code-server/lib/vscode/extensions/extension-editing/src/extensionLinter.ts

369 lines
14 KiB
TypeScript

/*---------------------------------------------------------------------------------------------
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License. See License.txt in the project root for license information.
*--------------------------------------------------------------------------------------------*/
import * as path from 'path';
import * as fs from 'fs';
import { URL } from 'url';
import * as nls from 'vscode-nls';
const localize = nls.loadMessageBundle();
import { parseTree, findNodeAtLocation, Node as JsonNode } from 'jsonc-parser';
import * as MarkdownItType from 'markdown-it';
import { languages, workspace, Disposable, TextDocument, Uri, Diagnostic, Range, DiagnosticSeverity, Position, env } from 'vscode';
const product = JSON.parse(fs.readFileSync(path.join(env.appRoot, 'product.json'), { encoding: 'utf-8' }));
const allowedBadgeProviders: string[] = (product.extensionAllowedBadgeProviders || []).map((s: string) => s.toLowerCase());
const allowedBadgeProvidersRegex: RegExp[] = (product.extensionAllowedBadgeProvidersRegex || []).map((r: string) => new RegExp(r));
function isTrustedSVGSource(uri: Uri): boolean {
return allowedBadgeProviders.includes(uri.authority.toLowerCase()) || allowedBadgeProvidersRegex.some(r => r.test(uri.toString()));
}
const httpsRequired = localize('httpsRequired', "Images must use the HTTPS protocol.");
const svgsNotValid = localize('svgsNotValid', "SVGs are not a valid image source.");
const embeddedSvgsNotValid = localize('embeddedSvgsNotValid', "Embedded SVGs are not a valid image source.");
const dataUrlsNotValid = localize('dataUrlsNotValid', "Data URLs are not a valid image source.");
const relativeUrlRequiresHttpsRepository = localize('relativeUrlRequiresHttpsRepository', "Relative image URLs require a repository with HTTPS protocol to be specified in the package.json.");
const relativeIconUrlRequiresHttpsRepository = localize('relativeIconUrlRequiresHttpsRepository', "An icon requires a repository with HTTPS protocol to be specified in this package.json.");
const relativeBadgeUrlRequiresHttpsRepository = localize('relativeBadgeUrlRequiresHttpsRepository', "Relative badge URLs require a repository with HTTPS protocol to be specified in this package.json.");
enum Context {
ICON,
BADGE,
MARKDOWN
}
interface TokenAndPosition {
token: MarkdownItType.Token;
begin: number;
end: number;
}
interface PackageJsonInfo {
isExtension: boolean;
hasHttpsRepository: boolean;
repository: Uri;
}
export class ExtensionLinter {
private diagnosticsCollection = languages.createDiagnosticCollection('extension-editing');
private fileWatcher = workspace.createFileSystemWatcher('**/package.json');
private disposables: Disposable[] = [this.diagnosticsCollection, this.fileWatcher];
private folderToPackageJsonInfo: Record<string, PackageJsonInfo> = {};
private packageJsonQ = new Set<TextDocument>();
private readmeQ = new Set<TextDocument>();
private timer: NodeJS.Timer | undefined;
private markdownIt: MarkdownItType.MarkdownIt | undefined;
constructor() {
this.disposables.push(
workspace.onDidOpenTextDocument(document => this.queue(document)),
workspace.onDidChangeTextDocument(event => this.queue(event.document)),
workspace.onDidCloseTextDocument(document => this.clear(document)),
this.fileWatcher.onDidChange(uri => this.packageJsonChanged(this.getUriFolder(uri))),
this.fileWatcher.onDidCreate(uri => this.packageJsonChanged(this.getUriFolder(uri))),
this.fileWatcher.onDidDelete(uri => this.packageJsonChanged(this.getUriFolder(uri))),
);
workspace.textDocuments.forEach(document => this.queue(document));
}
private queue(document: TextDocument) {
const p = document.uri.path;
if (document.languageId === 'json' && endsWith(p, '/package.json')) {
this.packageJsonQ.add(document);
this.startTimer();
}
this.queueReadme(document);
}
private queueReadme(document: TextDocument) {
const p = document.uri.path;
if (document.languageId === 'markdown' && (endsWith(p.toLowerCase(), '/readme.md') || endsWith(p.toLowerCase(), '/changelog.md'))) {
this.readmeQ.add(document);
this.startTimer();
}
}
private startTimer() {
if (this.timer) {
clearTimeout(this.timer);
}
this.timer = setTimeout(() => {
this.lint()
.catch(console.error);
}, 300);
}
private async lint() {
this.lintPackageJson();
await this.lintReadme();
}
private lintPackageJson() {
this.packageJsonQ.forEach(document => {
this.packageJsonQ.delete(document);
if (document.isClosed) {
return;
}
const diagnostics: Diagnostic[] = [];
const tree = parseTree(document.getText());
const info = this.readPackageJsonInfo(this.getUriFolder(document.uri), tree);
if (info.isExtension) {
const icon = findNodeAtLocation(tree, ['icon']);
if (icon && icon.type === 'string') {
