OPENIDE #161 Change approach from whitelists to blacklists

(cherry picked from commit e927f851c876f148cb0eea4d0be2487a6ef435e6)

(cherry picked from commit c96820d2e2)
(cherry picked from commit 49e9d4fd10)
(cherry picked from commit bf03c2b023)

platform/ide-core/src/com/intellij/util/io/HttpRequests.java

@@ -24,7 +24,7 @@ import org.jetbrains.annotations.ApiStatus;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 import ru.openide.io.StubUrlConnection;
-import ru.openide.io.WhiteListUrls;
+import ru.openide.io.BlackListUrls;
 
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.HttpsURLConnection;
@@ -582,7 +582,7 @@ public final class HttpRequests {
       request.myUrl = "https:" + request.myUrl.substring(5);
     }
 
-    if (!WhiteListUrls.isAvailableUrl(request.myUrl)) {
+    if (!BlackListUrls.isAvailableUrl(request.myUrl)) {
       LOG.info("Not available url: " + request.myUrl);
       URL url = new URL(request.myUrl);
       return new StubUrlConnection(url);

platform/ide-core/src/ru/openide/io/BlackListUrls.kt

@@ -0,0 +1,79 @@
+// OpenIDE Project
+// Copyright (C) 2025 “Open Development Platform” Ltd. (https://openide.ru)
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License version 3 or later as published by the Free Software Foundation.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see http://www.gnu.org/licenses/.
+package ru.openide.io
+
+import com.intellij.notification.Notification
+import com.intellij.notification.NotificationAction
+import com.intellij.notification.NotificationType
+import java.net.URL
+import java.net.URLConnection
+
+object BlackListUrls {
+  private val urls = listOf(
+    "resources.jetbrains.com",
+    "download.jetbrains.com",
+    "packages.jetbrains.team",
+    "cache-redirector.jetbrains.com",
+    "www.jetbrains.com",
+    "intellij-test-discovery.labs.intellij.net",
+    "forms-service.jetbrains.com",
+    "ea-report.jetbrains.com",
+    "plugins.jetbrains.com",
+    "resources.jetbrains.com",
+    "uploads.jetbrains.com",
+    "analytics.services.jetbrains.com"
+  )
+
+  private val WITHOUT_PROTOCOL_REGEX = Regex("https?://")
+
+  @JvmStatic
+  fun isAvailableUrl(url: String): Boolean {
+    if (url.startsWith("file")) return true
+    val urlWithoutProtocol = url.replaceFirst(WITHOUT_PROTOCOL_REGEX, "")
+    if (urls.startsWith(urlWithoutProtocol)) {
+      if (OpenIdePersistentUrlStorage.getInstance().getUrls().startsWith(url)) {
+        return true
+      }
+
+      val findPluginId = OpenIdePluginUtil.getInstance().findNonBundledPluginId(Throwable())
+      if (findPluginId != null) {
+        return true
+      }
+
+      showAccessRequestNotification(url)
+      return false
+    }
+
+    return true
+  }
+
+  private fun showAccessRequestNotification(url: String) {
+    val addUrlAction = NotificationAction.createSimpleExpiring(OpenIdeBundle.message("allow.access")) {
+      OpenIdePersistentUrlStorage.getInstance().getUrls().add(url)
+    }
+
+    Notification("Find Problems", OpenIdeBundle.message("access.to.untrusted.source"), url, NotificationType.WARNING)
+      .addAction(addUrlAction)
+      .notify(null)
+  }
+
+  private fun List<String>.startsWith(url: String): Boolean {
+    return this.any { url.startsWith(it, true) }
+  }
+}
+
+class StubUrlConnection(url: URL): URLConnection(url) {
+  override fun connect() {
+  }
+}

