Skip to content

feat: disable chmod in untrusted workspaces via workspace trust API#48

Open
jimeh wants to merge 1 commit intomainfrom
workspace-trust
Open

feat: disable chmod in untrusted workspaces via workspace trust API#48
jimeh wants to merge 1 commit intomainfrom
workspace-trust

Conversation

@jimeh
Copy link
Owner

@jimeh jimeh commented Feb 14, 2026

Summary

  • Previously the extension declared untrustedWorkspaces.supported: true, meaning chmod ran unconditionally — a malicious workspace could contain shebang files that silently become executable on save
  • Switches to "supported": "limited" so the extension still loads in Restricted Mode but all permission changes are gated behind vscode.workspace.isTrusted
  • Protects the permissionStrategy setting via restrictedConfigurations to prevent a workspace-level .vscode/settings.json from escalating to the "all" strategy

Changes

Runtime guard (src/document-handler.ts): Added !vscode.workspace.isTrusted early return in shouldSkipDocument(). This covers both the on-save handler and the manual command since both flow through processDocument(). No onDidGrantWorkspaceTrust event listener is needed — isTrusted is checked on every save, so granting trust mid-session immediately unblocks subsequent saves.

Manifest (package.json): Changed untrustedWorkspaces to "limited" with a user-facing description. Added restrictedConfigurations for permissionStrategy. Added isWorkspaceTrusted to the manual command's enablement clause to grey it out in the command palette when untrusted.

Tests (src/test/extension.test.ts): New workspace trust suite with 4 tests — untrusted blocks on-save, trusted works normally, manual command blocked when untrusted, and mid-session trust grant enables subsequent saves.

Test plan

  • All 135 tests pass (including 4 new workspace trust tests)
  • Compilation and linting clean
  • Manual verification: open extension in untrusted workspace, save shebang file, confirm no chmod; grant trust, save again, confirm chmod works

🤖 Generated with Claude Code

@jimeh @claude
feat: disable chmod in untrusted workspaces via workspace trust API
aefcfc8 
A malicious workspace could contain shebang files that silently become
executable on save. Switching from `"supported": true` to `"limited"`
lets the extension load in restricted mode but gates all chmod
operations behind `vscode.workspace.isTrusted`.

- Declare `"supported": "limited"` with `restrictedConfigurations` to
  prevent workspace-level `permissionStrategy` override (e.g. "all")
- Add `!isTrusted` early return in `shouldSkipDocument()`, covering
  both the on-save handler and the manual command
- Grey out the manual command via `isWorkspaceTrusted` enablement
- No `onDidGrantWorkspaceTrust` listener needed — `isTrusted` is
  checked on every save, so granting trust mid-session just works

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings February 14, 2026 20:21
Copilot AI reviewed Feb 14, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR implements workspace trust support to prevent malicious files from becoming executable in untrusted workspaces. The extension now respects VS Code's workspace trust boundaries by blocking all chmod operations when vscode.workspace.isTrusted is false, addressing a security concern where opening an untrusted workspace containing shebang files could silently make them executable.

Changes:

  • Added runtime workspace trust guard in shouldSkipDocument() to block chmod operations in untrusted workspaces
  • Updated package.json manifest with untrustedWorkspaces.supported: "limited", restricted permissionStrategy configuration, and command enablement clause
  • Added comprehensive test suite (4 tests) covering untrusted/trusted scenarios and mid-session trust grants

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
src/document-handler.ts Added !vscode.workspace.isTrusted check in shouldSkipDocument() to block all chmod operations in untrusted workspaces
package.json Changed untrusted workspace support to "limited", added restrictedConfigurations for permissionStrategy, and updated command enablement with isWorkspaceTrusted context
src/test/extension.test.ts Added workspace trust test suite with 4 tests covering untrusted blocking, trusted operation, manual command blocking, and mid-session trust grants
AGENTS.md Documented workspace trust implementation pattern for future reference

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jimeh