feat: support takedown of extensions via updates.phcode.io/extension_takedown.json

Author: abose

docs/API-Reference/utils/NodeUtils.md

@@ -150,3 +150,26 @@ This validates that the system-wide license file exists, contains valid JSON, an
 
 **Kind**: global function  
 **Returns**: <code>Promise.&lt;boolean&gt;</code> - - Resolves with `true` if the device is licensed, `false` otherwise.  
+<a name="getOSUserName"></a>
+
+## getOSUserName() ⇒ <code>Promise.&lt;string&gt;</code>
+Retrieves the operating system username of the current user.
+This method is only available in native apps.
+
+**Kind**: global function  
+**Returns**: <code>Promise.&lt;string&gt;</code> - A promise that resolves to the OS username of the current user.  
+**Throws**:
+
+- <code>Error</code> Throws an error if called in a browser environment.
+
+<a name="getSystemSettingsDir"></a>
+
+## getSystemSettingsDir() ⇒ <code>Promise.&lt;string&gt;</code>
+Retrieves the directory path for system settings. This method is applicable to native apps only.
+
+**Kind**: global function  
+**Returns**: <code>Promise.&lt;string&gt;</code> - A promise that resolves to the path of the system settings directory.  
+**Throws**:
+
+- <code>Error</code> If the method is called in browser app.
+

src/config.json

@@ -29,6 +29,7 @@
         "extension_store_url": "https://store.core.ai/src/",
         "app_notification_url": "assets/notifications/dev/",
         "app_update_url": "https://updates.phcode.io/tauri/update-latest-experimental-build.json",
+        "extensionTakedownURL": "https://updates.phcode.io/extension_takedown.json",
         "linting.enabled_by_default": true,
         "build_timestamp": "",
         "googleAnalyticsID": "G-P4HJFPDB76",

src/extensibility/ExtensionManager.js

@@ -1006,6 +1006,7 @@ define(function (require, exports, module) {
     exports.updateExtensions        = updateExtensions;
     exports.getAvailableUpdates     = getAvailableUpdates;
     exports.cleanAvailableUpdates   = cleanAvailableUpdates;
+    exports.isExtensionTakenDown    = ExtensionLoader.isExtensionTakenDown;
 
     exports.ENABLED       = ENABLED;
     exports.DISABLED      = DISABLED;

src/extensibility/ExtensionManagerView.js

@@ -45,7 +45,6 @@ define(function (require, exports, module) {
         PreferencesManager        = require("preferences/PreferencesManager"),
         DefaultExtensions         = JSON.parse(require("text!extensions/default/DefaultExtensions.json")),
         warnExtensionIDs          = new Set(DefaultExtensions.warnExtensionStoreExtensions.extensionIDs),
-        dontLoadExtensionIDs      = new Set(DefaultExtensions.dontLoadExtensions.extensionIDs),
         Metrics                   = require("utils/Metrics");
 
 
@@ -365,7 +364,7 @@ define(function (require, exports, module) {
             (entry.installInfo.metadata.name === ThemeManager.getCurrentTheme().name);
 
         context.defaultFeature = warnExtensionIDs.has(info.metadata.name);
-        context.isDeprecatedExtension = dontLoadExtensionIDs.has(info.metadata.name);
+        context.isDeprecatedExtension = ExtensionManager.isExtensionTakenDown(info.metadata.name);
 
         context.allowInstall = context.isCompatible && !context.isInstalled;
 

src/extensibility/ExtensionManagerViewModel.js

@@ -30,9 +30,7 @@ define(function (require, exports, module) {
         registry_utils        = require("extensibility/registry_utils"),
         EventDispatcher        = require("utils/EventDispatcher"),
         Strings                = require("strings"),
-        PreferencesManager     = require("preferences/PreferencesManager"),
-        DefaultExtensions      = JSON.parse(require("text!extensions/default/DefaultExtensions.json")),
-        dontLoadExtensionIDs   = new Set(DefaultExtensions.dontLoadExtensions.extensionIDs);
+        PreferencesManager     = require("preferences/PreferencesManager");
 
     /**
      * @private
@@ -310,7 +308,7 @@ define(function (require, exports, module) {
 
