Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SECURITY: Brainstorming and Tracker to prevent getting pwned #32

Open
3 tasks
Mupu opened this issue Nov 26, 2024 · 0 comments
Open
3 tasks

SECURITY: Brainstorming and Tracker to prevent getting pwned #32

Mupu opened this issue Nov 26, 2024 · 0 comments

Comments

@Mupu
Copy link
Contributor

Mupu commented Nov 26, 2024

Currently, simply opening a project can get you compromised, as the LSP will run all #run in the code base.

To prevent such a case or at least reduce the risk of that happening, I was thinking of the following:

  • Include a disclaimer in the description of the Jails as well as in the VS Code Extension description.

VSCODE:

Other editors (nvim, etc.):
The bigger question is can we do something about other editors, that we don't support?
One solution would be to do something like nvim, where the LSP keeps a trust store of what files to trust. But since it's the LSP it would not be that usable, since it can not offer any Popup to make managing it simple. Maybe we don't have any good solution for this case.

  • Maybe we could at least let the client enable/disable the functionaity by letting the client specify it via the capabilities as a best effort solution for the unsupported editors.

Feed back would be appreciated!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant