From 310f30bec07233503f5abb997e2354a75eec4a3c Mon Sep 17 00:00:00 2001 From: "zed-zippy[bot]" <234243425+zed-zippy[bot]@users.noreply.github.com> Date: Tue, 23 Dec 2025 19:38:41 +0000 Subject: [PATCH] Do not trust Docker hosts by default (#45587) (cherry-pick to preview) (#45588) Cherry-pick of #45587 to preview ---- It's still possible to leak secrets by spawning odd MCP/LSP servers from `.zed/settings.json` Release Notes: - N/A Co-authored-by: Kirill Bulatov --- crates/project/src/project.rs | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/crates/project/src/project.rs b/crates/project/src/project.rs index fd11641ad1186a62009151a689c0bb86bdb36d26..12c56f35f594a46fb35613c2432bf6519759389a 100644 --- a/crates/project/src/project.rs +++ b/crates/project/src/project.rs @@ -1291,34 +1291,13 @@ impl Project { cx.subscribe(&worktree_store, Self::on_worktree_store_event) .detach(); if init_worktree_trust { - let trust_remote_project = match &connection_options { - RemoteConnectionOptions::Ssh(..) | RemoteConnectionOptions::Wsl(..) => false, - RemoteConnectionOptions::Docker(..) => true, - }; - let remote_host = RemoteHostLocation::from(connection_options); trusted_worktrees::track_worktree_trust( worktree_store.clone(), - Some(remote_host.clone()), + Some(RemoteHostLocation::from(connection_options)), None, Some((remote_proto.clone(), REMOTE_SERVER_PROJECT_ID)), cx, ); - if trust_remote_project { - if let Some(trusted_worktres) = TrustedWorktrees::try_get_global(cx) { - trusted_worktres.update(cx, |trusted_worktres, cx| { - trusted_worktres.trust( - worktree_store - .read(cx) - .worktrees() - .map(|worktree| worktree.read(cx).id()) - .map(PathTrust::Worktree) - .collect(), - Some(remote_host), - cx, - ); - }) - } - } } let weak_self = cx.weak_entity();