Look into user-friendlier ways to allow users to opt into using phan for trusted folders #95
Description
(and by default, only start language servers corresponding to files/folders that are open)
I'd been discussing how this could be done in a user-friendly and safe way with the reporter of CVE-2021-31416
For current vscode versions:
I looked into how https://github.com/microsoft/vscode-maven/pull/526/files handled it since the Memento API is backed by a sqlite database in a global configuration database (in a user's home directory?), which is reasonable.
- The first time phan opens a folder and finds a .phan/config.php, prompt the user if they want to trust the extension before executing anything (e.g. checking the php version, etc)
For future vscode versions
There's a feature being previewed right now.
microsoft/vscode#106488 is something along the lines of what I wanted to use for Phan, but it wasn't available when I first published this extension (with respect to phan configs and phan plugins being/invoking executable code by design, etc)
The trusted workspaces concept is intended to centralize and unify a security conscious decision required by a variety of VS Code features. The easiest existing example to understand of this decision is with the ESLint extension. The ESLint extension will try to use the eslint module in the current folder that is opened in VS Code and execute code from it. Since you may have checked out a random repository from the web, this could be dangerous if the repository contains a corrupt eslint module. Notice that ESLint is not trying to be malicious, but rather, the repository/corrupt module is taking advantage of this automatic code execution.
Related to #83