feat(threatComposer): make cdn configurable via VS Code settings#8762
Open
ellgregs wants to merge 3 commits into
Open
feat(threatComposer): make cdn configurable via VS Code settings#8762ellgregs wants to merge 3 commits into
ellgregs wants to merge 3 commits into
Conversation
|
⏳ I'm reviewing this pull request for security vulnerabilities and code quality issues. I'll provide an update when I'm done |
|
✅ I finished the code review, and didn't find any security or code quality issues. |
|
Author
|
Hey @bijinai, I've added a setting to be able to use a self-hosted version of threat-composer within vs-code. Since you've previously worked on this I'd appreciate your input when you have a chance. Thanks |
Contributor
|
The change look good |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Users are unable to utilise a customised self-hosted ide-specific threat composer deployment within vs-code unless within a private network with customised dns resolution, due to the hardcoded URL for the ide-threat-composer editor resources.
Benefit of leveraging a self-hosted deployment of threat composer is users can include customised threat/mitigation packs - outlined here.
Solution
Added a configurable VS-Code setting
aws.threatComposer.cdnthat allows users to override the defaultcdnvalue 'https://ide-toolkits.threat-composer.aws.dev'.Testing
Change is minimal: 2 files changed
Caveats
Does require the users self-hosted version to update the content security policy in their deployment of the ide variant of threat-composesr but that seems a reasonable expectation.
feature/xbranches will not be squash-merged at release time.