forked from openkylin/kylin-code
security patch for high severity CVEs (i.e., CVE-2023-36742 & CVE-2022-41034 & CVE-2023-24893)
This commit is contained in:
parent
34865f792c
commit
faf7c98bd5
|
@ -254,10 +254,11 @@ export class PackageJSONContribution implements IJSONContribution {
|
||||||
|
|
||||||
private isValidNPMName(name: string): boolean {
|
private isValidNPMName(name: string): boolean {
|
||||||
// following rules from https://github.com/npm/validate-npm-package-name
|
// following rules from https://github.com/npm/validate-npm-package-name
|
||||||
if (!name || name.length > 214 || name.match(/^[_.]/)) {
|
// leading slash added as additional security measure
|
||||||
|
if (!name || name.length > 214 || name.match(/^[-_.\s]/)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
const match = name.match(/^(?:@([^/]+?)[/])?([^/]+?)$/);
|
const match = name.match(/^(?:@([^/~\s)('!*]+?)[/])?([^/~)('!*\s]+?)$/);
|
||||||
if (match) {
|
if (match) {
|
||||||
const scope = match[1];
|
const scope = match[1];
|
||||||
if (scope && encodeURIComponent(scope) !== scope) {
|
if (scope && encodeURIComponent(scope) !== scope) {
|
||||||
|
@ -285,7 +286,7 @@ export class PackageJSONContribution implements IJSONContribution {
|
||||||
|
|
||||||
private npmView(npmCommandPath: string, pack: string, resource: Uri | undefined): Promise<ViewPackageInfo | undefined> {
|
private npmView(npmCommandPath: string, pack: string, resource: Uri | undefined): Promise<ViewPackageInfo | undefined> {
|
||||||
return new Promise((resolve, _reject) => {
|
return new Promise((resolve, _reject) => {
|
||||||
const args = ['view', '--json', pack, 'description', 'dist-tags.latest', 'homepage', 'version'];
|
const args = ['view', '--json', '--', pack, 'description', 'dist-tags.latest', 'homepage', 'version', 'time'];
|
||||||
let cwd = resource && resource.scheme === 'file' ? dirname(resource.fsPath) : undefined;
|
let cwd = resource && resource.scheme === 'file' ? dirname(resource.fsPath) : undefined;
|
||||||
cp.execFile(npmCommandPath, args, { cwd }, (error, stdout) => {
|
cp.execFile(npmCommandPath, args, { cwd }, (error, stdout) => {
|
||||||
if (!error) {
|
if (!error) {
|
||||||
|
|
|
@ -73,7 +73,7 @@ export async function activate(context: vscode.ExtensionContext): Promise<void>
|
||||||
}
|
}
|
||||||
|
|
||||||
async function getNPMCommandPath(): Promise<string | undefined> {
|
async function getNPMCommandPath(): Promise<string | undefined> {
|
||||||
if (canRunNpmInCurrentWorkspace()) {
|
if (vscode.workspace.isTrusted && canRunNpmInCurrentWorkspace()) {
|
||||||
try {
|
try {
|
||||||
return await which(process.platform === 'win32' ? 'npm.cmd' : 'npm');
|
return await which(process.platform === 'win32' ? 'npm.cmd' : 'npm');
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
|
|
|
@ -542,24 +542,8 @@ var requirejs = (function() {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (matchesScheme(link, Schemas.command)) {
|
if (matchesSomeScheme(link, Schemas.vscodeNotebookCell, Schemas.http, Schemas.https, Schemas.mailto)) {
|
||||||
const ret = /command\:workbench\.action\.openLargeOutput\?(.*)/.exec(link);
|
this.openerService.open(link, { fromUserGesture: true, allowContributedOpeners: true, allowCommands: false });
|
||||||
if (ret && ret.length === 2) {
|
|
||||||
const outputId = ret[1];
|
|
||||||
this.openerService.open(CellUri.generateCellOutputUri(this.documentUri, outputId));
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
