Warn about sensible java preferences in project settings

Signed-off-by: Snjezana Peco <[email protected]>

Author: snjeza

src/extension.ts

@@ -4,7 +4,7 @@ import * as path from 'path';
 import * as os from 'os';
 import * as fs from 'fs';
 import { workspace, extensions, ExtensionContext, window, StatusBarAlignment, commands, ViewColumn, Uri, CancellationToken, TextDocumentContentProvider, TextEditor, WorkspaceConfiguration, languages, IndentAction, ProgressLocation, InputBoxOptions, Selection, Position, EventEmitter, OutputChannel } from 'vscode';
-import { ExecuteCommandParams, ExecuteCommandRequest, LanguageClient, LanguageClientOptions, RevealOutputChannelOn, Position as LSPosition, Location as LSLocation, StreamInfo, VersionedTextDocumentIdentifier, ErrorHandler, Message, ErrorAction, CloseAction, InitializationFailedHandler } from 'vscode-languageclient';
+import { ExecuteCommandParams, ExecuteCommandRequest, LanguageClient, LanguageClientOptions, RevealOutputChannelOn, Position as LSPosition, Location as LSLocation, StreamInfo, VersionedTextDocumentIdentifier, ErrorHandler, Message, ErrorAction, CloseAction, InitializationFailedHandler, DidChangeConfigurationNotification } from 'vscode-languageclient';
 import { onExtensionChange, collectJavaExtensions } from './plugin';
 import { prepareExecutable, awaitServerConnection } from './javaServerStarter';
 import { getDocumentSymbolsCommand, getDocumentSymbolsProvider } from './documentSymbols';
@@ -22,7 +22,7 @@ import * as refactorAction from './refactorAction';
 import * as pasteAction from './pasteAction';
 import * as net from 'net';
 import { getJavaConfiguration } from './utils';
-import { onConfigurationChange, excludeProjectSettingsFiles } from './settings';
+import { onConfigurationChange, excludeProjectSettingsFiles, getKey, IS_WORKSPACE_JDK_ALLOWED } from './settings';
 import { logger, initializeLogFile } from './log';
 import glob = require('glob');
 import { SnippetCompletionProvider } from './snippetCompletionProvider';
@@ -126,7 +126,7 @@ export function activate(context: ExtensionContext): Promise<ExtensionAPI> {
 
 	enableJavadocSymbols();
 
-	return requirements.resolveRequirements().catch(error => {
+	return requirements.resolveRequirements(context).catch(error => {
 		// show error
 		window.showErrorMessage(error.message, error.label).then((selection) => {
 			if (error.label && error.label === selection && error.command) {
@@ -138,7 +138,6 @@ export function activate(context: ExtensionContext): Promise<ExtensionAPI> {
 	}).then(requirements => {
 		return new Promise((resolve, reject) => {
 			const workspacePath = path.resolve(storagePath + '/jdt_ws');
-
 			// Options to control the language client
 			const clientOptions: LanguageClientOptions = {
 				// Register the server for java
@@ -153,7 +152,7 @@ export function activate(context: ExtensionContext): Promise<ExtensionAPI> {
 				initializationOptions: {
 					bundles: collectJavaExtensions(extensions.all),
 					workspaceFolders: workspace.workspaceFolders ? workspace.workspaceFolders.map(f => f.uri.toString()) : null,
-					settings: { java: getJavaConfiguration() },
+					settings: { java: getJavaConfig(requirements.java_home) },
 					extendedClientCapabilities: {
 						progressReportProvider: getJavaConfiguration().get('progressReports.enabled'),
 						classFileContentsSupport: true,
@@ -170,6 +169,14 @@ export function activate(context: ExtensionContext): Promise<ExtensionAPI> {
 					},
 					triggerFiles: getTriggerFiles()
 				},
+				middleware: {
+					workspace: {
+					  didChangeConfiguration: () => {
+						languageClient.sendNotification(DidChangeConfigurationNotification.type, { settings: getJavaConfig(requirements.java_home) });
+						onConfigurationChange(languageClient, context);
+					  }
+					}
+				},
 				revealOutputChannelOn: RevealOutputChannelOn.Never,
 				errorHandler: new ClientErrorHandler(extensionName),
 				initializationFailedHandler: error => {
@@ -203,7 +210,7 @@ export function activate(context: ExtensionContext): Promise<ExtensionAPI> {
 			if (!port) {
 				const lsPort = process.env['JDTLS_CLIENT_PORT'];
 				if (!lsPort) {
-					serverOptions = prepareExecutable(requirements, workspacePath, getJavaConfiguration());
+					serverOptions = prepareExecutable(requirements, workspacePath, getJavaConfig(requirements.java_home), context);
 				} else {
 					serverOptions = () => {
 						const socket = net.connect(lsPort);
@@ -450,6 +457,13 @@ export function activate(context: ExtensionContext): Promise<ExtensionAPI> {
 	});
 }
 
