContribution implements IJSONContribution {
private npmView(npmCommandPath: string, pack: string, resource: Uri | undefined): Promise<ViewPackageInfo | undefined> { private npmView(npmCommandPath: string, pack: string, resource: Uri | undefined): Promise<ViewPackageInfo | undefined> {
return new Promise((resolve, _reject) => { return new Promise((resolve, _reject) => {
const args = ['view', '--json', pack, 'description', 'dist-tags.latest', 'homepage', 'version']; const args = ['view', '--json', '--', pack, 'description', 'dist-tags.latest', 'homepage', 'version', 'time'];
let cwd = resource && resource.scheme === 'file' ? dirname(resource.fsPath) : undefined; let cwd = resource && resource.scheme === 'file' ? dirname(resource.fsPath) : undefined;
cp.execFile(npmCommandPath, args, { cwd }, (error, stdout) => { cp.execFile(npmCommandPath, args, { cwd }, (error, stdout) => {
if (!error) { if (!error) {

2
extensions/npm/src/npmMain.ts
View File

@ -73,7 +73,7 @@ export async function activate(context: vscode.ExtensionContext): Promise<void>
} }
async function getNPMCommandPath(): Promise<string | undefined> { async function getNPMCommandPath(): Promise<string | undefined> {
if (canRunNpmInCurrentWorkspace()) { if (vscode.workspace.isTrusted && canRunNpmInCurrentWorkspace()) {
try { try {
return await which(process.platform === 'win32' ? 'npm.cmd' : 'npm'); return await which(process.platform === 'win32' ? 'npm.cmd' : 'npm');
} catch (e) { } catch (e) {

46
src/vs/workbench/contrib/notebook/browser/view/renderers/backLayerWebView.ts
View File

@ -542,24 +542,8 @@ var requirejs = (function() {
return; return;
} }
if (matchesScheme(link, Schemas.command)) { if (matchesSomeScheme(link, Schemas.vscodeNotebookCell, Schemas.http, Schemas.https, Schemas.mailto)) {
const ret = /command\:workbench\.action\.openLargeOutput\?(.*)/.exec(link); this.openerService.open(link, { fromUserGesture: true, allowContributedOpeners: true, allowCommands: false });
if (ret && ret.length === 2) {
const outputId = ret[1];
this.openerService.open(CellUri.generateCellOutputUri(this.documentUri, outputId));
return;
}
console.warn('Command links are deprecated and will be removed, use message passing instead: https://github.com/microsoft/vscode/issues/123601');
}
if (matchesScheme(link, Schemas.command)) {
if (this.workspaceTrustManagementService.isWorkspaceTrusted()) {
this.openerService.open(link, { fromUserGesture: true, allowContributedOpeners: true, allowCommands: true });
} else {
console.warn('Command links are disabled in untrusted workspaces');
}
} else if (matchesSomeScheme(link, Schemas.vscodeNotebookCell, Schemas.http, Schemas.https, Schemas.mailto)) {
this.openerService.open(link, { fromUserGesture: true, allowContributedOpeners: true, allowCommands: true });
} }
})); }));
@ -670,12 +654,14 @@ var requirejs = (function() {
} }
case 'clicked-link': { case 'clicked-link': {
let linkToOpen: URI | string | undefined; let linkToOpen: URI | string | undefined;
if (matchesScheme(data.href, Schemas.command)) {
const ret = /command\:workbench\.action\.openLargeOutput\?(.*)/.exec(data.href);
if (ret && ret.length === 2) {
const outputId = ret[1];
const group = this.editorGroupService.activeGroup;
if (matchesScheme(data.href, Schemas.command)) {
// We allow a very limited set of commands
const uri = URI.parse(data.href);
switch (uri.path) {
case 'workbench.action.openLargeOutput': {
const outputId = uri.query;
const group = this.editorGroupService.activeGroup;
if (group) { if (group) {
if (group.activeEditor) { if (group.activeEditor) {
group.pinEditor(group.activeEditor); group.pinEditor(group.activeEditor);
@ -685,8 +671,18 @@ var requirejs = (function() {
this.openerService.open(CellUri.generateCellOutputUri(this.documentUri, outputId)); this.openerService.open(CellUri.generateCellOutputUri(this.documentUri, outputId));
return; return;
} }
case 'github-issues.authNow':
case 'workbench.extensions.search':
case 'workbench.action.openSettings': {
this.openerService.open(data.href, { fromUserGesture: true, allowCommands: true, fromWorkspace: true });
return;
} }
if (matchesSomeScheme(data.href, Schemas.http, Schemas.https, Schemas.mailto, Schemas.command, Schemas.vscodeNotebookCell, Schemas.vscodeNotebook)) { }
return;
}
if (matchesSomeScheme(data.href, Schemas.http, Schemas.https, Schemas.mailto, Schemas.vscodeNotebookCell, Schemas.vscodeNotebook)) {
linkToOpen = data.href; linkToOpen = data.href;
} else if (!/^[\w\-]+:/.test(data.href)) { } else if (!/^[\w\-]+:/.test(data.href)) {
const fragmentStartIndex = data.href.lastIndexOf('#'); const fragmentStartIndex = data.href.lastIndexOf('#');
@ -717,7 +713,7 @@ var requirejs = (function() {
} }
if (linkToOpen) { if (linkToOpen) {
this.openerService.open(linkToOpen, { fromUserGesture: true, allowCommands: true }); this.openerService.open(linkToOpen, { fromUserGesture: true, allowCommands: false });
} }
break; break;
} }

