Update trusted domains based on workspaace remotes

Closes #97532
microsoft · May 12, 2020 · 288852d · 288852d · JacksonKearl · May 12, 2020
1 parent 1636e54
commit 288852d
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 14 deletions.
diff --git a/src/vs/workbench/contrib/url/browser/trustedDomains.ts b/src/vs/workbench/contrib/url/browser/trustedDomains.ts
@@ -12,6 +12,9 @@ import { IStorageService, StorageScope } from 'vs/platform/storage/common/storag
 import { IEditorService } from 'vs/workbench/services/editor/common/editorService';
 import { ITelemetryService } from 'vs/platform/telemetry/common/telemetry';
 import { IAuthenticationService } from 'vs/workbench/services/authentication/browser/authenticationService';
+import { IFileService } from 'vs/platform/files/common/files';
+import { ITextFileService } from 'vs/workbench/services/textfile/common/textfiles';
+import { IWorkspaceContextService } from 'vs/platform/workspace/common/workspace';
 
 const TRUSTED_DOMAINS_URI = URI.parse('trustedDomains:/Trusted Domains');
 
@@ -117,7 +120,42 @@ export async function configureOpenerTrustedDomainsHandler(
 	return [];
 }
 
-export async function readTrustedDomains(storageService: IStorageService, productService: IProductService, authenticationService: IAuthenticationService) {
+async function getRemotes(fileService: IFileService, textFileService: ITextFileService, contextService: IWorkspaceContextService): Promise<string[]> {
+	const workspaceUris = contextService.getWorkspace().folders.map(folder => folder.uri);
+	const domains = await Promise.all<string[]>(workspaceUris.map(async workspaceUri => {
+		const path = workspaceUri.path;
+		const uri = workspaceUri.with({ path: `${path !== '/' ? path : ''}/.git/config` });
+		const exists = await fileService.exists(uri);
+		if (!exists) {
+			return [];
+		}
+		const content = (await (textFileService.read(uri, { acceptTextOnly: true }).catch(() => ({ value: '' })))).value;
+		const domains = new Set<string>();
+		let match: RegExpExecArray | null;
+
+		const RemoteMatcher = /^\s*url\s*=\s*(?:git@|https:\/\/)([^:\/]*)(?::|\/)([^.]*)\.git\s*$/mg;
+		while (match = RemoteMatcher.exec(content)) {
+			const [domain, repo] = [match[1], match[2]];
+			if (domain && repo) {
+				domains.add(`https://${domain}/${repo}/`);
+			}
+		}
+		return [...domains];
+	}));
+
+	const set = domains.reduce((set, list) => list.reduce((set, item) => set.add(item), set), new Set<string>());
+	return [...set];
+}
+
+export async function readTrustedDomains(accessor: ServicesAccessor) {
+
+	const storageService = accessor.get(IStorageService);
+	const productService = accessor.get(IProductService);
+	const authenticationService = accessor.get(IAuthenticationService);
+	const fileService = accessor.get(IFileService);
+	const textFileService = accessor.get(ITextFileService);
+	const workspaceContextService = accessor.get(IWorkspaceContextService);
+
 	const defaultTrustedDomains: string[] = productService.linkProtectionTrustedDomains
 		? [...productService.linkProtectionTrustedDomains]
 		: [];
@@ -134,9 +172,12 @@ export async function readTrustedDomains(storageService: IStorageService, produc
 		.map(session => session.account.displayName)
 		.map(username => `https://github.com/${username}/`);
 
+	const workspaceDomains = await getRemotes(fileService, textFileService, workspaceContextService);
+
 	return {
 		defaultTrustedDomains,
 		trustedDomains,
-		userDomains
+		userDomains,
+		workspaceDomains
 	};
 }
diff --git a/src/vs/workbench/contrib/url/browser/trustedDomainsFileSystemProvider.ts b/src/vs/workbench/contrib/url/browser/trustedDomainsFileSystemProvider.ts
@@ -12,10 +12,9 @@ import { IStorageService, StorageScope } from 'vs/platform/storage/common/storag
 import { IWorkbenchContribution } from 'vs/workbench/common/contributions';
 import { VSBuffer } from 'vs/base/common/buffer';
 import { readTrustedDomains, TRUSTED_DOMAINS_CONTENT_STORAGE_KEY, TRUSTED_DOMAINS_STORAGE_KEY } from 'vs/workbench/contrib/url/browser/trustedDomains';
-import { IProductService } from 'vs/platform/product/common/productService';
 import { IStorageKeysSyncRegistryService } from 'vs/platform/userDataSync/common/storageKeys';
-import { IAuthenticationService } from 'vs/workbench/services/authentication/browser/authenticationService';
 import { assertIsDefined } from 'vs/base/common/types';
+import { IInstantiationService } from 'vs/platform/instantiation/common/instantiation';
 
 const TRUSTED_DOMAINS_SCHEMA = 'trustedDomains';
 
@@ -47,7 +46,7 @@ const CONFIG_PLACEHOLDER_TEXT = `[
 	// "https://microsoft.com"
 ]`;
 
