💄

mjbvz · mjbvz · commit 51d697c202a5 · 2020-06-11T20:05:33.000-07:00
diff --git a/src/vs/platform/extensionManagement/common/configRemotes.ts b/src/vs/platform/extensionManagement/common/configRemotes.ts
@@ -13,7 +13,7 @@ const SecondLevelDomainMatcher = /([^@:.]+\.[^@:.]+)(:\d+)?$/;
 const RemoteMatcher = /^\s*url\s*=\s*(.+\S)\s*$/mg;
 const AnyButDot = /[^.]/g;
 
-export const SecondLevelDomainWhitelist = [
+export const AllowedSecondLevelDomains = [
 	'github.com',
 	'bitbucket.org',
 	'visualstudio.com',
@@ -54,7 +54,7 @@ function extractDomain(url: string): string | null {
 	return null;
 }
 
-export function getDomainsOfRemotes(text: string, whitelist: string[]): string[] {
+export function getDomainsOfRemotes(text: string, allowedDomains: readonly string[]): string[] {
 	const domains = new Set<string>();
 	let match: RegExpExecArray | null;
 	while (match = RemoteMatcher.exec(text)) {
@@ -64,16 +64,9 @@ export function getDomainsOfRemotes(text: string, whitelist: string[]): string[]
 		}
 	}
 
-	const whitemap = whitelist.reduce((map, key) => {
-		map[key] = true;
-		return map;
-	}, Object.create(null));
-
-	const elements: string[] = [];
-	domains.forEach(e => elements.push(e));
-
-	return elements
-		.map(key => whitemap[key] ? key : key.replace(AnyButDot, 'a'));
+	const allowedDomainsSet = new Set(allowedDomains);
+	return Array.from(domains)
+		.map(key => allowedDomainsSet.has(key) ? key : key.replace(AnyButDot, 'a'));
 }
 
 function stripPort(authority: string): string | null {
diff --git a/src/vs/platform/extensionManagement/test/common/configRemotes.test.ts b/src/vs/platform/extensionManagement/test/common/configRemotes.test.ts
@@ -8,7 +8,7 @@ import { getDomainsOfRemotes, getRemotes } from 'vs/platform/extensionManagement
 
 suite('Config Remotes', () => {
 
-	const whitelist = [
+	const allowedDomains = [
 		'github.com',
 		'github2.com',
 		'github3.com',
@@ -20,37 +20,37 @@ suite('Config Remotes', () => {
 	];
 
 	test('HTTPS remotes', function () {
-		assert.deepStrictEqual(getDomainsOfRemotes(remote('https://github.com/Microsoft/vscode.git'), whitelist), ['github.com']);
-		assert.deepStrictEqual(getDomainsOfRemotes(remote('https://git.example.com/gitproject.git'), whitelist), ['example.com']);
-		assert.deepStrictEqual(getDomainsOfRemotes(remote('https://username@github2.com/username/repository.git'), whitelist), ['github2.com']);
-		assert.deepStrictEqual(getDomainsOfRemotes(remote('https://username:password@github3.com/username/repository.git'), whitelist), ['github3.com']);
-		assert.deepStrictEqual(getDomainsOfRemotes(remote('https://username:password@example2.com:1234/username/repository.git'), whitelist), ['example2.com']);
-		assert.deepStrictEqual(getDomainsOfRemotes(remote('https://example3.com:1234/username/repository.git'), whitelist), ['example3.com']);
+		assert.deepStrictEqual(getDomainsOfRemotes(remote('https://github.com/Microsoft/vscode.git'), allowedDomains), ['github.com']);
+		assert.deepStrictEqual(getDomainsOfRemotes(remote('https://git.example.com/gitproject.git'), allowedDomains), ['example.com']);
+		assert.deepStrictEqual(getDomainsOfRemotes(remote('https://username@github2.com/username/repository.git'), allowedDomains), ['github2.com']);
+		assert.deepStrictEqual(getDomainsOfRemotes(remote('https://username:password@github3.com/username/repository.git'), allowedDomains), ['github3.com']);
+		assert.deepStrictEqual(getDomainsOfRemotes(remote('https://username:password@example2.com:1234/username/repository.git'), allowedDomains), ['example2.com']);
+		assert.deepStrictEqual(getDomainsOfRemotes(remote('https://example3.com:1234/username/repository.git'), allowedDomains), ['example3.com']);
 	});
 
