Configurable Command Plugin Permissions (#1297)

* Configurable Command Plugin Permissions

Packages can define their own plugins either directly or through their
dependencies. These plugins define commands, and the extension exposes a
list of these when you use `> Swift: Run Command Plugin`.

If a command requires special permissions to write to disk or use the
network the user is prompted in the integrated terminal to type "yes".
This can be bypassed by passing a permission flag to the command such as
`--allow-writing-to-package-directory`. The extension does supply
permission flags for a small list of well known package plugins, however
if the user creates their own or uses one not on this list they must
enter "yes" every time they run the command plugin.

This patch introduces a new setting that can be specified globally or on
a per workspace folder basis that allows users to configure which
permission flags should be used when running the command.

The setting is defined under `swift.pluginPermissions`, and is specified
as an object in the following form:

```json
{
	"PluginName:intent-name": {
		"allowWritingToPackageDirectory": true,
		"allowWritingToDirectory: "/some/path",
		"allowNetworkConnections: "all",
		"disableSandbox": true,
	}
}
```

- The top level string key is the command id in the form
  `command_name:intent_name`. For instance, swift-format's
  format-source-code command would be specified as
  `swift-format:format-source-code`
- Each permission in the permissions lookup is optional.
- `allowWritingToDirectory` can also be specified as an array of paths.
- The valid values for `allowNetworkConnections` can be found here:
  https://github.com/swiftlang/swift-package-manager/blob/0401a2ae55077cfd1f4c0acd43ae0a1a56ab21ef/Sources/Commands/PackageCommands/PluginCommand.swift#L62

Issue: #1277

Author: plemarquand

Diff for: docs/settings.md

@@ -4,6 +4,45 @@ The Visual Studio Code Swift extension comes with a number of settings you can u
 
 This document outlines useful configuration options not covered by the settings descriptions in the extension settings page.
 
+## Command Plugins
+
+Swift packages can define [command plugins](https://github.com/swiftlang/swift-package-manager/blob/main/Documentation/Plugins.md) that can perform arbitrary tasks. For example, the [swift-format](https://github.com/swiftlang/swift-format) package exposes a `format-source-code` command which will use swift-format to format source code in a folder. These plugin commands can be invoked from VS Code using `> Swift: Run Command Plugin`. 
+
+A plugin may require permissions to perform tasks like writing to the file system or using the network. If a plugin command requires one of these permissions, you will be prompted in the integrated terminal to accept them. If you trust the command and wish to apply permissions on every command execution, you can configure a setting in your `settings.json`.
+
+```json
+{
+  "swift.pluginPermissions": {
+    "PluginName:command": {
+      "allowWritingToPackageDirectory": true,
+      "allowWritingToDirectory": "/some/path/",
+      "allowNetworkConnections": "all",
+      "disableSandbox": true
+    }
+  }
+}
+```
+
+A key of `PluginName:command` will set permissions for a specific command. A key of `PluginName` will set permissions for all commands in the plugin.
+
+Alternatively, you can define a task in your tasks.json and define permissions directly on the task. This will create a new entry in the list shown by `> Swift: Run Command Plugin`.
+
+```json
+{
+  "type": "swift-plugin",
+  "command": "command_plugin",
+  "args": ["--foo"],
+  "cwd": "command-plugin",
+  "problemMatcher": ["$swiftc"],
+  "label": "swift: command-plugin from tasks.json",
+
+  "allowWritingToPackageDirectory": true,
+  "allowWritingToDirectory": "/some/path/",
+  "allowNetworkConnections": "all",
+  "disableSandbox": true
+}
+```
+
 ## SourceKit-LSP
 
 [SourceKit-LSP](https://github.com/apple/sourcekit-lsp) is the language server used by the the Swift extension to provide symbol completion, jump to definition etc. It is developed by Apple to provide Swift and C language support for any editor that supports the Language Server Protocol.

