Projects in directories specified as “Trusted Locations” are always considered trusted. To avoid showing warnings for every project, the IDE allows you to define trusted locations in Preferences/ Settings | Build, Execution, Deployment | Trusted Locations. The same protections also apply to other build systems (e.g. However, you can still browse the project’s contents and open its source files in the editor. Since this makes it impossible to build an accurate project model, many IDE features, such as error highlighting, will be disabled.
If you open a project in safe mode, the IDE will disable all potential code execution upon opening. If the project currently is not trusted, the IDE will ask you to choose whether to open it in safe mode or full-trust mode. When you open a project, IntelliJ IDEA doesn’t execute any code from it and checks whether it is trusted or from a trusted location. We’ve introduced trusted projects to mitigate these risks. Unfortunately, the risk is not merely hypothetical – there have been recent attempts to attack security researchers by sending them Visual Studio projects containing malicious code. If a malicious actor creates the project, this can be a significant security risk. Thus, the simple act of opening a project in the IDE could lead to code execution from the project build scripts. In addition to the issues inherent to the Maven and Gradle design, some of IntelliJ IDEA’s features (for example, startup tasks) introduce additional code execution possibilities enabled by sharing a project together with its. In Gradle and Maven, the build script can reference plugins – the build system will download the plugins from locations specified in the build scripts and execute code in those plugins.
In Gradle, the build script itself is code written in either Groovy or Kotlin. Many modern build systems, including Maven and Gradle, rely on code execution for building the project model that the IDE needs in order to understand the project structure and its dependencies. IntelliJ IDEA 2020.3.3 introduces the concept of trusted projects, designed to mitigate the risks associated with opening projects from unknown and untrusted sources. In this release, we’ve added an important new feature: Trusted projects
It is also available for download from our website. The new bug-fix update for IntelliJ IDEA 2020.3.3 is out! You can update to the new version from inside the IDE, with the Toolbox App, or using snaps if you are an Ubuntu user.
0 kommentar(er)