             })
             .filter(function (entry) {
-                return !dontLoadExtensionIDs.has(entry.registryInfo.metadata.name);
+                return !ExtensionManager.isExtensionTakenDown(entry.registryInfo.metadata.name);
             })
             .map(function (entry) {
                 return entry.registryInfo.metadata.name;
@@ -562,7 +560,7 @@ define(function (require, exports, module) {
                     self.extensions[key].installInfo.locationType === ExtensionManager.LOCATION_DEFAULT;
             })
             .filter(function (key) {
-                return !dontLoadExtensionIDs.has(key);
+                return !ExtensionManager.isExtensionTakenDown(key);
             });
         this._sortFullSet();
         this._setInitialFilter();

src/extensions/default/DefaultExtensions.json

@@ -38,7 +38,6 @@
    ]
  },
   "dontLoadExtensions": {
-    "note": "Use this only for first party extensions. we should always allow third party extension loading.",
-    "extensionIDs": []
+    "note": "To take down any compromised extensions, see `extensionTakedownURL` in repo"
   }
 }

src/nls/root/strings.js

@@ -809,7 +809,7 @@ define({
     "EXTENSION_INCOMPATIBLE_NEWER": "This extension requires a newer version of {APP_NAME}.",
     "EXTENSION_INCOMPATIBLE_OLDER": "This extension currently only works with older versions of {APP_NAME}.",
     "EXTENSION_DEFAULT_FEATURE_PRESENT": "You may not need this extension. {APP_NAME} already has this feature.",
-    "EXTENSION_DEPRECATED_NOT_LOADED": "Extension is deprecated and not loaded.",
+    "EXTENSION_DEPRECATED_NOT_LOADED": "Extension not loaded. It is either deprecated or insecure.",
     "EXTENSION_LATEST_INCOMPATIBLE_NEWER": "Version {0} of this extension requires a newer version of {APP_NAME}. But you can install the earlier version {1}.",
     "EXTENSION_LATEST_INCOMPATIBLE_OLDER": "Version {0} of this extension only works with older versions of {APP_NAME}. But you can install the earlier version {1}.",
     "EXTENSION_NO_DESCRIPTION": "No description",

src/utils/ExtensionLoader.js

@@ -56,8 +56,97 @@ define(function (require, exports, module) {
         PathUtils      = require("thirdparty/path-utils/path-utils"),
         DefaultExtensions = JSON.parse(require("text!extensions/default/DefaultExtensions.json"));
 