Diff for: package.json

@@ -394,6 +394,46 @@
             "type": "boolean",
             "default": true,
             "markdownDescription": "Controls whether or not the extension will contribute environment variables defined in `Swift: Environment Variables` to the integrated terminal. If this is set to `true` and a custom `Swift: Path` is also set then the swift path is appended to the terminal's `PATH`."
+          },
+          "swift.pluginPermissions": {
+            "type": "object",
+            "default": {},
+            "markdownDescription": "Configures a list of permissions to be used when running a command plugins.\n\nPermissions objects are defined in the form:\n\n`{ \"PluginName:command\": { \"allowWritingToPackageDirectory\": true } }`.\n\nA key of `PluginName:command` will set permissions for a specific command. A key of `PluginName` will set permissions for all commands in the plugin.",
+            "scope": "machine-overridable",
+            "patternProperties": {
+              "^([a-zA-Z0-9_-]+(:[a-zA-Z0-9_-]+)?)$": {
+                "type": "object",
+                "properties": {
+                  "disableSandbox": {
+                    "type": "boolean",
+                    "description": "Disable using the sandbox when executing plugins"
+                  },
+                  "allowWritingToPackageDirectory": {
+                    "type": "boolean",
+                    "description": "Allow the plugin to write to the package directory"
+                  },
+                  "allowWritingToDirectory": {
+                    "oneOf": [
+                      {
+                        "type": "string",
+                        "description": "Allow the plugin to write to an additional directory"
+                      },
+                      {
+                        "type": "array",
+                        "items": {
+                          "type": "string"
+                        },
+                        "description": "Allow the plugin to write to additional directories"
+                      }
+                    ]
+                  },
+                  "allowNetworkConnections": {
+                    "type": "string",
+                    "description": "Allow the plugin to make network connections"
+                  }
+                }
+              }
+            }
           }
         }
       },

Diff for: src/configuration.ts

@@ -65,6 +65,23 @@ export interface FolderConfiguration {
     readonly autoGenerateLaunchConfigurations: boolean;
     /** disable automatic running of swift package resolve */
     readonly disableAutoResolve: boolean;
+    /** look up saved permissions for the supplied plugin */
+    pluginPermissions(pluginId: string): PluginPermissionConfiguration;
+}
+
+export interface PluginPermissionConfiguration {
+    /** Disable using the sandbox when executing plugins */
+    disableSandbox?: boolean;
+    /** Allow the plugin to write to the package directory */
+    allowWritingToPackageDirectory?: boolean;
+    /** Allow the plugin to write to an additional directory or directories  */
+    allowWritingToDirectory?: string | string[];
+    /**
+     * Allow the plugin to make network connections
+     * For a list of valid options see:
+     * https://github.com/swiftlang/swift-package-manager/blob/0401a2ae55077cfd1f4c0acd43ae0a1a56ab21ef/Sources/Commands/PackageCommands/PluginCommand.swift#L62
+     */
+    allowNetworkConnections?: string;
 }
 
 /**
@@ -145,6 +162,13 @@ const configuration = {
                     .getConfiguration("swift", workspaceFolder)
                     .get<boolean>("searchSubfoldersForPackages", false);
             },
+            pluginPermissions(pluginId: string): PluginPermissionConfiguration {
+                return (
+                    vscode.workspace.getConfiguration("swift", workspaceFolder).get<{
+                        [key: string]: PluginPermissionConfiguration;
+                    }>("pluginPermissions", {})[pluginId] ?? {}
+                );
+            },
         };
     },
 

Diff for: src/tasks/SwiftPluginTaskProvider.ts

@@ -16,10 +16,10 @@ import * as vscode from "vscode";
 import * as path from "path";
 import { WorkspaceContext } from "../WorkspaceContext";
 import { PackagePlugin } from "../SwiftPackage";
-import configuration from "../configuration";
 import { swiftRuntimeEnv } from "../utilities/utilities";
 import { SwiftExecution } from "../tasks/SwiftExecution";
 import { resolveTaskCwd } from "../utilities/tasks";
+import configuration, { PluginPermissionConfiguration } from "../configuration";
 import { SwiftTask } from "./SwiftTaskProvider";
 
