Skip to content

Add security-sensitive file extensions to workspace indexing exclusion list#1157

Merged
mjbvz merged 7 commits intomicrosoft:mainfrom
phawrylak:bugfix/exclude-certificates-from-indexing
Oct 7, 2025
Merged

Add security-sensitive file extensions to workspace indexing exclusion list#1157
mjbvz merged 7 commits intomicrosoft:mainfrom
phawrylak:bugfix/exclude-certificates-from-indexing

Conversation

@phawrylak
Copy link
Contributor

@phawrylak phawrylak commented Sep 26, 2025

This pull request updates the list of excluded file extensions in the workspaceFileIndex.ts file to improve security and prevent indexing of sensitive files. The change specifically adds several certificate and private key file types to the exclusion list.

Security-related exclusions:

  • Added certificate and private key extensions (pfx, p12, pem, crt, cer, key, priv, jks, keystore, csr) to the EXCLUDE_EXTENSIONS set in workspaceFileIndex.ts to prevent indexing of security-sensitive files.

Copilot AI review requested due to automatic review settings September 26, 2025 09:15
Copilot AI reviewed Sep 26, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request enhances security by preventing the indexing of sensitive certificate and private key files in the workspace file indexing system. It adds security-related file extensions to the exclusion list to avoid accidentally processing or exposing sensitive cryptographic materials.

  • Adds certificate file extensions (pfx, p12, pem, crt, cer) to prevent indexing
  • Adds private key extensions (key, priv) to the exclusion list
  • Includes Java keystore formats (jks, keystore) and certificate signing requests (csr)

@aiday-mar aiday-mar removed their assignment Oct 7, 2025
@TylerLeonhardt TylerLeonhardt removed their request for review October 7, 2025 15:48
mjbvz
mjbvz approved these changes Oct 7, 2025
View reviewed changes
Copy link
Contributor

@mjbvz mjbvz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding these. I'll also confirm our indexing services ignore these. I believe it should already but good to make sure

@mjbvz mjbvz enabled auto-merge October 7, 2025 16:17
@vs-code-engineering vs-code-engineering bot added this to the October 2025 milestone Oct 7, 2025
@mjbvz mjbvz added this pull request to the merge queue Oct 7, 2025
Merged via the queue into microsoft:main with commit 4d3ad14 Oct 7, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@roblourens roblourens roblourens approved these changes

@mjbvz mjbvz mjbvz approved these changes

Assignees

@mjbvz mjbvz

Labels

triage-needed

Projects

None yet

Milestone

October 2025

Development

Successfully merging this pull request may close these issues.

5 participants

@phawrylak @roblourens @mjbvz @aiday-mar