Closed olafurpg closed 1 day ago
TODO: report helpful error messages when missing dependencies
Linux:
sudo apt install libsecret-tools
sudo apt install gnome-keyring
Windows with Admin Powershell
Install-Module -Name CredentialManager
‼️ Hey @sourcegraph/cody-security, please review this PR carefully as it introduces the usage of an unsafe_
function or abuses PromptString.
Thank you for the review! I've addressed the feedback on shell quoting, the solution is now using spawn
instead of exec
. I will submit a request in #discuss-security to additionally review this functionality after the release is out (we won't make public noise about this feature until after security review is done)
CI failures are unrelated, posted about it here https://sourcegraph.slack.com/archives/C05AGQYD528/p1720014583901319
Rebase on top of main to fix CI https://github.com/sourcegraph/cody/pull/4768
Thank you everybody for the review! 🙇🏻 I will cut a release and get a second round of review from the security team CODY-2738 : Complete security review on Cody cli auth
secret management
Previously, we used Keytar to write/read/delete secrets. This was problematic for two reasons:
cody-agent
was crashing on macOS when using a release that was built on Linux (in CI)This PR addresses both problems by replacing keytar with a custom solution that shells out to different secret managers (
security
on macOS,secret-tool
on Linux, andpowershell
on Windows). See comment insecrets.ts
for a more detailed reasoning why we went with this approach.Test plan
Manually tested on macOS/Linux/Windows.