 // Interface class for defining task configuration
@@ -76,14 +76,9 @@ export class SwiftPluginTaskProvider implements vscode.TaskProvider {
         // We need to create a new Task object here.
         // Reusing the task parameter doesn't seem to work.
         const swift = this.workspaceContext.toolchain.getToolchainExecutable("swift");
-        const sandboxArg = task.definition.disableSandbox ? ["--disable-sandbox"] : [];
-        const writingToPackageArg = task.definition.allowWritingToPackageDirectory
-            ? ["--allow-writing-to-package-directory"]
-            : [];
         let swiftArgs = [
             "package",
-            ...sandboxArg,
-            ...writingToPackageArg,
+            ...this.pluginArguments(task.definition as PluginPermissionConfiguration),
             task.definition.command,
             ...task.definition.args,
         ];
@@ -121,15 +116,9 @@ export class SwiftPluginTaskProvider implements vscode.TaskProvider {
         const relativeCwd = path.relative(config.scope.uri.fsPath, config.cwd.fsPath);
         const taskDefinitionCwd = relativeCwd !== "" ? relativeCwd : undefined;
         const definition = this.getTaskDefinition(plugin, taskDefinitionCwd);
-        // Add arguments based on definition
-        const sandboxArg = definition.disableSandbox ? ["--disable-sandbox"] : [];
-        const writingToPackageArg = definition.allowWritingToPackageDirectory
-            ? ["--allow-writing-to-package-directory"]
-            : [];
         let swiftArgs = [
             "package",
-            ...sandboxArg,
-            ...writingToPackageArg,
+            ...this.pluginArgumentsFromConfiguration(config.scope, definition, plugin),
             plugin.command,
             ...definition.args,
         ];
@@ -196,9 +185,79 @@ export class SwiftPluginTaskProvider implements vscode.TaskProvider {
                 definition.allowWritingToPackageDirectory = true;
                 break;
 
+            case "swift-format, format-source-code":
+                definition.allowWritingToPackageDirectory = true;
+                break;
+
             default:
                 break;
         }
         return definition;
     }
+
+    /**
+     * Generates a list of permission related plugin arguments from two potential sources,
+     * the hardcoded list of permissions defined on a per-plugin basis in getTaskDefinition
+     * and the user-configured permissions in the workspace settings. User-configured permissions
+     * are keyed by either plugin command name (package), or in the form `name:command`.
+     * User-configured permissions take precedence over the hardcoded permissions, and the more
+     * specific form of `name:command` takes precedence over the more general form of `name`.
+     * @param folderContext The folder context to search for the `swift.pluginPermissions` key.
+     * @param taskDefinition The task definition to search for the `disableSandbox` and `allowWritingToPackageDirectory` keys.
+     * @param plugin The plugin to generate arguments for.
+     * @returns A list of permission related arguments to pass when invoking the plugin.
+     */
+    private pluginArgumentsFromConfiguration(
+        folderContext: vscode.WorkspaceFolder,
+        taskDefinition: vscode.TaskDefinition,
+        plugin: PackagePlugin
+    ): string[] {
+        const config = configuration.folder(folderContext);
+        const packageConfig = config.pluginPermissions(plugin.package);
+        const commandConfig = config.pluginPermissions(`${plugin.package}:${plugin.command}`);
+
+        const taskDefinitionConfiguration: PluginPermissionConfiguration = {};
+        if (taskDefinition.disableSandbox) {
+            taskDefinitionConfiguration.disableSandbox = true;
+        }
+        if (taskDefinition.allowWritingToPackageDirectory) {
+            taskDefinitionConfiguration.allowWritingToPackageDirectory = true;
+        }
+        if (taskDefinition.allowWritingToDirectory) {
+            taskDefinitionConfiguration.allowWritingToDirectory =
+                taskDefinition.allowWritingToDirectory;
+        }
+        if (taskDefinition.allowNetworkConnections) {
+            taskDefinitionConfiguration.allowNetworkConnections =
+                taskDefinition.allowNetworkConnections;
+        }
+
+        return this.pluginArguments({
+            ...packageConfig,
+            ...commandConfig,
+            ...taskDefinitionConfiguration,
+        });
+    }
+
+    private pluginArguments(config: PluginPermissionConfiguration): string[] {
+        const args = [];
+        if (config.disableSandbox) {
+            args.push("--disable-sandbox");
+        }
+        if (config.allowWritingToPackageDirectory) {
+            args.push("--allow-writing-to-package-directory");
+        }
+        if (config.allowWritingToDirectory) {
+            if (Array.isArray(config.allowWritingToDirectory)) {
+                args.push("--allow-writing-to-directory", ...config.allowWritingToDirectory);
+            } else {
+                args.push("--allow-writing-to-directory");
+            }
+        }
+        if (config.allowNetworkConnections) {
+            args.push("--allow-network-connections");
+            args.push(config.allowNetworkConnections);
+        }
+        return args;
+    }
 }