Wondering if anyone has seen this yet (code exec via macro expansion when loading a crate in VSCode)?
of course :)
Cool cool haha. I figured - but just wanted to double check
And see also: https://rust-analyzer.github.io/manual.html#security
It could be interesting to look at the workspace trust feature of vscode https://github.com/microsoft/vscode/issues/120251
yeah, that seems like a good solution
is it exposed via LSP?
I don't know the details, but I am happy to help find out. I might go ahead and get an issue created in https://github.com/rust-analyzer/rust-analyzer
It looks fairly simple to just add the capability setting to always require trust, which might be the right approach for now. But in theory it might be possible to support the limited mode and provide some functionality.
implementation-wise the untrusted mode would basically require us to never run any external commands
I am guessing it would be possible to have a mode that provided intellisense for a project with no build.rs or proc_macros, but it would require some care to make sure it was done right.
what if r-a would do
std::env::remove_var("PATH")? that would make it impossible to invoke most external programs. ah, but I guess Windows searches the current directory first
Impossible to invoke most external programs, apart from literally every external program just by passing in an absolute path.
yes, but that doesn't happen by accident
I'm trying to safeguard against an accidental
cargo invocation or something similar while in untrusted mode
In any case, I think once you enable the trusted workspaces feature the default is to require trust to run rust-analyzer. So it might be that we don't really need to do anything here unless we want to support the limited mode. Though we could add the option in the package.json to make that explicit.