13
src/vs/workbench/contrib/terminal/browser/xterm/decorationAddon.ts
View File

@ -24,6 +24,8 @@ import { TerminalSettingId } from 'vs/platform/terminal/common/terminal';
import { TERMINAL_COMMAND_DECORATION_DEFAULT_BACKGROUND_COLOR, TERMINAL_COMMAND_DECORATION_ERROR_BACKGROUND_COLOR, TERMINAL_COMMAND_DECORATION_SUCCESS_BACKGROUND_COLOR } from 'vs/workbench/contrib/terminal/common/terminalColorRegistry'; import { TERMINAL_COMMAND_DECORATION_DEFAULT_BACKGROUND_COLOR, TERMINAL_COMMAND_DECORATION_ERROR_BACKGROUND_COLOR, TERMINAL_COMMAND_DECORATION_SUCCESS_BACKGROUND_COLOR } from 'vs/workbench/contrib/terminal/common/terminalColorRegistry';
import { Color } from 'vs/base/common/color'; import { Color } from 'vs/base/common/color';
import { IOpenerService } from 'vs/platform/opener/common/opener'; import { IOpenerService } from 'vs/platform/opener/common/opener';
import { INotificationService, Severity } from 'vs/platform/notification/common/notification';
const enum DecorationSelector { const enum DecorationSelector {
CommandDecoration = 'terminal-command-decoration', CommandDecoration = 'terminal-command-decoration',
@ -59,7 +61,8 @@ export class DecorationAddon extends Disposable implements ITerminalAddon {
@IHoverService private readonly _hoverService: IHoverService, @IHoverService private readonly _hoverService: IHoverService,
@IConfigurationService private readonly _configurationService: IConfigurationService, @IConfigurationService private readonly _configurationService: IConfigurationService,
@IThemeService private readonly _themeService: IThemeService, @IThemeService private readonly _themeService: IThemeService,
@IOpenerService private readonly _openerService: IOpenerService @IOpenerService private readonly _openerService: IOpenerService,
@INotificationService private readonly _notificationService: INotificationService
) { ) {
super(); super();
this._register(toDisposable(() => this._dispose())); this._register(toDisposable(() => this._dispose()));
@ -330,7 +333,15 @@ export class DecorationAddon extends Disposable implements ITerminalAddon {
} }
actions.push({ actions.push({
class: 'rerun-command', tooltip: 'Rerun Command', dispose: () => { }, id: 'terminal.rerunCommand', label: localize("terminal.rerunCommand", 'Rerun Command'), enabled: true, class: 'rerun-command', tooltip: 'Rerun Command', dispose: () => { }, id: 'terminal.rerunCommand', label: localize("terminal.rerunCommand", 'Rerun Command'), enabled: true,
run: async () => {
this._notificationService.prompt(Severity.Info, localize('rerun', 'Do you want to run the command: {0}', command.command), [{
label: localize('yes', 'Yes'),
run: () => this._onDidRequestRunCommand.fire({ command }) run: () => this._onDidRequestRunCommand.fire({ command })
}, {
label: localize('no', 'No'),
run: () => { }
}]);
}
}); });
actions.push({ actions.push({
class: 'how-does-this-work', tooltip: 'How does this work?', dispose: () => { }, id: 'terminal.howDoesThisWork', label: localize("terminal.howDoesThisWork", 'How does this work?'), enabled: true, class: 'how-does-this-work', tooltip: 'How does this work?', dispose: () => { }, id: 'terminal.howDoesThisWork', label: localize("terminal.howDoesThisWork", 'How does this work?'), enabled: true,