+    // takedown/dont load extensions that are compromised at app start - start
+    const EXTENSION_TAKEDOWN_LOCALSTORAGE_KEY = "PH_EXTENSION_TAKEDOWN_LIST";
+
+    function _getTakedownListLS() {
+        try{
+            let list = localStorage.getItem(EXTENSION_TAKEDOWN_LOCALSTORAGE_KEY);
+            if(list) {
+                list = JSON.parse(list);
+                if (Array.isArray(list)) {
+                    return list;
+                }
+            }
+        } catch (e) {
+            console.error(e);
+        }
+        return [];
+    }
+
+    const loadedExtensionIDs = new Set();
+    let takedownExtensionList = new Set(_getTakedownListLS());
+
+    const EXTENSION_TAKEDOWN_URL = brackets.config.extensionTakedownURL;
+
+    function _anyTakenDownExtensionLoaded() {
+        if (takedownExtensionList.size === 0 || loadedExtensionIDs.size === 0) {
+            return [];
+        }
+        let smaller;
+        let larger;
+
+        if (takedownExtensionList.size < loadedExtensionIDs.size) {
+            smaller = takedownExtensionList;
+            larger = loadedExtensionIDs;
+        } else {
+            smaller = loadedExtensionIDs;
+            larger = takedownExtensionList;
+        }
+
+        const matches = [];
+
+        for (const id of smaller) {
+            if (larger.has(id)) {
+                matches.push(id);
+            }
+        }
+
+        return matches;
+    }
+
+    function fetchWithTimeout(url, ms) {
+        const c = new AbortController();
+        const t = setTimeout(() => c.abort(), ms);
+        return fetch(url, { signal: c.signal }).finally(() => clearTimeout(t));
+    }
+
+    // we dont want a restart after user does too much in the app causing data loss. So we wont reload after 20 seconds.
+    fetchWithTimeout(EXTENSION_TAKEDOWN_URL, 20000)
+        .then(response => {
+            if (!response.ok) {
+                throw new Error(`HTTP ${response.status} - ${response.statusText}`);
+            }
+            return response.json();
+        })
+        .then(data => {
+            console.log('Extension takedown data:', data);
+            if (!Array.isArray(data) || !data.every(x => typeof x === "string")) {
+                console.error("Takedown list must be an array of strings.");
+                return;
+            }
+            const dataToWrite = JSON.stringify(data);
+            localStorage.setItem(EXTENSION_TAKEDOWN_LOCALSTORAGE_KEY, dataToWrite);
+            takedownExtensionList = new Set(data);
+            const compromisedExtensionsLoaded = _anyTakenDownExtensionLoaded();
+            if(!compromisedExtensionsLoaded.length){
+                return;
+            }
+            // if we are here, we have already loaded some compromised extensions. we need to reload app as soon as
+            // possible. no await after this. all sync js calls to prevent extension from tampering with this list.
+            const writtenData = localStorage.getItem(EXTENSION_TAKEDOWN_LOCALSTORAGE_KEY);
+            if(writtenData !== dataToWrite) {
+                // the write did not succeded. local storage write can fail if storage full, if so we may cause infinite
+                // reloads here if we dont do the check.
+                console.error("Failed to write taken down extension to localstorage");
+                return;
+            }
+            location.reload();
+        })
+        .catch(console.error);
+    // takedown/dont load extensions that are compromised at app start - end
+
     const desktopOnlyExtensions = DefaultExtensions.desktopOnly;
-    const dontLoadExtensionIDs = new Set(DefaultExtensions.dontLoadExtensions.extensionIDs);
     const DefaultExtensionsList = Phoenix.isNativeApp ?
         [...DefaultExtensions.defaultExtensionsList, ...desktopOnlyExtensions]:
         DefaultExtensions.defaultExtensionsList;
@@ -417,15 +506,20 @@ define(function (require, exports, module) {
 
         return promise
             .then(function (metadata) {
+                if (isExtensionTakenDown(metadata.name)) {
+                    logger.leaveTrail("skip load taken down extension: " + metadata.name);
+                    console.warn("skip load taken down extension: " + metadata.name);
+                    return new $.Deferred().reject("disabled").promise();
+                }
+
+                if(metadata.name) {
+                    loadedExtensionIDs.add(metadata.name);
+                }
+
                 // No special handling for themes... Let the promise propagate into the ExtensionManager
                 if (metadata && metadata.theme) {
                     return;
                 }
-                if (dontLoadExtensionIDs.has(metadata.name)) {
-                    logger.leaveTrail("skipping extension in dontLoadExtensions list: " + metadata.name);
-                    console.warn("skipping extension in dontLoadExtensions list: " + metadata.name);
-                    return new $.Deferred().reject("disabled").promise();
-                }
 
                 if (!metadata.disabled) {
                     return loadExtensionModule(name, config, entryPoint, metadata);
@@ -929,6 +1023,15 @@ define(function (require, exports, module) {
         return promise;
     }
 
+    function isExtensionTakenDown(extensionID) {
+        if(!extensionID){
+            // extensions without id can happen with local development. these are never distributed in store.
+            // so safe to return false here.
+            return false;
+        }
+        return takedownExtensionList.has(extensionID);
+    }
+
 
     EventDispatcher.makeEventDispatcher(exports);
 
@@ -952,6 +1055,7 @@ define(function (require, exports, module) {
     exports.testExtension = testExtension;
     exports.loadAllExtensionsInNativeDirectory = loadAllExtensionsInNativeDirectory;
     exports.loadExtensionFromNativeDirectory = loadExtensionFromNativeDirectory;
+    exports.isExtensionTakenDown = isExtensionTakenDown;
     exports.testAllExtensionsInNativeDirectory = testAllExtensionsInNativeDirectory;
     exports.testAllDefaultExtensions = testAllDefaultExtensions;
     exports.EVENT_EXTENSION_LOADED = EVENT_EXTENSION_LOADED;