microsoft
/
azuredatastudio
зеркало из https://github.com/microsoft/azuredatastudio.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
azuredatastudio/SECURITY.md

42 строки
2.7 KiB
Markdown
Исходник Обычный вид История

Merge from vscode a348d103d1256a06a2c9b3f9b406298a9fef6898 (#15681) * Merge from vscode a348d103d1256a06a2c9b3f9b406298a9fef6898 * Fixes and cleanup * Distro * Fix hygiene yarn * delete no yarn lock changes file * Fix hygiene * Fix layer check * Fix CI * Skip lib checks * Remove tests deleted in vs code * Fix tests * Distro * Fix tests and add removed extension point * Skip failing notebook tests for now * Disable broken tests and cleanup build folder * Update yarn.lock and fix smoke tests * Bump sqlite * fix contributed actions and file spacing * Fix user data path * Update yarn.locks Co-authored-by: ADS Merger <karlb@microsoft.com>
2021-06-17 18:17:11 +03:00
<!-- BEGIN MICROSOFT SECURITY.MD V0.0.5 BLOCK -->
## Security
Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)), please report it to us as described below.
## Reporting Security Issues
**Please do not report security vulnerabilities through public GitHub issues.**
Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report).
If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc).
You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc).
Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
Merge VS Code version 1.82 into Azure Data Studio (#24684) * Recommend release on Stable, pre-release otherwise (#191477) * fix bug * add periods * Add cleaning and logging for extension error data (#191331) Add cleaning and logging for error data * Update `EnvironmentVariableScope` * Update src/vscode-dts/vscode.d.ts Co-authored-by: Raymond Zhao <7199958+rzhao271@users.noreply.github.com> * Misc UX polishes of Quick Chat (#191483) * rounded bottom * max height of sash * fix #191490 * Adds diffEditor.hideUnchangedRegions settings. Fixes #190886, fixes #190887 * Sort slash commands by `yieldTo` (#191112) * fix #189776 * add accessibility tag * Apply suggestions from code review * Light version is always used for `iconPath` (#191127) * Light version is always used for `iconPath` Fixes #188830 * Use ThemeService instead * Uses version2 of diff editor by default. * Context menu for Quick Search appearing in search view (#191509) Fixes #191485 * Disable image support by default This was the cause of the black rectangle when using the DOM renderer and it appears it can also have that issue with the other renderers. Fixes #191426 * cli: fix decompression loop stalling (#191512) Fixes #191501 It turns out this was a difference in inflate/deflate implementations between the extension/SDK and the CLI. The SDK uses Node's zlib bindings, while by default Rust's flate2 library uses a rust port of [miniz][1]. The 'logic' in the CLI was good, but miniz does not appear to flush decompressed data as nicely on SYNC'd boundaries as zlib does, which caused data to 'stall'. Telling the flate2 crate to use the native bindings fixed this. This could also be the cause of the flakiness occasionally seen on idle tunnel connections! [1]: https://github.com/richgel999/miniz * Update workspace trust dialog for ai generated workspaces (#191474) * Update workspace trust options for ai generated workspaces * Make this.productService.aiGeneratedWorkspaceTrust optional * add go to symbol placeholder for accessible view * change none description * add requestFocus * fix #188329 * [css/json/html] update dependencies (#191522) * Add unit testing for nb sticky scroll (#191524) * static computeContent for sticky testing * nb sticky refactor for testing * move helper fxns to test suite * Fix trustOption string content (#191525) * React to window resize and remove hardcoded maxHeight in Quick Chat (#191531) more Quick Chat polish * Have sash take over layouting of Quick Chat until reset (double click) (#191533) The new behavior is that when you use the sash to change the height, then you are locked into that. It's not until you double click, or clear the chat that it returns to the original behavior of being open for just the last question. * Remove toolbar button to @-mention a response (#191534) * behavior fixes, align more closely with editor * behavior fixes for nb sticky scroll + css fix * server-web: implement secret storage provider (#191538) Works quite similarly to vscode.dev. The client has a key stored in secret storage. The server has a key stored server-side, and issues an http-only cookie to the client. The client can ask the server to combine its key and the http-only cookie key to a key component, which it combines with its local key to encrypt and