Skip to content

Add insecure option, deprecate allowSelfSigned #101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Add insecure option, deprecate allowSelfSigned #101

wants to merge 6 commits into from

Conversation

@agateau-gg
Copy link
Collaborator

Context

ggshield 1.44 introduced the --insecure option to replace the ambiguous --allow-self-signed. This PR makes similar changes to the VSCode extension.

What has been done

  • Introduce a new setting: insecure.
  • Mark the allowSelfSigned setting as deprecated.
  • Call ggshield with --insecure instead of --allow-self-signed.

PR check list

  • As much as possible, the changes include tests
  • If the changes affect the end user (new feature, behavior change, bug fix) then the PR has a changelog entry.

@agateau-gg agateau-gg requested a review from a team as a code owner October 28, 2025 15:19
@agateau-gg agateau-gg requested review from 6d7a and sevbch October 28, 2025 15:36
sevbch
sevbch reviewed Oct 29, 2025
View reviewed changes
Copy link
Contributor

@sevbch sevbch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just a couple comments

Also, adding @GabrielCousin as reviewer as he's a typescript expert

src/lib/ggshield-configuration-utils.ts
): Promise<GGShieldConfiguration> {
const config = workspace.getConfiguration("gitguardian");

const ggshieldPath: string | undefined = config.get("GGShieldPath");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that's worth keeping for local debugging

package.json
"type": "boolean",
"default": false,
"markdownDescription": "Allow Self Signed Certificates"
"markdownDescription": "Allow Self Signed Certificates",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is the option still showing on the extension settings? Can you share a screenshot?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this is not a title, I'd suggest Allow self-signed certificates without capitalization.

@sevbch sevbch requested a review from GabrielCousin October 29, 2025 09:15
GabrielCousin
GabrielCousin reviewed Oct 29, 2025
View reviewed changes
src/lib/ggshield-configuration-utils.ts
const insecure: boolean = config.get(
"insecure",
// Read allowSelfSigned for backward compatibility
config.get("allowSelfSigned", false),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just wondering if it could make sense to use a notification if the deprecated setting is still present? https://code.visualstudio.com/api/ux-guidelines/notifications
On one hand, it's seemless for the user but on the other hand, you can't know about the deprecation very easily, right?

src/test/suite/lib/run-ggshield.test.ts
});

const testCasesAllowSelfSigned = [
const testCasesInsecure = [
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe consider temporarily keeping a test that asserts the --insecure flag is forced if providing allowSelfSigned?

6d7a
6d7a requested changes Oct 29, 2025
View reviewed changes
Copy link

@6d7a 6d7a left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just some orthography suggestions.

package.json
"type": "string",
"default": "",
"markdownDescription": "You can override the value here for On Premise installations"
"markdownDescription": "You can override the value here for On Premise installations",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we change On Premise to on-premises?

package.json
"type": "boolean",
"default": false,
"markdownDescription": "Allow Self Signed Certificates"
"markdownDescription": "Allow Self Signed Certificates",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this is not a title, I'd suggest Allow self-signed certificates without capitalization.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@GabrielCousin GabrielCousin GabrielCousin left review comments

@sevbch sevbch sevbch left review comments

@6d7a 6d7a 6d7a requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@agateau-gg @GabrielCousin @sevbch @6d7a