feat: add publisher agreement compliance check #954
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
amvanbaren
requested changes
Jun 27, 2024
...in/java/org/eclipse/openvsx/migration/CheckPotentiallyMaliciousExtensionVersionsService.java
Show resolved
Hide resolved
...in/java/org/eclipse/openvsx/migration/CheckPotentiallyMaliciousExtensionVersionsService.java
Show resolved
Hide resolved
server/src/main/java/org/eclipse/openvsx/migration/PotentiallyMaliciousJobRequestHandler.java
Show resolved
Hide resolved
| } | ||
|
|
||
| @Override | ||
| @Job(name = "Check published extensions for maliciously compressed vsix files", retries = 3) |
There was a problem hiding this comment.
... for potentially malicious ...
| public void run(MigrationJobRequest jobRequest) throws Exception { | ||
| var download = migrations.getResource(jobRequest); | ||
| var extVersion = download.getExtension(); | ||
| logger.info("Checking extension version for malicious content: {}", NamingUtil.toLogFormat(extVersion)); |
There was a problem hiding this comment.
... for potentially malicious vsix file: ...
| return; | ||
| } | ||
|
|
||
| logger.info("Checking vsix file for malicious metadata: {}", download.getName()); |
There was a problem hiding this comment.
... for potentially malicious ...
| @@ -204,6 +204,11 @@ public void publishAsync(FileResource download, TempFile extensionFile, Extensio | |||
| service.storeDownload(download, extensionFile); | |||
| service.persistResource(download); | |||
| try(var processor = new ExtensionProcessor(extensionFile, ObservationRegistry.NOOP)) { | |||
| extVersion.setPotentiallyMalicious(processor.isPotentiallyMalicious()); | |||
| if (extVersion.isPotentiallyMalicious()) { | |||
| throw new ErrorResultException("The extension version is potentially malicious and cannot be published: " + NamingUtil.toLogFormat(extVersion)); | |||
There was a problem hiding this comment.
This runs asynchronous in the background. The publisher won't receive the exception.
Log and return would be good enough:
logger.warn("Extension version is potentially malicious: {}", NamingUtil.toLogFormat(extVersion));
return;| @@ -495,6 +495,11 @@ public Streamable<MigrationItem> findNotMigratedSha256Checksums() { | |||
| return findNotMigratedItems("V1_35__FileResource_Generate_Sha256_Checksum.sql"); | |||
| } | |||
|
|
|||
| public Streamable<MigrationItem> findNotMigratedPotentiallyMalicious() { | |||
| return findNotMigratedItems("V1_46__ExtensionVersion_PotentiallyMalicious.sql"); | |||
| // return migrationItemRepo.findByMigrationScriptAndMigrationScheduledFalseOrderById("V1_46__ExtensionVersion_PotentiallyMalicious.sql"); | |||
| @@ -203,6 +203,7 @@ public List<ExtensionJson> getOwnExtensions() { | |||
| var json = latest.toExtensionJson(); | |||
| json.preview = latest.isPreview(); | |||
| json.active = latest.getExtension().isActive(); | |||
| json.potentiallyMalicious = latest.isPotentiallyMalicious(); | |||
There was a problem hiding this comment.
This is going to be used in the webui?
There was a problem hiding this comment.
Not planned yet, therefore I removed it again. We can add it back if there ever is a plan to show it in the webui.
| @@ -275,6 +275,7 @@ public UserPublishInfoJson getUserPublishInfo(String provider, String loginName) | |||
| var json = latest.toExtensionJson(); | |||
| json.preview = latest.isPreview(); | |||
| json.active = latest.getExtension().isActive(); | |||
| json.potentiallyMalicious = latest.isPotentiallyMalicious(); | |||
There was a problem hiding this comment.
This is going to be used in the webui?
There was a problem hiding this comment.
Not planned yet, therefore I removed it again. We can add it back if there ever is a plan to show it in the webui.
|
I believe I addressed all comments. Should I change anything else, @amvanbaren ? |
amvanbaren
reviewed
Jul 3, 2024
...in/java/org/eclipse/openvsx/migration/CheckPotentiallyMaliciousExtensionVersionsService.java
Show resolved
Hide resolved
server/src/main/java/org/eclipse/openvsx/migration/PotentiallyMaliciousJobRequestHandler.java
Show resolved
Hide resolved
| @@ -194,7 +194,7 @@ private String checkBundledExtension(String bundledExtension) { | |||
|
|
|||
| @Async | |||
| @Retryable | |||
| public void publishAsync(FileResource download, TempFile extensionFile, ExtensionService extensionService) { | |||
| public void publishAsync(FileResource download, TempFile extensionFile, ExtensionService extensionService) throws ErrorResultException { | |||
There was a problem hiding this comment.
It no longer throws an ErrorResultException
amvanbaren
reviewed
Jul 3, 2024
| @@ -72,6 +72,9 @@ public static ExtensionJson error(String message) { | |||
| @Schema(hidden = true) | |||
| public Boolean active; | |||
|
|
|||
| @Schema(description = "The value 'true' means that the extension contains potentially malicious content.") | |||
There was a problem hiding this comment.
No, not yet => also removed for now. We can reintroduce this if needed.
This commit enforces that only extension versions compliant with the publisher agreement can be published. Already existing extensions versions are checked as part of a migration job. Contributed on behalf of STMicroelectronics Signed-off-by: Olaf Lessenich <olessenich@eclipsesource.com>
|
Thanks for your help and the feedback @amvanbaren! |
amvanbaren
approved these changes
Jul 4, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit enforces that only extension versions compliant with the publisher agreement can be published.
Already existing extensions versions are checked as part of a migration job.
Contributed on behalf of STMicroelectronics