decrypt data. This logic kicks in if the web server bits see a `vscode-secret-key-path` cookie set when it loads. * A few tests for Related Information (#191547) * Turn on Command Center by default (#191550) * Turn on Command Center by default Fixes https://github.com/microsoft/vscode/issues/191549 * remove tag * Add GNU style link 'r-c.ce', 'r.c-re.ce' See https://www.gnu.org/prep/standards/html_node/Errors.html sourcefile:line1.column1-line2.column2: message sourcefile:line1.column1-column2: message sourcefile:line1-line2: message Fixes #190350 * fix #191374 * chore: update distro (#191633) * quick search - file highlight decoration isn't showing up on search (#191544) Fixes #191539 * Dim settings and keybindings editors Fixes #191612 Fixes #191611 * add onDidRunText * Dim breadcrumbs Fixes #191608 * revert some changes * Prefer .editor-group-container over .editor-instance * Dim editor placeholder Fixes #191614 * Dim welcome editor Fixes #191613 * Dim unfocused setting feedback Fixes #191618 * tunnels: fix forwarding attempts wrong path to tunnel binary on linux (#191657) Fixes #191621 * Amend * Notification and notification buttons lack border radius (fix #191532) (#191557) * add screencastMode.keyboardOptions.showKeybindings (#191686) fixes #179541 * Fix dim unfocused settings link Fixes #191643 * Use correct check for just focusing (#191696) fixes https://github.com/microsoft/vscode-internalbacklog/issues/4580 * Action widget fuzzyMatch fix (#191687) fixes fuzzy matching confusion - makes sure only finds exact matching * serve-web: delete socket file on server shutdown (#191692) Fixes #191691 * fix #191591 * fix #191672 * fix #191684 * fix #191722 * Skip Nb Sticky Scroll testing on web platform. (#191716) * test change * skip notebook sticky scroll testing on web * Clicking into notebook markdown search result clears result (#191731) Fixes #191666 * Don't allow taking action on codeblocks in filtered responses (#191732) Fix microsoft/vscode-copilot#1148 * add custom hover for quick open (#191416) * add custom hover for quick open * 💄 * 💄 * adjust delayer create logic * Only decorate complete @ variables (#191733) * chore: update electron@25.7.0 (#191282) * chore: update electron@25.7.0 * chore: update internal build id * chore: bump distro * fix #191734 (#191756) * fix #191022 (#191760) * Fixes #191664 * Configure Tunnel Name leads to empty settings page for WSL (#191761) * Fixes #191637 * Fixes #191600 * listWidget: remove redundant logic (#191054) * Fixes #191603 * changing the setting text * voice - fix issues around stopping transcription (#191774) * Fix another `var()` fallback case (#191721) One more case of #190968 * allow workspace edit to "create" untitled files (#191779) https://github.com/microsoft/vscode-copilot/issues/1261 * voice - fix bad controller when using toolbar actions (#191780) * Git - update Explorer welcome view context key (#191788) * Fixes #191323 * Revert "fix #190228 (#191207)" (#191789) This reverts commit cafcb59c16b5fcb2ae2db76cea0ba2596df8b7db. * Workaround slow update webgl issue on Windows Fixes #190195 * cli: verify vscode server integrity before committing to cache (#191792) Fixes #191469 * voice - replace codicon when hovering over stop button (#191777) * cli: recycle all tunnels the cli creates for all scenarios (#191800) Fixes #191749 * voice - make stop icon more explicit * set default focusAfterRun to none * voice - add a new action to stop and accept voice input (#191802) * Disable renderer unit test on Windows * changed command title and name * Update distro Fixes #191605 * make sure codeEditor is set when bulk editing via diff editor (#191810) re https://github.com/microsoft/vscode/issues/188385 * Remove windows check * Disable test * forwarding: fix formatting issues in the log (#191814) Fixes #191759 * Fix import * fix #188329 * cli: polish serve-web help (#191817) Fixes #191601 * Fix error in zsh si script Fixes #188875 * Update src/vs/workbench/contrib/terminal/browser/terminalInstance.ts Co-authored-by: Daniel Imms <2193314+Tyriar@users.noreply.github.com> * on blur, hide * debug: bump js-debug to 1.82 (#191827) * allow more output mime types to be copied * Fix file tree not being transferred to panel chat (#191826) * Fix rendering when chat is hidden (#191830) Fixes https://github.com/microsoft/vscode/issues/191704 * adjust endgame query (#191806) * Diff Editor: Disables optimistic diff updates. Fixes #190748, Fixes #190232 * Uncomment unused symbols. * Fixes CI * Fix screen reader for comment editor (#191828) * Try forwarding the accessibility support setting to the comment editor * Add isAccessible to comment view Fixes #146994 * Update codicons (#191835) * Fixes #191617 * fix: prevent history show prev/next in composing event (#184014) * look for re-used output id containing the image * normalize option name * cleanup * get `x` off the edge (#191849) Fixes https://github.com/microsoft/vscode/issues/191701 * Partially revert a change that broke dimming in active group Reopens #191608 * Show focus state on editor tabs in hc themes (#191850) * Fix progressive rendering of updated markdown content (#191851) Fix progressive rendering updated markdown content * view descriptor created with containerTitle that is not a string (#191842) * reinstate `github-auth` parameter that was accidentally removed (#191862) Fixes https://github.com/microsoft/vscode/issues/191861 * After 30s re-layout the quick chat (#191853) fixes https://github.com/microsoft/vscode/issues/191627 * wrap handler for resize observer in requestAnimationFrame() (#183325) * wrap handler for resize observer in requestAnimationFrame() (fixes #183324) * React immediately on first notification during an animation frame and only delay the second notification during the same animation frame --------- Co-authored-by: Karel Frederix <kfrederix@selligent.com> Co-authored-by: Alexandru Dima <alexdima@microsoft.com> * voice - start to better understand different chat input contexts (#191884) * voice - start to have context and actions per chat kind * voice - add context to `stop` * voice - add todo for focus issue when starting * window.title setting feedback (fix #191579) (#191885) * some Some grid operations cause the `activeElement` to get lost (fix #189256) (#191886) * Linux: Notifications Accessible View only opens when focusing with mouse (fix #191705) (#191888) * Initialize all services as soon as the first service is needed (#191890) Fixes microsoft/monaco-editor#4120: initialize all services as soon as the first service is needed * Fixes #191892 * fix #186904 * check if mac * Don't throw if view doesn't exist when visibility false (#191781) * fix issue * different udf check * Update src/vs/workbench/contrib/terminalContrib/accessibility/browser/textAreaSyncAddon.ts Co-authored-by: Daniel Imms <2193314+Tyriar@users.noreply.github.com> * Disable Local Server flow for REH (#191930) Because spinning up ports on the remote won't always work. Instead, we have the trusty device code flow. Fixes https://github.com/microsoft/vscode/issues/191866 Fixes https://github.com/microsoft/vscode/issues/191867 * Do not show parent checkbox contents for ai generated workspaces (#191933) * Skip flakey smoke test (#191936) * Skip flakey smoke test ref https://github.com/microsoft/vscode/issues/191860 * skip at describe since there's only 1 test * Add check to see if resource has file extension before setting FILE | FOLDER (#191923) * Set resource as FILE only if children are undefined * Add check to see if resource has extension before setting FileKind * Only update layout when chat is visible (#191943) Fixes https://github.com/microsoft/vscode/issues/191942 * Don't show chat widget context menu for filetree (#191940) * Open walkthrough if a gettingStarted page is found (#191947) * chore: bump electron@25.8.0 (#191905) * chore: bump electron@25.8.0 * chore: update internal build id * chore: bump distro * editors - do not focus empty editor group when created (#191963) * Enable the family autodetection algorithm (#191970) Fixes #191945: Enable the family autodetection algorithm to support a case where localhost resolves first to the ipv6 address and only second to the ipv4 address, and the desired server listens only on ipv4 * update distro * Restore default paste fallback (#192220) Fixes #192196 * Empty commit to release/1.82 (#192341) * Add setting to disable chat history variables * fix npm view exploits * Version bump * Version bump * prioritize html links since they can wrap other link types * Add missing vscode known variables * Fix merge conflict with yarn locks * Fix merge conflicts with build js files * Fix extensions dir compilation errors * Fix compilation errors * More compilation error fixes * Defines missing methods for treeViews * More compilation time error fixes * Fix remaining compile time issues * Declares argvConfig to launch * Fixes untrusted HTML issue for ADS launch * Fix failing core unit tests * Fix windows build pipeline * Fix electron version * Add prepare steps for deb and rpm packages * Update distro hash * Fix sql product build linux file * Fix indentation with linux build file * Update distro hash * Update distro hash again * Update node version to v18.x * Update node to 18.15.13 * Update node to 18.15.0 * Turn off hygiene temporarily * Fix build directory compilation