console.warn('Command links are deprecated and will be removed, use message passing instead: https://github.com/microsoft/vscode/issues/123601');
|
|
||||||
}
|
|
||||||
|
|
||||||
if (matchesScheme(link, Schemas.command)) {
|
|
||||||
if (this.workspaceTrustManagementService.isWorkspaceTrusted()) {
|
|
||||||
this.openerService.open(link, { fromUserGesture: true, allowContributedOpeners: true, allowCommands: true });
|
|
||||||
} else {
|
|
||||||
console.warn('Command links are disabled in untrusted workspaces');
|
|
||||||
}
|
|
||||||
} else if (matchesSomeScheme(link, Schemas.vscodeNotebookCell, Schemas.http, Schemas.https, Schemas.mailto)) {
|
|
||||||
this.openerService.open(link, { fromUserGesture: true, allowContributedOpeners: true, allowCommands: true });
|
|
||||||
}
|
}
|
||||||
}));
|
}));
|
||||||
|
|
||||||
|
@ -670,23 +654,35 @@ var requirejs = (function() {
|
||||||
}
|
}
|
||||||
case 'clicked-link': {
|
case 'clicked-link': {
|
||||||
let linkToOpen: URI | string | undefined;
|
let linkToOpen: URI | string | undefined;
|
||||||
|
|
||||||
if (matchesScheme(data.href, Schemas.command)) {
|
if (matchesScheme(data.href, Schemas.command)) {
|
||||||
const ret = /command\:workbench\.action\.openLargeOutput\?(.*)/.exec(data.href);
|
// We allow a very limited set of commands
|
||||||
if (ret && ret.length === 2) {
|
const uri = URI.parse(data.href);
|
||||||
const outputId = ret[1];
|
switch (uri.path) {
|
||||||
const group = this.editorGroupService.activeGroup;
|
case 'workbench.action.openLargeOutput': {
|
||||||
|
const outputId = uri.query;
|
||||||
if (group) {
|
const group = this.editorGroupService.activeGroup;
|
||||||
if (group.activeEditor) {
|
if (group) {
|
||||||
group.pinEditor(group.activeEditor);
|
if (group.activeEditor) {
|
||||||
|
group.pinEditor(group.activeEditor);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
this.openerService.open(CellUri.generateCellOutputUri(this.documentUri, outputId));
|
this.openerService.open(CellUri.generateCellOutputUri(this.documentUri, outputId));
|
||||||
return;
|
return;
|
||||||
|
}
|
||||||
|
case 'github-issues.authNow':
|
||||||
|
case 'workbench.extensions.search':
|
||||||
|
case 'workbench.action.openSettings': {
|
||||||
|
this.openerService.open(data.href, { fromUserGesture: true, allowCommands: true, fromWorkspace: true });
|
||||||
|
return;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return;
|
||||||
}
|
}
|
||||||
if (matchesSomeScheme(data.href, Schemas.http, Schemas.https, Schemas.mailto, Schemas.command, Schemas.vscodeNotebookCell, Schemas.vscodeNotebook)) {
|
|
||||||
|
if (matchesSomeScheme(data.href, Schemas.http, Schemas.https, Schemas.mailto, Schemas.vscodeNotebookCell, Schemas.vscodeNotebook)) {
|
||||||
linkToOpen = data.href;
|
linkToOpen = data.href;
|
||||||
} else if (!/^[\w\-]+:/.test(data.href)) {
|
} else if (!/^[\w\-]+:/.test(data.href)) {
|
||||||
const fragmentStartIndex = data.href.lastIndexOf('#');
|
const fragmentStartIndex = data.href.lastIndexOf('#');
|
||||||
|
@ -717,7 +713,7 @@ var requirejs = (function() {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (linkToOpen) {
|
if (linkToOpen) {
|
||||||
this.openerService.open(linkToOpen, { fromUserGesture: true, allowCommands: true });
|
this.openerService.open(linkToOpen, { fromUserGesture: true, allowCommands: false });
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,6 +24,8 @@ import { TerminalSettingId } from 'vs/platform/terminal/common/terminal';
