Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid polluting the user's shell history for automated actions #10935

Closed
PeterJCLaw opened this issue Jul 26, 2022 · 2 comments
Closed

Avoid polluting the user's shell history for automated actions #10935

PeterJCLaw opened this issue Jul 26, 2022 · 2 comments
Assignees
@DonJayamanne
Labels
debt Code quality issues
Milestone
August 2022

Comments

@PeterJCLaw
Copy link

Environment data

  • VS Code version: 1.69.2
  • Jupyter Extension version (available under the Extensions sidebar): v2022.6.1201981810
  • OS (Windows | Mac | Linux distro) and version: Ubuntu 20.04 LTS

Expected behaviour

When collecting environment data, the extension should not pollute the user's shell history.

Actual behaviour

I observed lines such as printenv > /tmp/tmp-45935fdNhOTkd5hRYtxt in my shell history which appear to have come from

vscode-jupyter/src/platform/terminals/helper.node.ts

Lines 81 to 93 in 545c0a7

switch (this.shellDetector.identifyTerminalShell(terminal)) {
case TerminalShellType.powershellCore:
case TerminalShellType.powershell:
command = `Get-ChildItem Env: | Select Name | Export-Csv -Path ${filePath.fileToCommandArgument()} -NoTypeInformation`;
break;
case TerminalShellType.commandPrompt:
command = `set > ${filePath.fileToCommandArgument()}`;
break;
default:
command = `printenv > ${filePath.fileToCommandArgument()}`;
break;
}

I'm not sure if that command ending up in my shell history is expected or avoidable, though it is definitely surprising. My (and my colleagues) initial reaction to discovering this was to assume that we had picked up a vulnerability and started work to secure our systems against potential intrusion. Investigation (thankfully) suggests that this extension is a more likely source of the unexpected shell history.

It would be great if the extension could avoid polluting the user's shell history in this manner.
@PeterJCLaw PeterJCLaw added the bug Issue identified by VS Code Team member as probable bug label Jul 26, 2022
@github-actions github-actions bot added the triage-needed Issue needs to be triaged label Jul 26, 2022
@rchiodo
Copy link
Contributor

rchiodo commented Jul 26, 2022

Thanks for the issue.

We're using this at the moment to detect if jupyter is in the path or not. I wonder if process.env would be good enough?

@rebornix rebornix assigned DonJayamanne and unassigned rchiodo Jul 28, 2022
@rebornix rebornix added debt Code quality issues and removed triage-needed Issue needs to be triaged bug Issue identified by VS Code Team member as probable bug labels Jul 28, 2022
@DonJayamanne DonJayamanne mentioned this issue Jul 31, 2022
Closed
@DonJayamanne DonJayamanne added this to the August 2022 milestone Jul 31, 2022
@DonJayamanne
Copy link
Contributor

Closed by PR #10986

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@DonJayamanne DonJayamanne

Labels
debt Code quality issues
Projects
None yet
Milestone
August 2022
Development

No branches or pull requests
4 participants
@PeterJCLaw @rebornix @DonJayamanne @rchiodo