Skip to content

Microsoft API Fix and general improvements #84

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 29 commits into
base: main
Choose a base branch
from
Open

Microsoft API Fix and general improvements #84

wants to merge 29 commits into from

Conversation

moritzgrede
Copy link

  • Fixed a typo
  • Removed output to malicious.json as the file isn't used anywhere. I suspect this will speed up execution, though I haven't verified this
  • Instead of iterating over every single malicious extension, only iterate the specified extensions and check if they are a part of the malicious list.
  • Query newest VS Code version instead of hardcoding it. Though this will increase runtime when no version is specified, as the query will have to complete first
  • Added a garbage collector to delete old artifacts like binaries and extensions
  • Removed default update frequency for sync (so that per default the command only runs a single time). This is probably controversial, but as script this makes more sense imho. For the docker container the default args could be modified to still stay the same?
  • Fix the Microsoft API change which blocked downloading extensions (see Failing to download extensions #81)
  • Also implemented the platform change from win32 to win32-x64. Thanks @AndreasAhlbeck (Failing to download extensions #81 (comment))
  • Added shorthands for most arguments
  • Update the README to both reflect the API changes (new domain) and the added arguments

Dan and others added 25 commits April 15, 2025 15:03
added more platforms and build types including web
5c8be84
fixed the error for recomendations
fceed16
@moritzgrede
Add to do list
f6829c7
@moritzgrede
Fix typo
07a3b8d
@moritzgrede
Remove output to "malicious.json"
a5c8b78 
As the file is not used anywhere else, removed the output to it which simplifies (and presumably slightly speeds up) the method.
@moritzgrede
Change test order of malicious extensions
bb29181 
Instead of iterating over all malicious extensions (which can be a rather large list), iterate over all extensions that are to be downloaded.
@moritzgrede
Detect latest VS Code version if argument is left empty
2b7f07a 
This increases the runtime as the web request must be executed first. But the version will always be the latest. As it is only used for the user agent it shouldn't event matter what version it is.
@moritzgrede
Add garbage collection
37bccac 
Removes existing old extension versions that are no longer needed.
@moritzgrede
Add update for existing extensions
3ebe486 
Existing extensions can be included in the update process.
@moritzgrede
Add garbage collection for binaries
7b50a5f
@moritzgrede
Add option to skip update of existing extensions
134d959
@moritzgrede
Remove default frequency for sync
1c476bd 
Changes default execution to a "one-off task"
@moritzgrede
Fix for Microsoft api change LOLINTERNETZ#81
b96421f 
This does not include an updated certificate! The certificate still is valid for the old domain.
@moritzgrede
Merge remote-tracking branch 'SpeedyH30/main' into int
e56bc41
@moritzgrede
Fix platforms win32 to win32-x64 LOLINTERNETZ#81
a3bb37f 
Thanks @AndreasAhlbeck LOLINTERNETZ#81 (comment)
@moritzgrede
Fix retrieval of existing extensions
e04b456
@moritzgrede
Fix retrieval of malicious extensions
7243180
@moritzgrede
Add shorthand for most arguments
fb3c322 
Most arguments / parameters now have a shorthand form. Eg. --sync can also be called with -s. This should simplify / shorten the command line in automations.
@moritzgrede
Change formatting of arguments to make them more readable
8db4dd6
@moritzgrede
Update documentation
72e1777
@moritzgrede
Add argument to skip recommended extensions
5d7f458 
Only extensions that are beaing searched for, that are specified (on the allowlist) or that already exist, would be downloaded.
@moritzgrede
Fix missing import
48a9320
@moritzgrede
Fix unhandled exception
6212bf3
@moritzgrede
Fix RegEx pattern as raw string
722db11 
Fixes issue with Python 3 interpreting \d as Unicode character
@moritzgrede
Remove deprecated attribute 'version'
b042b4d 
See https://github.com/compose-spec/compose-spec/blob/main/04-version-and-name.md
@moritzgrede
Copy link
Author

moritzgrede commented May 20, 2025
edited
Loading

A couple more issues showed up which I have fixed with the last commits (48a9320, 6212bf3, 722db11, b042b4d)

  • Errors with RegEx handling and missing import
  • Unhandled exception that occurred due to the wrong RegEx pattern string
  • Removed deprecated version attribute from docker-compose.yml

@moritzgrede
Fix deprecated 'utcnow' method
4679d0a 
Instead use timezone aware method (still with UTC time though) 'now'
@moritzgrede
Merge branch 'dev/feature_skipRecommended' into int
d06f55f
@moritzgrede
Copy link
Author

  • Fixed another deprecated method utcnow to now (still with the utc timezone though)
  • Another feature suggestion to skip downloading recommended extensions. In my case I would only like to use the allow list (specified.json) to download extensions. This allows for the skipping of the gathering process of recommandations

@LOLINTERNETZ
Copy link
Owner

Thanks for this comprehensive PR. I'll review it in more detail, but initially..

The malicious.json file is used by the vscode client directly and not by other code.

And yes, the sync frequency will likely stay as this has historically been a set and forget process rather than a script which is run once off. With all CDS environments usually being slow to incorporate changes I'm hesitant to change the default behaviour now. I'd argue the default deployment case is in a container, usually Deployment in k8s. Cron like jobs are somewhat newer and have their own quirks. But absolutely adding a single run arg (can't remember if there is one) sounds good.

@moritzgrede
Add default frequency back
ba99907 
As per the feedback from the PR readd the default frequency back as the standard should not change.
@moritzgrede
Add output of malicious extensions to malicious.json
1a3ad57 
As per the feedback from the PR readd the output of malicious extensions to the "malicious.json". The file is used by VS Code itself so there are no ther references to the file in the source code.
@moritzgrede
Copy link
Author

[...] comprehensive PR [...]

Yes, I might have gone a bit overboard with this. I needed most of this for myself so I thought to add my work back to main repository.

The malicious.json file is used by the vscode client directly [...]

Thank you for clearing this up! I didn't realize VS Code accessed this directly. I added this back with 1a3ad57.

[...] sync frequency will likely stay [...]

I thought so. I added the default back in ba99907. I'll make another PR at some point with a new argument that would allow single execution. Or to be able to set the frequency to 0 in order to disable it.

I'll also use this opportunity to thank you for this project. There doesn't seem to be any other solution (paid or not) that achieves an air gapped deployment of Visual Studio Code extensions.

@moritzgrede moritzgrede mentioned this pull request May 21, 2025
Open
@moritzgrede
Copy link
Author

To simplify the process, I pulled two commits from this PR and put them in #85

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@moritzgrede @LOLINTERNETZ