|
||||||
import { TERMINAL_COMMAND_DECORATION_DEFAULT_BACKGROUND_COLOR, TERMINAL_COMMAND_DECORATION_ERROR_BACKGROUND_COLOR, TERMINAL_COMMAND_DECORATION_SUCCESS_BACKGROUND_COLOR } from 'vs/workbench/contrib/terminal/common/terminalColorRegistry';
|
import { TERMINAL_COMMAND_DECORATION_DEFAULT_BACKGROUND_COLOR, TERMINAL_COMMAND_DECORATION_ERROR_BACKGROUND_COLOR, TERMINAL_COMMAND_DECORATION_SUCCESS_BACKGROUND_COLOR } from 'vs/workbench/contrib/terminal/common/terminalColorRegistry';
|
||||||
import { Color } from 'vs/base/common/color';
|
import { Color } from 'vs/base/common/color';
|
||||||
import { IOpenerService } from 'vs/platform/opener/common/opener';
|
import { IOpenerService } from 'vs/platform/opener/common/opener';
|
||||||
|
import { INotificationService, Severity } from 'vs/platform/notification/common/notification';
|
||||||
|
|
||||||
|
|
||||||
const enum DecorationSelector {
|
const enum DecorationSelector {
|
||||||
CommandDecoration = 'terminal-command-decoration',
|
CommandDecoration = 'terminal-command-decoration',
|
||||||
|
@ -59,7 +61,8 @@ export class DecorationAddon extends Disposable implements ITerminalAddon {
|
||||||
@IHoverService private readonly _hoverService: IHoverService,
|
@IHoverService private readonly _hoverService: IHoverService,
|
||||||
@IConfigurationService private readonly _configurationService: IConfigurationService,
|
@IConfigurationService private readonly _configurationService: IConfigurationService,
|
||||||
@IThemeService private readonly _themeService: IThemeService,
|
@IThemeService private readonly _themeService: IThemeService,
|
||||||
@IOpenerService private readonly _openerService: IOpenerService
|
@IOpenerService private readonly _openerService: IOpenerService,
|
||||||
|
@INotificationService private readonly _notificationService: INotificationService
|
||||||
) {
|
) {
|
||||||
super();
|
super();
|
||||||
this._register(toDisposable(() => this._dispose()));
|
this._register(toDisposable(() => this._dispose()));
|
||||||
|
@ -330,7 +333,15 @@ export class DecorationAddon extends Disposable implements ITerminalAddon {
|
||||||
}
|
}
|
||||||
actions.push({
|
actions.push({
|
||||||
class: 'rerun-command', tooltip: 'Rerun Command', dispose: () => { }, id: 'terminal.rerunCommand', label: localize("terminal.rerunCommand", 'Rerun Command'), enabled: true,
|
class: 'rerun-command', tooltip: 'Rerun Command', dispose: () => { }, id: 'terminal.rerunCommand', label: localize("terminal.rerunCommand", 'Rerun Command'), enabled: true,
|
||||||
run: () => this._onDidRequestRunCommand.fire({ command })
|
run: async () => {
|
||||||
|
this._notificationService.prompt(Severity.Info, localize('rerun', 'Do you want to run the command: {0}', command.command), [{
|
||||||
|
label: localize('yes', 'Yes'),
|
||||||
|
run: () => this._onDidRequestRunCommand.fire({ command })
|
||||||
|
}, {
|
||||||
|
label: localize('no', 'No'),
|
||||||
|
run: () => { }
|
||||||
|
}]);
|
||||||
|
}
|
||||||
});
|
});
|
||||||
actions.push({
|
actions.push({
|
||||||
class: 'how-does-this-work', tooltip: 'How does this work?', dispose: () => { }, id: 'terminal.howDoesThisWork', label: localize("terminal.howDoesThisWork", 'How does this work?'), enabled: true,
|
class: 'how-does-this-work', tooltip: 'How does this work?', dispose: () => { }, id: 'terminal.howDoesThisWork', label: localize("terminal.howDoesThisWork", 'How does this work?'), enabled: true,
|
||||||
|
|
Loading…
Reference in New Issue