 	test('SSH remotes', function () {
-		assert.deepStrictEqual(getDomainsOfRemotes(remote('ssh://user@git.server.org/project.git'), whitelist), ['server.org']);
+		assert.deepStrictEqual(getDomainsOfRemotes(remote('ssh://user@git.server.org/project.git'), allowedDomains), ['server.org']);
 	});
 
 	test('SCP-like remotes', function () {
-		assert.deepStrictEqual(getDomainsOfRemotes(remote('git@github.com:Microsoft/vscode.git'), whitelist), ['github.com']);
-		assert.deepStrictEqual(getDomainsOfRemotes(remote('user@git.server.org:project.git'), whitelist), ['server.org']);
-		assert.deepStrictEqual(getDomainsOfRemotes(remote('git.server2.org:project.git'), whitelist), ['server2.org']);
+		assert.deepStrictEqual(getDomainsOfRemotes(remote('git@github.com:Microsoft/vscode.git'), allowedDomains), ['github.com']);
+		assert.deepStrictEqual(getDomainsOfRemotes(remote('user@git.server.org:project.git'), allowedDomains), ['server.org']);
+		assert.deepStrictEqual(getDomainsOfRemotes(remote('git.server2.org:project.git'), allowedDomains), ['server2.org']);
 	});
 
 	test('Local remotes', function () {
-		assert.deepStrictEqual(getDomainsOfRemotes(remote('/opt/git/project.git'), whitelist), []);
-		assert.deepStrictEqual(getDomainsOfRemotes(remote('file:///opt/git/project.git'), whitelist), []);
+		assert.deepStrictEqual(getDomainsOfRemotes(remote('/opt/git/project.git'), allowedDomains), []);
+		assert.deepStrictEqual(getDomainsOfRemotes(remote('file:///opt/git/project.git'), allowedDomains), []);
 	});
 
 	test('Multiple remotes', function () {
 		const config = ['https://github.com/Microsoft/vscode.git', 'https://git.example.com/gitproject.git'].map(remote).join('');
-		assert.deepStrictEqual(getDomainsOfRemotes(config, whitelist).sort(), ['example.com', 'github.com']);
+		assert.deepStrictEqual(getDomainsOfRemotes(config, allowedDomains).sort(), ['example.com', 'github.com']);
 	});
 
-	test('Whitelisting', () => {
+	test('Non allowed domains are anonymized', () => {
 		const config = ['https://github.com/Microsoft/vscode.git', 'https://git.foobar.com/gitproject.git'].map(remote).join('');
-		assert.deepStrictEqual(getDomainsOfRemotes(config, whitelist).sort(), ['aaaaaa.aaa', 'github.com']);
+		assert.deepStrictEqual(getDomainsOfRemotes(config, allowedDomains).sort(), ['aaaaaa.aaa', 'github.com']);
 	});
 
 	test('HTTPS remotes to be hashed', function () {
diff --git a/src/vs/platform/telemetry/common/telemetryUtils.ts b/src/vs/platform/telemetry/common/telemetryUtils.ts
@@ -156,8 +156,8 @@ export function cleanRemoteAuthority(remoteAuthority?: string): string {
 	}
 
