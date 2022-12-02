



Overview

Via a link or website, an attacker could take over a Visual Studio Code user’s computer and any computer that was connected through the Visual Studio Code remote development feature. The issue affected at least GitHub Codespaces, github.dev, the web-based Visual Studio Code for Web, and to a lesser extent Visual Studio Code Desktop.

Severity

Critical – This vulnerability could allow remote code execution on any computer connected through Visual Studio Code.

proof of concept

Visual Studio Code applies varying levels of security restrictions to content opened in the editor to prevent malicious attackers from creating view windows that can execute commands: links.

The primary way the editor enforces these restrictions is through an internal trust model that preserves the isTrusted annotation when the view is opened. Documents opened with isTrusted set to true can not only execute command: URIs, but also create unsafe HTML directly in Jypiter Notebook mode.

A Jypiter Notebook is a type of rich text document that is supported out-of-the-box by Visual Studio Code. Used primarily in data science, it consists of multiple segments of Python code, Markdown, HTML, and other formats. Python code is executed on the viewer machine and a diagram is generated. Because running external or potentially malicious code is dangerous, Jypiter notebooks typically start in untrusted mode and present a trust confirmation dialog to the user. Most security restrictions are bypassed if the document is trusted.

Each Visual Studio Code window is its own instance of Visual Studio Code. To facilitate opening the same file in a new editor window, an openFile parameter is provided for building inside the editor. openFile is a payload parameter. The payload is a set of flags given to the editor via URL query parameters on startup. Files opened this way are opened in trusted mode. This is because the editor assumes it was triggered by a user gesture in the editor.

Payload parameters are JSON encoded in the query. The unencoded form for opening a local file from c:/something.txt looks like this: [[“openFile”,”file://c:/something.txt”]]. This becomes ?payload=%5B%5B%22openFile%22%2C%22file%3A%2F%2Fc%3A%2Fsomething.txt%22%5D%5D .

You can prepare an HTTP server that allows remote content to always be downloaded via CORS. When Visual Studio Code loads this remote file from a URL ending in .ipynb, as soon as the user follows the link, in trust mode he will be opened as a Jypiter Notebook.

// https://golang.org package main import “net/http” const file = `{ “cells”: [

{

“cell_type”: “markdown”,

“metadata”: {},

“source”: [

“ ”

]

} ]}` func Do() (err error) { return http.ListenAndServe(“:http-alt” /* 8080 */, http.HandlerFunc(func(rw http.ResponseWriter, rq *http.Request) { rw. Header().Set(“Access-Control-Allow-Origin”, “*”) rw.Write([]byte(file)) })) } func main() { on error := Do(); err != nil { panic(err) } }

The file content for this code is a single Markdown cell in ipynb format. Markdown allows arbitrary HTML, so trusted mode allows you to inject any HTML code you want into your webview.

For traditional security reasons, JavaScript code cannot be executed directly.

to request, modification Contact us at Here or [email protected]