+function getJavaConfig(javaHome: string) {
+	const origConfig = getJavaConfiguration();
+	const javaConfig = JSON.parse(JSON.stringify(origConfig));
+	javaConfig.home = javaHome;
+	return javaConfig;
+}
+
 export function deactivate(): Thenable<void> {
 	if (!languageClient) {
 		return undefined;

src/javaServerStarter.ts

@@ -5,20 +5,22 @@ import * as glob from 'glob';
 import * as os from 'os';
 import { StreamInfo, Executable, ExecutableOptions } from 'vscode-languageclient';
 import { RequirementsData } from './requirements';
-import { getJavaEncoding } from './settings';
+import { getJavaEncoding, IS_WORKSPACE_VMARGS_ALLOWED, getKey, getJavaagentFlag } from './settings';
 import { logger } from './log';
+import { getJavaConfiguration } from './utils';
+import { workspace, ExtensionContext } from 'vscode';
 
 declare var v8debug;
 const DEBUG = (typeof v8debug === 'object') || startedInDebugMode();
 
-export function prepareExecutable(requirements: RequirementsData, workspacePath, javaConfig): Executable {
+export function prepareExecutable(requirements: RequirementsData, workspacePath, javaConfig, context: ExtensionContext): Executable {
 	const executable: Executable = Object.create(null);
 	const options: ExecutableOptions = Object.create(null);
 	options.env = process.env;
 	options.stdio = 'pipe';
 	executable.options = options;
 	executable.command = path.resolve(requirements.java_home + '/bin/java');
-	executable.args = prepareParams(requirements, javaConfig, workspacePath);
+	executable.args = prepareParams(requirements, javaConfig, workspacePath, context);
 	logger.info(`Starting Java server with: ${executable.command} ${executable.args.join(' ')}`);
 	return executable;
 }
@@ -39,7 +41,7 @@ export function awaitServerConnection(port): Thenable<StreamInfo> {
 	});
 }
 
-function prepareParams(requirements: RequirementsData, javaConfiguration, workspacePath): string[] {
+function prepareParams(requirements: RequirementsData, javaConfiguration, workspacePath, context: ExtensionContext): string[] {
 	const params: string[] = [];
 	if (DEBUG) {
 		params.push('-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=1044,quiet=y');
@@ -60,8 +62,23 @@ function prepareParams(requirements: RequirementsData, javaConfiguration, worksp
 	if (DEBUG) {
 		params.push('-Dlog.level=ALL');
 	}
-
-	const vmargs = javaConfiguration.get('jdt.ls.vmargs', '');
+	let vmargsCheck = workspace.getConfiguration().inspect('java.jdt.ls.vmargs').workspaceValue;
+	if (vmargsCheck !== undefined) {
+		const agentFlag = getJavaagentFlag(vmargsCheck);
+		if (agentFlag !== null) {
+			const keyVmargs = getKey(IS_WORKSPACE_VMARGS_ALLOWED, context.storagePath, vmargsCheck);
+			const key = context.globalState.get(keyVmargs);
+			if (key !== true) {
+				vmargsCheck = workspace.getConfiguration().inspect('java.jdt.ls.vmargs').globalValue;
+			}
+		}
+	}
+	let vmargs;
+	if (vmargsCheck !== undefined) {
+		vmargs = vmargsCheck + '';
+	} else {
+		vmargs = '';
+	}
 	const encodingKey = '-Dfile.encoding=';
 	if (vmargs.indexOf(encodingKey) < 0) {
 		params.push(encodingKey + getJavaEncoding());

src/requirements.ts

@@ -1,12 +1,13 @@
 'use strict';
 
-import { workspace, Uri, env } from 'vscode';
+import { workspace, Uri, env, window, ConfigurationTarget, commands, ExtensionContext } from 'vscode';
 import * as cp from 'child_process';
 import * as path from 'path';
 import * as pathExists from 'path-exists';
 import * as expandHomeDir from 'expand-home-dir';
 import findJavaHome = require("find-java-home");
 import { Commands } from './commands';
+import { checkJavaPreferences } from './settings';
 
 const isWindows = process.platform.indexOf('win') === 0;
 const JAVAC_FILENAME = 'javac' + (isWindows ? '.exe' : '');
@@ -29,16 +30,16 @@ interface ErrorData {
  * if any of the requirements fails to resolve.
  *
  */
-export async function resolveRequirements(): Promise<RequirementsData> {
-    const javaHome = await checkJavaRuntime();
+export async function resolveRequirements(context: ExtensionContext): Promise<RequirementsData> {
+    const javaHome = await checkJavaRuntime(context);
     const javaVersion = await checkJavaVersion(javaHome);
     return Promise.resolve({ java_home: javaHome, java_version: javaVersion });
 }
 