 	let ret = 'other';
-	// Whitelisted remote authorities
-	['ssh-remote', 'dev-container', 'attached-container', 'wsl'].forEach((res: string) => {
+	const allowedAuthorities = ['ssh-remote', 'dev-container', 'attached-container', 'wsl'];
+	allowedAuthorities.forEach((res: string) => {
 		if (remoteAuthority!.indexOf(`${res}+`) === 0) {
 			ret = res;
 		}
diff --git a/src/vs/workbench/contrib/extensions/browser/extensionEditor.ts b/src/vs/workbench/contrib/extensions/browser/extensionEditor.ts
@@ -617,7 +617,7 @@ export class ExtensionEditor extends BaseEditor {
 				if (!link) {
 					return;
 				}
-				// Whitelist supported schemes for links
+				// Only allow links with specific schemes
 				if (matchesScheme(link, Schemas.http) || matchesScheme(link, Schemas.https) || matchesScheme(link, Schemas.mailto)
 					|| (matchesScheme(link, Schemas.command) && URI.parse(link).path === ShowCurrentReleaseNotesActionId)
 				) {
diff --git a/src/vs/workbench/contrib/tags/electron-browser/workspaceTags.ts b/src/vs/workbench/contrib/tags/electron-browser/workspaceTags.ts
@@ -16,7 +16,7 @@ import { IWorkspaceTagsService, Tags } from 'vs/workbench/contrib/tags/common/wo
 import { IWorkspaceInformation } from 'vs/platform/diagnostics/common/diagnostics';
 import { IRequestService } from 'vs/platform/request/common/request';
 import { isWindows } from 'vs/base/common/platform';
-import { getRemotes, SecondLevelDomainWhitelist, getDomainsOfRemotes } from 'vs/platform/extensionManagement/common/configRemotes';
+import { getRemotes, AllowedSecondLevelDomains, getDomainsOfRemotes } from 'vs/platform/extensionManagement/common/configRemotes';
 
 export function getHashedRemotesFromConfig(text: string, stripEndingDotGit: boolean = false): string[] {
 	return getRemotes(text, stripEndingDotGit).map(r => {
@@ -111,7 +111,7 @@ export class WorkspaceTags implements IWorkbenchContribution {
 					return [];
 				}
 				return this.textFileService.read(uri, { acceptTextOnly: true }).then(
-					content => getDomainsOfRemotes(content.value, SecondLevelDomainWhitelist),
+					content => getDomainsOfRemotes(content.value, AllowedSecondLevelDomains),
 					err => [] // ignore missing or binary file
 				);
 			});

Original file line number	Diff line number	Diff line change
`@@ -156,8 +156,8 @@ export function cleanRemoteAuthority(remoteAuthority?: string): string {`
`156`	`156`	`}`
`157`	`157`
`158`	`158`	`let ret = 'other';`
`159`		`- // Whitelisted remote authorities`
`160`		`- ['ssh-remote', 'dev-container', 'attached-container', 'wsl'].forEach((res: string) => {`
	`159`	`+ const allowedAuthorities = ['ssh-remote', 'dev-container', 'attached-container', 'wsl'];`
	`160`	`+ allowedAuthorities.forEach((res: string) => {`
`161`	`161`	if (remoteAuthority!.indexOf(`${res}+`) === 0) {
`162`	`162`	`ret = res;`
`163`	`163`	`}`
Original file line number	Diff line number	Diff line change
`@@ -617,7 +617,7 @@ export class ExtensionEditor extends BaseEditor {`
`617`	`617`	`if (!link) {`
`618`	`618`	`return;`
`619`	`619`	`}`
`620`		`- // Whitelist supported schemes for links`
	`620`	`+ // Only allow links with specific schemes`
`621`	`621`	`if (matchesScheme(link, Schemas.http) \|\| matchesScheme(link, Schemas.https) \|\| matchesScheme(link, Schemas.mailto)`
`622`	`622`	`\|\| (matchesScheme(link, Schemas.command) && URI.parse(link).path === ShowCurrentReleaseNotesActionId)`
`623`	`623`	`) {`