To ensure that the projects are treated as untrusted only in unusual circumstances, we recommend adding the directory where you usually create projects to your trusted locations. Projects in directories specified as “Trusted Locations” are always considered trusted. P圜harm makes it possible to identify trusted locations in Preferences/Settings | Build, Execution, Deployment | Trusted Locations. Instead, P圜harm will let you decide whether to use the project’s interpreter or configure another Python interpreter instead. If the project folder is not listed as a trusted location, P圜harm won’t proceed with the auto-configuration of its interpreter. Instead, it first checks whether the project is from a trusted location.
When you open an imported or cloned project that contains a virtual environment, P圜harm doesn’t execute the auto-configuration of the virtual environment. We’ve introduced the concept of Trusted Projects to mitigate these risks. There have been recent attempts to attack security researchers by sending them Visual Studio projects containing malicious code. Unfortunately, the risk is not merely hypothetical. This can pose a significant risk if a malicious actor creates the project. The simple act of opening a project in the IDE can lead to the automatic execution of code from the project’s virtual environment, specifically its activation script. It is also available for download from our website. You can upgrade to v2020.3.4 with the Toolbox App, or right from the IDE, or by using snap if you are an Ubuntu user. We are also working on implementing the concept of trusted projects, which is designed to mitigate the risks associated with opening projects from unknown and untrusted sources. This release is dedicated to fixing bugs and enhancing performance.
0 kommentar(er)