issues * Turns off failing tests * Disable failing suite * Update sqlite release version to 1.16.0 * Update distro hash * Adds back XML language features extension * Bump vscode version to 1.82.0 * Update vscode link with ADS link * Fix issue with ts-node module resolution * Add missing sql carbon edit tag * Reenable linting in sql product compile script * Update distro hash * Add missing sql carbon edit tags * Correct node js version * Update nodejs version in ci.yml * Revert "Update nodejs version in ci.yml" This reverts commit 4694ace031bd4876f5022e652f63211618203e49. * Revert "Correct node js version" This reverts commit fb4864989760afb557be66b8e79cbad9564d3b1d. * Update nodejs version for github workflows * Reorder how deps are installed * Revert "Reorder how deps are installed" This reverts commit e0fbceb6c7285e54ef62278d5a3ee5ee5385db88. * Revert "Update nodejs version for github workflows" This reverts commit eb5d8193939f24e7e51663b8a4ebfe6ad1a097ce. * Use nodejs v16 for github checks * Bump nodejs to v18 * Update version to 18.15 * Fix basic * Fix issue with yarn with hygiene check * Fix yarn step in hygiene --------- Co-authored-by: Raymond Zhao <7199958+rzhao271@users.noreply.github.com> Co-authored-by: meganrogge <megan.rogge@microsoft.com> Co-authored-by: Logan Ramos <lramos15@gmail.com> Co-authored-by: Kartik Raj <karraj@microsoft.com> Co-authored-by: Megan Rogge <merogge@microsoft.com> Co-authored-by: Tyler James Leonhardt <me@tylerleonhardt.com> Co-authored-by: Henning Dieterichs <hdieterichs@microsoft.com> Co-authored-by: Joyce Er <joyce.er@microsoft.com> Co-authored-by: Alex Ross <alros@microsoft.com> Co-authored-by: Andrea Mah <31675041+andreamah@users.noreply.github.com> Co-authored-by: Daniel Imms <2193314+Tyriar@users.noreply.github.com> Co-authored-by: Connor Peet <connor@peet.io> Co-authored-by: Bhavya U <bhavyau@microsoft.com> Co-authored-by: Martin Aeschlimann <martinae@microsoft.com> Co-authored-by: Michael Lively <milively@microsoft.com> Co-authored-by: Rob Lourens <roblourens@gmail.com> Co-authored-by: Peng Lyu <penn.lv@gmail.com> Co-authored-by: Aiday Marlen Kyzy <amarlenkyzy@microsoft.com> Co-authored-by: Sandeep Somavarapu <sasomava@microsoft.com> Co-authored-by: Robo <hop2deep@gmail.com> Co-authored-by: Benjamin Pasero <benjamin.pasero@microsoft.com> Co-authored-by: João Moreno <joao.moreno@microsoft.com> Co-authored-by: Justin Chen <54879025+justschen@users.noreply.github.com> Co-authored-by: Hans <weartistt@gmail.com> Co-authored-by: troy351 <914053923@qq.com> Co-authored-by: Matt Bierner <matb@microsoft.com> Co-authored-by: Johannes Rieken <johannes.rieken@gmail.com> Co-authored-by: Ladislau Szomoru <3372902+lszomoru@users.noreply.github.com> Co-authored-by: Benjamin Pasero <benjamin.pasero@gmail.com> Co-authored-by: Aaron Munger <aamunger@microsoft.com> Co-authored-by: David Dossett <ddossett@microsoft.com> Co-authored-by: songlinn <17741492+songlinn@users.noreply.github.com> Co-authored-by: Karel Frederix <karelfrederix@gmail.com> Co-authored-by: Karel Frederix <kfrederix@selligent.com> Co-authored-by: Alexandru Dima <alexdima@microsoft.com> Co-authored-by: Christof Marti <chrmarti@microsoft.com> Co-authored-by: Cheena Malhotra <cmalhotra@microsoft.com>
2023-10-18 01:07:44 +03:00
* Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
* Full paths of source file(s) related to the manifestation of the issue
* The location of the affected source code (tag/branch/commit or direct URL)
* Any special configuration required to reproduce the issue
* Step-by-step instructions to reproduce the issue
* Proof-of-concept or exploit code (if possible)
* Impact of the issue, including how an attacker might exploit the issue
Merge from vscode a348d103d1256a06a2c9b3f9b406298a9fef6898 (#15681) * Merge from vscode a348d103d1256a06a2c9b3f9b406298a9fef6898 * Fixes and cleanup * Distro * Fix hygiene yarn * delete no yarn lock changes file * Fix hygiene * Fix layer check * Fix CI * Skip lib checks * Remove tests deleted in vs code * Fix tests * Distro * Fix tests and add removed extension point * Skip failing notebook tests for now * Disable broken tests and cleanup build folder * Update yarn.lock and fix smoke tests * Bump sqlite * fix contributed actions and file spacing * Fix user data path * Update yarn.locks Co-authored-by: ADS Merger <karlb@microsoft.com>
2021-06-17 18:17:11 +03:00
This information will help us triage your report more quickly.
If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs.
## Preferred Languages
We prefer all communications to be in English.
## Policy
Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
<!-- END MICROSOFT SECURITY.MD BLOCK -->