-function computeTrustedDomainContent(defaultTrustedDomains: string[], trustedDomains: string[], userTrustedDomains: string[]) {
+function computeTrustedDomainContent(defaultTrustedDomains: string[], trustedDomains: string[], userTrustedDomains: string[], workspaceTrustedDomains: string[]) {
 	let content = CONFIG_HELP_TEXT_PRE;
 
 	if (defaultTrustedDomains.length > 0) {
@@ -58,13 +57,21 @@ function computeTrustedDomainContent(defaultTrustedDomains: string[], trustedDom
 	} else {
 		content += `// By default, VS Code trusts "localhost".\n`;
 	}
+
 	if (userTrustedDomains.length) {
 		content += `//\n// Additionally, the following domains are trusted based on your current GitHub login:\n`;
 		userTrustedDomains.forEach(d => {
 			content += `// - "${d}"\n`;
 		});
 	}
 
+	if (workspaceTrustedDomains.length) {
+		content += `//\n// Further, the following domains are trusted based on your workspace configuration:\n`;
+		workspaceTrustedDomains.forEach(d => {
+			content += `// - "${d}"\n`;
+		});
+	}
+
 	content += CONFIG_HELP_TEXT_AFTER;
 
 	if (trustedDomains.length === 0) {
@@ -85,9 +92,8 @@ export class TrustedDomainsFileSystemProvider implements IFileSystemProviderWith
 	constructor(
 		@IFileService private readonly fileService: IFileService,
 		@IStorageService private readonly storageService: IStorageService,
-		@IProductService private readonly productService: IProductService,
+		@IInstantiationService private readonly instantiationService: IInstantiationService,
 		@IStorageKeysSyncRegistryService private readonly storageKeysSyncRegistryService: IStorageKeysSyncRegistryService,
-		@IAuthenticationService private readonly authenticationService: IAuthenticationService,
 	) {
 		this.fileService.registerProvider(TRUSTED_DOMAINS_SCHEMA, this);
 
@@ -105,14 +111,14 @@ export class TrustedDomainsFileSystemProvider implements IFileSystemProviderWith
 			StorageScope.GLOBAL
 		);
 
-		const { defaultTrustedDomains, trustedDomains, userDomains } = await readTrustedDomains(this.storageService, this.productService, this.authenticationService);
+		const { defaultTrustedDomains, trustedDomains, userDomains, workspaceDomains } = await this.instantiationService.invokeFunction(readTrustedDomains);
 		if (
 			!trustedDomainsContent ||
 			trustedDomainsContent.indexOf(CONFIG_HELP_TEXT_PRE) === -1 ||
 			trustedDomainsContent.indexOf(CONFIG_HELP_TEXT_AFTER) === -1 ||
-			[...defaultTrustedDomains, ...trustedDomains, ...userDomains].some(d => !assertIsDefined(trustedDomainsContent).includes(d))
+			[...defaultTrustedDomains, ...trustedDomains, ...userDomains, ...workspaceDomains].some(d => !assertIsDefined(trustedDomainsContent).includes(d))
 		) {
-			trustedDomainsContent = computeTrustedDomainContent(defaultTrustedDomains, trustedDomains, userDomains);
+			trustedDomainsContent = computeTrustedDomainContent(defaultTrustedDomains, trustedDomains, userDomains, workspaceDomains);
 		}
 
 		const buffer = VSBuffer.fromString(trustedDomainsContent).buffer;

diff --git a/src/vs/workbench/contrib/url/browser/trustedDomainsValidator.ts b/src/vs/workbench/contrib/url/browser/trustedDomainsValidator.ts
@@ -20,7 +20,7 @@ import {
 import { IEditorService } from 'vs/workbench/services/editor/common/editorService';
 import { IClipboardService } from 'vs/platform/clipboard/common/clipboardService';
 import { ITelemetryService } from 'vs/platform/telemetry/common/telemetry';
-import { IAuthenticationService } from 'vs/workbench/services/authentication/browser/authenticationService';
+import { IInstantiationService } from 'vs/platform/instantiation/common/instantiation';
 
 type TrustedDomainsDialogActionClassification = {
 	action: { classification: 'SystemMetaData', purpose: 'FeatureInsight' };
@@ -36,7 +36,7 @@ export class OpenerValidatorContributions implements IWorkbenchContribution {
 		@IEditorService private readonly _editorService: IEditorService,
 		@IClipboardService private readonly _clipboardService: IClipboardService,
 		@ITelemetryService private readonly _telemetryService: ITelemetryService,
-		@IAuthenticationService private readonly _authenticationService: IAuthenticationService,
+		@IInstantiationService private readonly _instantiationService: IInstantiationService,
 	) {
 		this._openerService.registerValidator({ shouldOpen: r => this.validateLink(r) });
 	}
@@ -52,8 +52,8 @@ export class OpenerValidatorContributions implements IWorkbenchContribution {
 		const { scheme, authority, path, query, fragment } = resource;
 
 		const domainToOpen = `${scheme}://${authority}`;
-		const { defaultTrustedDomains, trustedDomains, userDomains } = await readTrustedDomains(this._storageService, this._productService, this._authenticationService);
-		const allTrustedDomains = [...defaultTrustedDomains, ...trustedDomains, ...userDomains];
+		const { defaultTrustedDomains, trustedDomains, userDomains, workspaceDomains } = await this._instantiationService.invokeFunction(readTrustedDomains);
+		const allTrustedDomains = [...defaultTrustedDomains, ...trustedDomains, ...userDomains, ...workspaceDomains];
 
 		if (isURLDomainTrusted(resource, allTrustedDomains)) {
 			return true;