-function checkJavaRuntime(): Promise<string> {
-    return new Promise((resolve, reject) => {
+function checkJavaRuntime(context: ExtensionContext): Promise<string> {
+    return new Promise(async (resolve, reject) => {
         let source: string;
-        let javaHome: string = readJavaConfig();
+        let javaHome = await checkJavaPreferences(context);
         if (javaHome) {
             source = `java.home variable defined in ${env.appName} settings`;
         } else {
@@ -78,11 +79,6 @@ function checkJavaRuntime(): Promise<string> {
     });
 }
 
-function readJavaConfig(): string {
-    const config = workspace.getConfiguration();
-    return config.get<string>('java.home', null);
-}
-
 function checkJavaVersion(javaHome: string): Promise<number> {
     return new Promise((resolve, reject) => {
         cp.execFile(javaHome + '/bin/java', ['-version'], {}, (error, stdout, stderr) => {

src/settings.ts

@@ -1,11 +1,15 @@
 'use strict';
 
+import * as path from 'path';
 import { window, Uri, workspace, WorkspaceConfiguration, commands, ConfigurationTarget, env, ExtensionContext, TextEditor, Range, Disposable } from 'vscode';
 import { LanguageClient } from 'vscode-languageclient';
 import { Commands } from './commands';
 import { getJavaConfiguration } from './utils';
 
 const DEFAULT_HIDDEN_FILES: string[] = ['**/.classpath', '**/.project', '**/.settings', '**/.factorypath'];
+export const IS_WORKSPACE_JDK_ALLOWED = "java.ls.isJdkAllowed";
+export const IS_WORKSPACE_VMARGS_ALLOWED = "java.ls.isVmargsAllowed";
+const extensionName = 'Language Support for Java';
 
 const changeItem = {
 	global: 'Exclude globally',
@@ -116,3 +120,75 @@ export function getJavaEncoding(): string {
 	}
 	return javaEncoding;
 }
+
+export async function checkJavaPreferences(context: ExtensionContext) {
+	let javaHome = workspace.getConfiguration().inspect<string>('java.home').workspaceValue;
+	let isVerified = javaHome === undefined || javaHome === null;
+	if (isVerified) {
+		javaHome = workspace.getConfiguration().inspect<string>('java.home').globalValue;
+	}
+	const allow = 'Allow';
+	const disallow = 'Disallow';
+	const key = getKey(IS_WORKSPACE_JDK_ALLOWED, context.storagePath, javaHome);
+	const globalState = context.globalState;
+	if (!isVerified) {
+		isVerified = globalState.get(key);
+		if (isVerified === undefined) {
+			await window.showErrorMessage(`Security Warning! Do you allow this workspace to set the java.home variable? \n java.home: ${javaHome}`, disallow, allow).then(async selection => {
+				if (selection === allow) {
+					globalState.update(key, true);
+				} else if (selection === disallow) {
+					globalState.update(key, false);
+					await workspace.getConfiguration().update('java.home', undefined, ConfigurationTarget.Workspace);
+				}
+			});
+			isVerified = globalState.get(key);
+		}
+	}
+	const vmargs = workspace.getConfiguration().inspect('java.jdt.ls.vmargs').workspaceValue;
+	if (vmargs !== undefined) {
+		const agentFlag = getJavaagentFlag(vmargs);
+		if (agentFlag !== null) {
+			const keyVmargs = getKey(IS_WORKSPACE_VMARGS_ALLOWED, context.storagePath, vmargs);
+			const vmargsVerified = globalState.get(keyVmargs);
+			if (vmargsVerified === undefined || vmargsVerified === null) {
+				await window.showErrorMessage(`Security Warning! The java.jdt.ls.vmargs variable defined in ${env.appName} settings includes the (${agentFlag}) javagent preference. Do you allow it to be used?`, disallow, allow).then(async selection => {
+					if (selection === allow) {
+						globalState.update(keyVmargs, true);
+					} else if (selection === disallow) {
+						globalState.update(keyVmargs, false);
+						await workspace.getConfiguration().update('java.jdt.ls.vmargs', undefined, ConfigurationTarget.Workspace);
+					}
+				});
+			}
+		}
+	}
+	if (isVerified) {
+		return javaHome;
+	} else {
+		return workspace.getConfiguration().inspect<string>('java.home').globalValue;
+	}
+}
+
+export function getKey(prefix, storagePath, value) {
+	const workspacePath = path.resolve(storagePath + '/jdt_ws');
+	if (workspace.name !== undefined) {
+		return `${prefix}::${workspacePath}::${value}`;
+	}
+	else {
+		return `${prefix}::${value}`;
+	}
+}
+
+export function getJavaagentFlag(vmargs) {
+	const javaagent = '-javaagent:';
+	const args = vmargs.split(" ");
+	let agentFlag = null;
+	for (const arg of args) {
+		if (arg.startsWith(javaagent)) {
+			agentFlag = arg.substring(javaagent.length);
+			break;
+		}
+	}
+	return agentFlag;
+}