Skip to content

Commit 0164c60

Browse files
fioan89fioan89
authored
impl: verify cli signature (#562)
* impl: support for downloading and verifying cli signatures * fix: class cast exception * impl: embed the pgp public key as a plugin resource This is the key that validates if the gpg signature was tampered * chore: fix UTs related to CLI downloading For one thing some method signature changed, some methods are now suspending functions that will have to run in a coroutine in the tests. The second big issue is that now the download function requests user's input via a dialog * fix: download the correct CLI signature for Windows The signature for windows CLI follows the format: coder-windows-amd64.exe.asc Currently it is coded to coder-windows-amd64.asc which means the plugin always fail to find any signature for windows cli * chore: next version is 2.22.0 * impl: strict URL validation for the connection screen This commit rejects any URL that is opaque, not hierarchical, not using http or https protocol, or it misses the hostname. * impl: strict URL validation for the URI handling This commit rejects any URL that is opaque, not hierarchical, not using http or https protocol, or it misses the hostname. * fix: transform to url only after we checked the validation result * chore: update UT expected result
1 parent 3c8828d commit 0164c60

23 files changed

+1140
-195
lines changed

CHANGELOG.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,12 @@
44

55
## Unreleased
66

7+
### Added
8+
9+
- support for checking if CLI is signed
10+
- improved progress reporting while downloading the CLI
11+
- URL validation is stricter in the connection screen and URI protocol handler
12+
713
## 2.21.1 - 2025-06-26
814

915
### Fixed

build.gradle.kts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,8 @@ dependencies {
5656
testImplementation(kotlin("test"))
5757
// required by the unit tests
5858
testImplementation(kotlin("test-junit5"))
59+
testImplementation("io.mockk:mockk:1.13.12")
60+
testImplementation("org.jetbrains.kotlinx:kotlinx-coroutines-test:1.9.0")
5961
// required by IntelliJ test framework
6062
testImplementation("junit:junit:4.13.2")
6163

gradle.properties

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ pluginGroup=com.coder.gateway
55
artifactName=coder-gateway
66
pluginName=Coder
77
# SemVer format -> https://semver.org
8-
pluginVersion=2.21.1
8+
pluginVersion=2.22.0
99
# See https://plugins.jetbrains.com/docs/intellij/build-number-ranges.html
1010
# for insight into build numbers and IntelliJ Platform versions.
1111
pluginSinceBuild=243.26574

src/main/kotlin/com/coder/gateway/CoderRemoteConnectionHandle.kt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,7 @@ class CoderRemoteConnectionHandle {
6666
private val localTimeFormatter = DateTimeFormatter.ofPattern("yyyy-MMM-dd HH:mm")
6767
private val dialogUi = DialogUi(settings)
6868

69-
fun connect(getParameters: (indicator: ProgressIndicator) -> WorkspaceProjectIDE) {
69+
fun connect(getParameters: suspend (indicator: ProgressIndicator) -> WorkspaceProjectIDE) {
7070
val clientLifetime = LifetimeDefinition()
7171
clientLifetime.launchUnderBackgroundProgress(CoderGatewayBundle.message("gateway.connector.coder.connection.provider.title")) {
7272
try {

src/main/kotlin/com/coder/gateway/CoderSettingsConfigurable.kt

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,14 @@ class CoderSettingsConfigurable : BoundConfigurable("Coder") {
6868
CoderGatewayBundle.message("gateway.connector.settings.enable-binary-directory-fallback.comment"),
6969
)
7070
}.layout(RowLayout.PARENT_GRID)
71+
row {
72+
cell() // For alignment.
73+
checkBox(CoderGatewayBundle.message("gateway.connector.settings.fallback-on-coder-for-signatures.title"))
74+
.bindSelected(state::fallbackOnCoderForSignatures)
75+
.comment(
76+
CoderGatewayBundle.message("gateway.connector.settings.fallback-on-coder-for-signatures.comment"),
77+
)
78+
}.layout(RowLayout.PARENT_GRID)
7179
row(CoderGatewayBundle.message("gateway.connector.settings.header-command.title")) {
7280
textField().resizableColumn().align(AlignX.FILL)
7381
.bindText(state::headerCommand)

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy