Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use VSCode's Workspace Trust features #2829

Closed
8 tasks done
bwateratmsft opened this issue Mar 31, 2021 · 6 comments · Fixed by #3081
Closed
8 tasks done

Use VSCode's Workspace Trust features #2829

bwateratmsft opened this issue Mar 31, 2021 · 6 comments · Fixed by #3081
Labels
enhancement fix released
Milestone
1.16.0

Comments

@bwateratmsft
Copy link
Collaborator

bwateratmsft commented Mar 31, 2021
edited
Loading

microsoft/vscode#106488
microsoft/vscode#120251

VSCode is adding a way to denote whether a workspace is trusted or not, and to gate features based on that. We should investigate using these APIs to increase users' security.

Features that should require a trusted workspace:

  • Tasks (always workspace)
  • Debug (always workspace)
  • Compose build / up (always workspace)
  • Image build (always workspace)
  • Command customization (sometimes workspace, need to inspect)
  • Dockerode / DOCKER_HOST config (sometimes workspace, need to inspect)
  • Scaffolding
  • Azure image build, run file as task

Note: VSCode is probably going to implement trust in such a way that any settings from untrusted workspaces are not applied, which would take care of all of these except image build / compose up.

Features that require trust (of an image, not a file) but can't be implemented since it's not files:

  • Image run (and compose up)
@bwateratmsft
Copy link
Collaborator Author

This probably would need to be applied to all of our tasks / launch config (debugging as a whole basically), and possibly also to Dockerfiles and docker-compose files, though I'm not sure off the top of my head what harm can be caused through them.

@bwateratmsft bwateratmsft added this to the 1.14.0 milestone Apr 7, 2021
@bwateratmsft
Copy link
Collaborator Author

Obvious ones to me: tasks, command customization, debugging

@bwateratmsft bwateratmsft changed the title Look into VSCode's new Workspace Trust features Use VSCode's upcoming Workspace Trust features Apr 8, 2021
@bwateratmsft bwateratmsft mentioned this issue Apr 8, 2021
Closed
@bwateratmsft
Copy link
Collaborator Author

I did some more research and it's definitely possible to leverage a malicious Dockerfile or compose document. A few examples of what could be done:

  • Using the RUN directive to do crypto mining
  • More generally, using RUN as a DoS
  • Copying files in and then uploading them to dr-evil.com

@karolz-ms karolz-ms mentioned this issue May 4, 2021
Closed
@karolz-ms karolz-ms modified the milestones: 1.14.0, 1.15.0 Jun 2, 2021
@karolz-ms karolz-ms modified the milestones: 1.15.0, 1.16.0 Jun 30, 2021
@bwateratmsft bwateratmsft changed the title Use VSCode's upcoming Workspace Trust features Use VSCode's Workspace Trust features Jul 19, 2021
@bwateratmsft
Copy link
Collaborator Author

Info for extension authors: microsoft/vscode#120251
Workspace trust in general: microsoft/vscode#106488

@bwateratmsft
Copy link
Collaborator Author

bwateratmsft commented Jul 20, 2021
edited
Loading

Tasks and debug are already handled by VSCode via microsoft/vscode#120251:

VS Code will prevent debugging in an untrusted workspace.

Similar to debugging, VS Code will prevent running tasks in an untrusted workspace.

I think all we'll need to do is gate certain commands (via when isWorkspaceTrusted clauses, along with enforcing it in code as well, per recommendation in the info) and settings (via restrictedConfigurations in the extension manifest).

@bwateratmsft bwateratmsft mentioned this issue Jul 21, 2021
Merged
@bwateratmsft bwateratmsft self-assigned this Jul 22, 2021
@bwateratmsft bwateratmsft removed their assignment Jul 23, 2021
@bwateratmsft
Copy link
Collaborator Author

This has been released in Docker extension version 1.16.0.

@vscodebot vscodebot bot locked and limited conversation to collaborators Sep 6, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement fix released
Projects
None yet
Milestone
1.16.0
Development

Successfully merging a pull request may close this issue.

Add support for Workspace Trust microsoft/vscode-docker
2 participants
@karolz-ms @bwateratmsft