Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid untrusted binary popups in vscode-java when using Lombok #19690

Closed
ericwill opened this issue Apr 27, 2021 · 10 comments
Closed

Avoid untrusted binary popups in vscode-java when using Lombok #19690

ericwill opened this issue Apr 27, 2021 · 10 comments
Labels
area/plugins kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P2 Has a minor but important impact to the usage or development of the system. status/release-notes-review-done Issues that have been reviewed by the doc team for the Release Notes wording
Milestone
7.41

Comments

@ericwill
Copy link
Contributor

Is your task related to a problem? Please describe.

Running the Lombok devfile will show a warning about trusting the binary:

Screenshot_20210426_104500

Describe the solution you'd like

We should find a way to have this popup not appear, and the binary be trusted by default. The binary is installed in the sidecar at build time.

Describe alternatives you've considered

Additional context

This happens with vscode-xml as well: https://github.com/redhat-developer/vscode-xml/blob/master/src/server/binary/binaryServerStarter.ts#L166
@ericwill ericwill added kind/task Internal things, technical debt, and to-do tasks to be performed. sprint/next team/plugins area/plugins labels Apr 27, 2021
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Apr 27, 2021
@ericwill ericwill added severity/P2 Has a minor but important impact to the usage or development of the system. and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Apr 27, 2021
@ericwill ericwill changed the title Avoid trusted binary popups in vscode-java, vscode-xml, etc. Avoid untrusted binary popups in vscode-java, vscode-xml, etc. Apr 27, 2021
@ericwill ericwill added this to the 7.31 milestone Apr 27, 2021
@benoitf
Copy link
Contributor

benoitf commented Apr 28, 2021

https://github.com/redhat-developer/vscode-xml/blob/985705ebd603bd08ee8ca149484d3ea48841007a/docs/Preferences.md#trusted-binary-hashes

@ericwill ericwill changed the title Avoid untrusted binary popups in vscode-java, vscode-xml, etc. Avoid untrusted binary popups in vscode-java when using Lombok Apr 29, 2021
@ericwill ericwill mentioned this issue Apr 29, 2021
Closed
32 tasks
@ericwill ericwill mentioned this issue May 20, 2021
Closed
29 tasks
@ericwill ericwill modified the milestones: 7.31, 7.32 May 20, 2021
@sunix
Copy link
Contributor

sunix commented May 27, 2021

for vscode-java is done here: https://github.com/redhat-developer/vscode-java/blob/master/src/settings.ts#L141-L158

@sunix
Copy link
Contributor

sunix commented Jun 1, 2021

Filed issue in vscode-java: redhat-developer/vscode-java#1965

@ericwill ericwill removed this from the 7.32 milestone Jun 18, 2021
@dmytro-ndp dmytro-ndp added the status/release-notes-review-needed Issues that needs to be reviewed by the doc team for the Release Notes wording label Jul 28, 2021
@max-cx
Copy link

max-cx commented Aug 26, 2021

@ericwill And the current workaround for this is to click Allow in the Security Warning dialog box, correct?

@ericwill
Copy link
Contributor Author

@ericwill And the current workaround for this is to click Allow in the Security Warning dialog box, correct?

Correct.

@rgrunber
Copy link

This may get fixed for vscode-java 0.82.0. I've proposed a solution where files outside of the workspace are exempt from the warning : redhat-developer/vscode-java#1965 (comment)

@themr0c themr0c added status/release-notes-review-done Issues that have been reviewed by the doc team for the Release Notes wording and removed status/release-notes-review-needed Issues that needs to be reviewed by the doc team for the Release Notes wording labels Aug 30, 2021
@svor
Copy link
Contributor

svor commented Sep 7, 2021

depends on #20134

@nickboldt
Copy link
Contributor

nickboldt commented Nov 25, 2021
edited
Loading

Note that in CRW 2.14 we will consume lombok 1.18.22 built from sources, rather than consumed as a 3rd party binary jar. https://github.com/redhat-developer/codeready-workspaces-images/blob/crw-2-rhel-8/codeready-workspaces-plugin-java8/build/build_lombok.sh

Not sure if that makes it easier to excempt lombok from security warning.

@rgrunber
Copy link

rgrunber commented Nov 25, 2021
edited
Loading

This should have also been fixed in redhat-developer/vscode-java#1965 (comment) (since v0.82.0). No prompt is shown if the path provided to javaagent originates from outside the workspace.

@svor svor added this to the 7.41 milestone Dec 17, 2021
@svor
Copy link
Contributor

svor commented Dec 17, 2021

Fixed by eclipse-che/che-plugin-registry#1060

@svor svor closed this as completed Dec 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/plugins kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P2 Has a minor but important impact to the usage or development of the system. status/release-notes-review-done Issues that have been reviewed by the doc team for the Release Notes wording
Projects
None yet
Milestone
7.41
Development

No branches or pull requests
10 participants
@nickboldt @themr0c @benoitf @sunix @dmytro-ndp @svor @rgrunber @ericwill @che-bot @max-cx