-
Notifications
You must be signed in to change notification settings - Fork 29k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not leak VSCode related environment variables to debug targets #38428
Comments
@weinand can we start slowly and remove it from the place where we launch an application from debug? I do not see an easy way in the extension host to avoid leaking this variable anywhere. |
@bpasero leaking I think we should remove For our debug extensions we will start to support that environment variables can be removed, so this will give users at least a workaround for the problem. |
@weinand that is a bit different though. our motivation for actually setting Can we add code somewhere where we spawn a process from debug to have this variable removed? This issue would go away if we switched to using a standalone node.js executable instead of going through Electron. |
Sure, we can remove the I wonder whether Electron always reads the |
yes, it seems so: from https://electron.atom.io/releases:
|
@weinand it is a tradeoff, there are 2 cases:
I believe that the former case is the more common case compared to the latter. If we remove |
I'm not asking for removing Basically I try to find an "opt-in" approach instead of an "opt-out" approach. So whenever we fork electron with (BTW, I noticed in electron/electron@bea1a06 that a |
After discussion we think a good solution would be if the debug adapter could get access to the actual shell environment that we resolve right on startup and then use that environment when spawning the debug target. This would ensure that the target sees the exact same environment that it would see if it was spawned from the terminal. |
ELECTRON_NO_ASAR
environment variable
@weinand I found
|
I'm having a similar issue originally posted at the wrong repository it seems. When debugging a C# app that starts an electron-based app via the .NET API Although I didn't try I would assume that all electron-based child processes started by a debugged app - be it C# or anything else - have this issue. |
@weinand I feel this either needs a plan what to be done or close as we have not looked into this for almost 4 years. |
Taking care of this for (js) debugging, imo other debuggers should sanitize in the same way if they inherit process.env (which they may not want to do, in linked issue) |
Leaking the
ELECTRON_NO_ASAR
environment variable makes Electron based apps started from VS Code fail (because they can no longer load scripts from *.asar archives).For more details see #30105
The text was updated successfully, but these errors were encountered: