Skip to content

Commit 888d774

Browse files
DonJayamanneDonJayamanne
committed
Ensure we do not support the tools in an untrusted workspace
1 parent ef01ace commit 888d774

File tree

7 files changed

+44
-1
lines changed

7 files changed

+44
-1
lines changed

src/client/chat/configurePythonEnvTool.ts

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ import { TerminalCodeExecutionProvider } from '../terminals/codeExecution/termin
1919
import {
2020
getEnvDetailsForResponse,
2121
getToolResponseIfNotebook,
22+
getUntrustedWorkspaceResponse,
2223
IResourceReference,
2324
isCancellationError,
2425
raceCancellationError,
@@ -54,6 +55,9 @@ export class ConfigurePythonEnvTool implements LanguageModelTool<IResourceRefere
5455
options: LanguageModelToolInvocationOptions<IResourceReference>,
5556
token: CancellationToken,
5657
): Promise<LanguageModelToolResult> {
58+
if (!workspace.isTrusted){
59+
return getUntrustedWorkspaceResponse();
60+
}
5761
const resource = resolveFilePath(options.input.resourcePath);
5862
const notebookResponse = getToolResponseIfNotebook(resource);
5963
if (notebookResponse) {

src/client/chat/createVirtualEnvTool.ts

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ import {
2121
doesWorkspaceHaveVenvOrCondaEnv,
2222
getDisplayVersion,
2323
getEnvDetailsForResponse,
24+
getUntrustedWorkspaceResponse,
2425
IResourceReference,
2526
isCancellationError,
2627
raceCancellationError,
@@ -69,6 +70,9 @@ export class CreateVirtualEnvTool implements LanguageModelTool<ICreateVirtualEnv
6970
options: LanguageModelToolInvocationOptions<IResourceReference>,
7071
token: CancellationToken,
7172
): Promise<LanguageModelToolResult> {
73+
if (!workspace.isTrusted) {
74+
return getUntrustedWorkspaceResponse();
75+
}
7276
const resource = resolveFilePath(options.input.resourcePath);
7377
let info = await this.getPreferredEnvForCreation(resource);
7478
if (!info) {

src/client/chat/getExecutableTool.ts

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ import {
1010
LanguageModelToolInvocationPrepareOptions,
1111
LanguageModelToolResult,
1212
PreparedToolInvocation,
13+
workspace,
1314
} from 'vscode';
1415
import { PythonExtension } from '../api/types';
1516
import { IServiceContainer } from '../ioc/types';
@@ -19,6 +20,7 @@ import {
1920
getEnvDisplayName,
2021
getEnvironmentDetails,
2122
getToolResponseIfNotebook,
23+
getUntrustedWorkspaceResponse,
2224
IResourceReference,
2325
raceCancellationError,
2426
} from './utils';
@@ -45,6 +47,10 @@ export class GetExecutableTool implements LanguageModelTool<IResourceReference>
4547
options: LanguageModelToolInvocationOptions<IResourceReference>,
4648
token: CancellationToken,
4749
): Promise<LanguageModelToolResult> {
50+
if (!workspace.isTrusted) {
51+
return getUntrustedWorkspaceResponse();
52+
}
53+
4854
const resourcePath = resolveFilePath(options.input.resourcePath);
4955
const notebookResponse = getToolResponseIfNotebook(resourcePath);
5056
if (notebookResponse) {

src/client/chat/getPythonEnvTool.ts

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,13 +10,20 @@ import {
1010
LanguageModelToolInvocationPrepareOptions,
1111
LanguageModelToolResult,
1212
PreparedToolInvocation,
13+
workspace,
1314
} from 'vscode';
1415
import { PythonExtension } from '../api/types';
1516
import { IServiceContainer } from '../ioc/types';
1617
import { ICodeExecutionService } from '../terminals/types';
1718
import { TerminalCodeExecutionProvider } from '../terminals/codeExecution/terminalCodeExecution';
1819
import { IProcessServiceFactory, IPythonExecutionFactory } from '../common/process/types';
19-
import { getEnvironmentDetails, getToolResponseIfNotebook, IResourceReference, raceCancellationError } from './utils';
20+
import {
21+
getEnvironmentDetails,
22+
getToolResponseIfNotebook,
23+
getUntrustedWorkspaceResponse,
24+
IResourceReference,
25+
raceCancellationError,
26+
} from './utils';
2027
import { resolveFilePath } from './utils';
2128
import { getPythonPackagesResponse } from './listPackagesTool';
2229
import { ITerminalHelper } from '../common/terminal/types';
@@ -44,6 +51,10 @@ export class GetEnvironmentInfoTool implements LanguageModelTool<IResourceRefere
4451
options: LanguageModelToolInvocationOptions<IResourceReference>,
4552
token: CancellationToken,
4653
): Promise<LanguageModelToolResult> {
54+
if (!workspace.isTrusted) {
55+
return getUntrustedWorkspaceResponse();
56+
}
57+
4758
const resourcePath = resolveFilePath(options.input.resourcePath);
4859
const notebookResponse = getToolResponseIfNotebook(resourcePath);
4960
if (notebookResponse) {

src/client/chat/installPackagesTool.ts

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,12 +10,14 @@ import {
1010
LanguageModelToolInvocationPrepareOptions,
1111
LanguageModelToolResult,
1212
PreparedToolInvocation,
13+
workspace,
1314
} from 'vscode';
1415
import { PythonExtension } from '../api/types';
1516
import { IServiceContainer } from '../ioc/types';
1617
import {
1718
getEnvDisplayName,
1819
getToolResponseIfNotebook,
20+
getUntrustedWorkspaceResponse,
1921
IResourceReference,
2022
isCancellationError,
2123
isCondaEnv,
@@ -42,6 +44,10 @@ export class InstallPackagesTool implements LanguageModelTool<IInstallPackageArg
4244
options: LanguageModelToolInvocationOptions<IInstallPackageArgs>,
4345
token: CancellationToken,
4446
): Promise<LanguageModelToolResult> {
47+
if (!workspace.isTrusted) {
48+
return getUntrustedWorkspaceResponse();
49+
}
50+
4551
const resourcePath = resolveFilePath(options.input.resourcePath);
4652
const packageCount = options.input.packageList.length;
4753
const packagePlurality = packageCount === 1 ? 'package' : 'packages';

src/client/chat/selectEnvTool.ts

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ import {
2424
doesWorkspaceHaveVenvOrCondaEnv,
2525
getEnvDetailsForResponse,
2626
getToolResponseIfNotebook,
27+
getUntrustedWorkspaceResponse,
2728
IResourceReference,
2829
} from './utils';
2930
import { resolveFilePath } from './utils';
@@ -61,6 +62,10 @@ export class SelectPythonEnvTool implements LanguageModelTool<ISelectPythonEnvTo
6162
options: LanguageModelToolInvocationOptions<ISelectPythonEnvToolArguments>,
6263
token: CancellationToken,
6364
): Promise<LanguageModelToolResult> {
65+
if (!workspace.isTrusted) {
66+
return getUntrustedWorkspaceResponse();
67+
}
68+
6469
const resource = resolveFilePath(options.input.resourcePath);
6570
let selected: boolean | undefined = false;
6671
const hasVenvOrCondaEnvInWorkspaceFolder = doesWorkspaceHaveVenvOrCondaEnv(resource, this.api);

src/client/chat/utils.ts

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -97,6 +97,10 @@ export async function getEnvironmentDetails(
9797
return message.join('\n');
9898
}
9999

100+
export function getUntrustedWorkspaceResponse() {
101+
return new LanguageModelToolResult([new LanguageModelTextPart('Cannot use this tool in an untrusted workspace.')]);
102+
}
103+
100104
export async function getTerminalCommand(
101105
environment: ResolvedEnvironment,
102106
resource: Uri | undefined,
@@ -208,6 +212,9 @@ export async function getEnvDetailsForResponse(
208212
resource: Uri | undefined,
209213
token: CancellationToken,
210214
): Promise<LanguageModelToolResult> {
215+
if (!workspace.isTrusted) {
216+
throw new Error('Cannot use this tool in an untrusted workspace.');
217+
}
211218
const envPath = api.getActiveEnvironmentPath(resource);
212219
environment = environment || (await raceCancellationError(api.resolveEnvironment(envPath), token));
213220
if (!environment || !environment.version) {

0 commit comments

Comments
 (0)