Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restricted mode like in VSCode #21218

Open
1 task done
achimnol opened this issue Nov 26, 2024 · 0 comments
Open
1 task done

Restricted mode like in VSCode #21218

achimnol opened this issue Nov 26, 2024 · 0 comments
Labels
cli Command-line interface feedback enhancement [core label] security & privacy Data privacy issue, security vulnerabilities, etc workspace Feedback for workspace management, layout, interactions, etc

Comments

@achimnol
Copy link

achimnol commented Nov 26, 2024
edited
Loading

Check for existing issues

  • Completed

Describe the feature

In the discussion in python-lsp/pylsp-mypy#95, I found that blindly running LSP configurations that may designate random executable paths in the local system can be a critical security issue.

This is why there is the restricted mode in VSCode: https://code.visualstudio.com/docs/editor/workspace-trust

I think this addition would be great to ensure safety of the Zed users when browsing random code repositories cloned from the web.

Potential design ideas:

  • Simply reject loading per-project LSP configurations (.zed/settings.json) if included in the version control (with an explicit warning visible to the user). They should be local, private configurations and .gitignore should exclude them from the source tree. This would be relatively simpler to implement.
  • Add a restricted mode like VSCode, starting from preventing loading of LSP plugins. This would require tracking of the list of trusted workspace paths.

Related issues:

If I could customize the PATH environment variable used by the LSP servers spawned by Zed (both locally and remotely) in per-project basis, I could workaround python-lsp/pylsp-mypy#95.

Environment

Applies to all Zed versions available now.

If applicable, add mockups / screenshots to help present your vision of the feature

No response
@achimnol achimnol added admin read Pending admin review enhancement [core label] triage Maintainer needs to classify the issue labels Nov 26, 2024
@github-actions github-actions bot mentioned this issue Nov 30, 2024
Open
@JosephTLyons JosephTLyons added workspace Feedback for workspace management, layout, interactions, etc setting Feedback for preferences, configuration, etc cli Command-line interface feedback security & privacy Data privacy issue, security vulnerabilities, etc and removed triage Maintainer needs to classify the issue setting Feedback for preferences, configuration, etc admin read Pending admin review labels Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cli Command-line interface feedback enhancement [core label] security & privacy Data privacy issue, security vulnerabilities, etc workspace Feedback for workspace management, layout, interactions, etc
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@achimnol @JosephTLyons