this.addDiagnostics(diagnostics, document, icon.offset + 1, icon.offset + icon.length - 1, icon.value, Context.ICON, info);
}
const badges = findNodeAtLocation(tree, ['badges']);
if (badges && badges.type === 'array' && badges.children) {
badges.children.map(child => findNodeAtLocation(child, ['url']))
.filter(url => url && url.type === 'string')
.map(url => this.addDiagnostics(diagnostics, document, url!.offset + 1, url!.offset + url!.length - 1, url!.value, Context.BADGE, info));
}
}
this.diagnosticsCollection.set(document.uri, diagnostics);
});
}
private async lintReadme() {
for (const document of Array.from(this.readmeQ)) {
this.readmeQ.delete(document);
if (document.isClosed) {
return;
}
const folder = this.getUriFolder(document.uri);
let info = this.folderToPackageJsonInfo[folder.toString()];
if (!info) {
const tree = await this.loadPackageJson(folder);
info = this.readPackageJsonInfo(folder, tree);
}
if (!info.isExtension) {
this.diagnosticsCollection.set(document.uri, []);
return;
}
const text = document.getText();
if (!this.markdownIt) {
this.markdownIt = new (await import('markdown-it'));
}
const tokens = this.markdownIt.parse(text, {});
const tokensAndPositions: TokenAndPosition[] = (function toTokensAndPositions(this: ExtensionLinter, tokens: MarkdownItType.Token[], begin = 0, end = text.length): TokenAndPosition[] {
const tokensAndPositions = tokens.map<TokenAndPosition>(token => {
if (token.map) {
const tokenBegin = document.offsetAt(new Position(token.map[0], 0));
const tokenEnd = begin = document.offsetAt(new Position(token.map[1], 0));
return {
token,
begin: tokenBegin,
end: tokenEnd
};
}
const image = token.type === 'image' && this.locateToken(text, begin, end, token, token.attrGet('src'));
const other = image || this.locateToken(text, begin, end, token, token.content);
return other || {
token,
begin,
end: begin
};
});
return tokensAndPositions.concat(
...tokensAndPositions.filter(tnp => tnp.token.children && tnp.token.children.length)
.map(tnp => toTokensAndPositions.call(this, tnp.token.children, tnp.begin, tnp.end))
);
}).call(this, tokens);
const diagnostics: Diagnostic[] = [];
tokensAndPositions.filter(tnp => tnp.token.type === 'image' && tnp.token.attrGet('src'))
.map(inp => {
const src = inp.token.attrGet('src')!;
const begin = text.indexOf(src, inp.begin);
if (begin !== -1 && begin < inp.end) {
this.addDiagnostics(diagnostics, document, begin, begin + src.length, src, Context.MARKDOWN, info);
} else {
const content = inp.token.content;
const begin = text.indexOf(content, inp.begin);
if (begin !== -1 && begin < inp.end) {
this.addDiagnostics(diagnostics, document, begin, begin + content.length, src, Context.MARKDOWN, info);
}
}
});
let svgStart: Diagnostic;
for (const tnp of tokensAndPositions) {
if (tnp.token.type === 'text' && tnp.token.content) {
const parse5 = await import('parse5');
const parser = new parse5.SAXParser({ locationInfo: true });
parser.on('startTag', (name, attrs, _selfClosing, location) => {
if (name === 'img') {
const src = attrs.find(a => a.name === 'src');
if (src && src.value && location) {
const begin = text.indexOf(src.value, tnp.begin + location.startOffset);
if (begin !== -1 && begin < tnp.end) {
this.addDiagnostics(diagnostics, document, begin, begin + src.value.length, src.value, Context.MARKDOWN, info);
}
}
} else if (name === 'svg' && location) {
const begin = tnp.begin + location.startOffset;
const end = tnp.begin + location.endOffset;
const range = new Range(document.positionAt(begin), document.positionAt(end));
svgStart = new Diagnostic(range, embeddedSvgsNotValid, DiagnosticSeverity.Warning);
diagnostics.push(svgStart);
}
});
parser.on('endTag', (name, location) => {
if (name === 'svg' && svgStart && location) {
const end = tnp.begin + location.endOffset;
svgStart.range = new Range(svgStart.range.start, document.positionAt(end));
}
});
parser.write(tnp.token.content);
parser.end();
}
}
this.diagnosticsCollection.set(document.uri, diagnostics);
}
}
private locateToken(text: string, begin: number, end: number, token: MarkdownItType.Token, content: string | null) {
if (content) {
const tokenBegin = text.indexOf(content, begin);
if (tokenBegin !== -1) {
const tokenEnd = tokenBegin + content.length;
if (tokenEnd <= end) {
begin = tokenEnd;
return {
token,
begin: tokenBegin,
end: tokenEnd
};
}
}
}
return undefined;
}
private readPackageJsonInfo(folder: Uri, tree: JsonNode | undefined) {
const engine = tree && findNodeAtLocation(tree, ['engines', 'vscode']);
const repo = tree && findNodeAtLocation(tree, ['repository', 'url']);
const uri = repo && parseUri(repo.value);
const info: PackageJsonInfo = {
isExtension: !!(engine && engine.type === 'string'),
hasHttpsRepository: !!(repo && repo.type === 'string' && repo.value && uri && uri.scheme.toLowerCase() === 'https'),
repository: uri!
};
const str = folder.toString();
const oldInfo = this.folderToPackageJsonInfo[str];
if (oldInfo && (oldInfo.isExtension !== info.isExtension || oldInfo.hasHttpsRepository !== info.hasHttpsRepository)) {
this.packageJsonChanged(folder); // clears this.folderToPackageJsonInfo[str]
}
this.folderToPackageJsonInfo[str] = info;
return info;
}
private async loadPackageJson(folder: Uri) {
if (folder.scheme === 'git') { // #36236
return undefined;
}
const file = folder.with({ path: path.posix.join(folder.path, 'package.json') });
try {
const document = await workspace.openTextDocument(file);
return parseTree(document.getText());
} catch (err) {
return undefined;
}
}
private packageJsonChanged(folder: Uri) {
delete this.folderToPackageJsonInfo[folder.toString()];
const str = folder.toString().toLowerCase();
workspace.textDocuments.filter(document => this.getUriFolder(document.uri).toString().toLowerCase() === str)
.forEach(document => this.queueReadme(document));
}
private getUriFolder(uri: Uri) {
return uri.with({ path: path.posix.dirname(uri.path) });
}
private addDiagnostics(diagnostics: Diagnostic[], document: TextDocument, begin: number, end: number, src: string, context: Context, info: PackageJsonInfo) {
const hasScheme = /^\w[\w\d+.-]*:/.test(src);
const uri = parseUri(src, info.repository ? info.repository.toString() : document.uri.toString());
if (!uri) {
return;
}
const scheme = uri.scheme.toLowerCase();
if (hasScheme && scheme !== 'https' && scheme !== 'data') {
const range = new Range(document.positionAt(begin), document.positionAt(end));
diagnostics.push(new Diagnostic(range, httpsRequired, DiagnosticSeverity.Warning));
}
if (hasScheme && scheme === 'data') {
const range = new Range(document.positionAt(begin), document.positionAt(end));
diagnostics.push(new Diagnostic(range, dataUrlsNotValid, DiagnosticSeverity.Warning));
}
if (!hasScheme && !info.hasHttpsRepository) {
const range = new Range(document.positionAt(begin), document.positionAt(end));
let message = (() => {
switch (context) {
case Context.ICON: return relativeIconUrlRequiresHttpsRepository;
case Context.BADGE: return relativeBadgeUrlRequiresHttpsRepository;
default: return relativeUrlRequiresHttpsRepository;
}
})();
diagnostics.push(new Diagnostic(range, message, DiagnosticSeverity.Warning));
}
if (endsWith(uri.path.toLowerCase(), '.svg') && !isTrustedSVGSource(uri)) {
const range = new Range(document.positionAt(begin), document.positionAt(end));
diagnostics.push(new Diagnostic(range, svgsNotValid, DiagnosticSeverity.Warning));
}
}
private clear(document: TextDocument) {
this.diagnosticsCollection.delete(document.uri);
this.packageJsonQ.delete(document);
}
public dispose() {
this.disposables.forEach(d => d.dispose());
this.disposables = [];
}
}
function endsWith(haystack: string, needle: string): boolean {
let diff = haystack.length - needle.length;
if (diff > 0) {
return haystack.indexOf(needle, diff) === diff;
} else if (diff === 0) {
return haystack === needle;
} else {
return false;
}
}
function parseUri(src: string, base?: string, retry: boolean = true): Uri | null {
try {
let url = new URL(src, base);
return Uri.parse(url.toString());
} catch (err) {
if (retry) {
return parseUri(encodeURI(src), base, false);
} else {
return null;
}
}
}