platform/ide-core/src/ru/openide/io/WhiteListUrls.kt

@@ -1,187 +0,0 @@
-// Copyright (c) Haulmont 2024. All Rights Reserved.
-// Use is subject to license terms.
-package com.intellij.util.io
-
-import java.net.URL
-import java.net.URLConnection
-
-object WhiteListUrls {
-  private val urls = listOf(
-    "https://github.com",
-    "https://search.maven.org",
-    "https://repo.jfrog.org",
-    "https://oss.sonatype.org",
-    "https://repository.jboss.org",
-    "https://repo.maven.apache.org",
-    "https://plugins.gradle.org/plugin/org.jetbrains.intellij",
-    "https://api.github.com/repos",
-    "https://pypi.python.org",
-    "http://localhost",
-    "https://services.gradle.org",
-    "https://plugins.openide.ru/",
-    "https://downloads.marketplace.openide.ru",
-    "https://downloads.openide.ru",
-    "https://repo1.maven.org/maven2/net/sourceforge/plantuml/plantuml/1.2023.10/plantuml-1.2023.10.jar",
-    "https://amplicode.ru",
-    "https://download.openide.ru"
-    "https://download.openide.ru",
-    "https://download-ide.axiomjdk.ru",
-    "https://schemastore.org",
-    "https://storage.yandexcloud.net/amplicode-marketplace/drivers/jdbc-drivers.xml",
-    "https://openide.ru",
-    "https://d5dloaaon52j82oceane.apigw.yandexcloud.net",
-    "https://index.docker.io",
-    "https://grafana.com",
-    "https://mcr.microsoft.com",
-    "https://container-registry.oracle.com",
-    "https://registry-1.docker.io",
-    "https://checksid.jmix.io",
-    "https://store-admin.jmix.io",
-    "https://jmix",
-    "https://sso.jmix.io",
-    "https://account.jmix.io",
-    "https://global.repo.jmix.io",
-    "https://nexus.jmix.io",
-    "https://usage-stat.cuba-platform.com",
-    "https://api.hsforms.com/submissions/v3/integration/submit/",
-    "https://store.amplicode.ru",
-    "https://ls.store.amplicode.ru",
-    "https://resources.openide.ru",
-    "https://api.github.com",
-    "https://avatars.githubusercontent.com"
-  )
-
-  // Collect urls from KnownSchemaIdentifiers.json
-  private val jsonSchemaUrls = listOf(
-    "https://raw.githubusercontent.com",
-    "http://json.schemastore.org",
-    "https://json.schemastore.org",
-    "https://schemastore.azurewebsites.net",
-    "http://json-schema.org",
-    "https://json-schema.org",
-    "https://developer.1password.com/schema/ssh-agent-config.json",
-    "https://appsemble.app/api.json#/components/schemas/AppDefinition",
-    "https://gitlab.com/appsemble/appsemble/-/raw/HEAD/packages/cli/assets/appsemblerc.schema.json",
-    "https://www.asyncapi.com/schema-store/all.schema-store.json",
-    "https://atmos.tools/schemas/atmos/atmos-manifest/1.0/atmos-manifest.json",
-    "https://coderabbit.ai/integrations/schema.v2.json",
-    "https://github.com/cloudcannon/configuration-types/releases/latest/download/cloudcannon-config.schema.json",
-    "https://github.com/cmhughes/latexindent.pl/raw/main/documentation/latexindent-yaml-schema.json",
-    "https://chat-agents.lobehub.com/schema/lobeAgentSchema_v1.json",
-    "https://fasterci.com/config.schema.json",
-    "https://flagd.dev/schema/v0/flags.json",
-    "https://ide-integration.batect.dev/v1/configSchema.json",
-    "https://bitbucket.org/atlassianlabs/intellij-bitbucket-references-plugin/raw/master/src/main/resources/schemas/bitbucket-pipelines.schema.json",
-    "https://schemas.wp.org/trunk/block.json",
-    "https://blockprotocol.org/schemas/block-metadata.json",
-    "https://carafe.fm/schema/draft-02/bundle.schema.json",
-    "https://gitlab.com/chromaway/core-tools/chromia-cli/-/raw/dev/chromia-build-tools/src/main/resources/chromia-model-schema.json",
-    "https://appliedengdesign.github.io/cnccodes-json-schema/draft/2022-07/schema",
-    "https://deta.space/assets/spacefile.schema.json",
-    "https://codemagic.io/codemagic-schema.json",
-    "https://wixplosives.github.io/codux-config-schema/codux.config.schema.json",
-    "https://openapi.vercel.sh/vercel.json",
-    "https://unpkg.com/@changesets/config/schema.json",
-    "https://getcomposer.org/schema.json",
-    "https://on.cypress.io/cypress.schema.json",
-    "https://gitlab.com/sbenv/veroxis/docker-seq/-/raw/HEAD/docker-seq.schema.json",
-    "https://dprint.dev/schemas/v0.json",
-    "https://dstack-runner-downloads.s3.eu-west-1.amazonaws.com/latest/schemas/configuration.json",
-    "https://enterprisecontract.dev/enterprise-contract-controller/schema/policy_spec.json",
-    "https://cdn.jsdelivr.net/gh/tarampampam/error-pages@latest/schemas/config/1.0.schema.json",
-    "https://gitlab.com/sbenv/veroxis/ezd-rs/-/raw/HEAD/ezd.schema.json",
-    "https://gitlab.com/fdroid/fdroiddata/-/raw/master/schemas/metadata.json",
-    "https://ffizer.github.io/ffizer/ffizer.schema.json",
-    "https://gitlab.cern.ch/steam/fiqus/-/raw/master/docs/schema.json",
-    "https://gitlab.com/gitlab-org/gitlab/-/raw/master/app/assets/javascripts/editor/schema/ci.json",
-    "https://gitpod.io/schemas/gitpod-schema.json",
-    "https://golangci-lint.run/jsonschema",
-    "https://goreleaser.com/static",
-    "https://github.com/goss-org/goss/raw/master/docs/schema.yaml",
-    "https://unpkg.com/@graphql-mesh/types/esm/config-schema.json",
-    "https://unpkg.com/graphql-config/config-schema.json",
-    "https://www.graphql-code-generator.com/config.schema.json",
-    "https://hazelcast.com/schema/config/hazelcast-config-5.5.json",
-    "https://html-validate.org/schemas/config.json",
-    "https://hyperfoil.io/schema.json",
-    "https://ifstate.net/schema/1/ifstate.conf.schema.json",
-    "https://schema.infrahub.app/python-sdk/repository-config/latest.json",
-    "https://jenkins-x.io/schemas",
-    "https://github.com/abstracta/jmeter-java-dsl/releases/latest/download/jmdsl-config-schema.json",
-    "https://jsr.io/schema/config-file.v1.json",
-    "https://jsonapi.org/schema",
-    "https://www.krakend.io/schema/krakend.json",
-    "https://kubri.dev/schema.json",
-    "https://cdn.jsdelivr.net/npm/liblab@latest/liblab.config.schema.json",
-    "https://w3id.org/linkml/meta.schema.json",
-    "https://grnhse-vpc-assets.s3.amazonaws.com/jsonschemas/lotus.yaml.json",
-    "https://github.com/napari/npe2/releases/latest/download/schema.json",
-    "https://noxorg.dev/schemas/NoxConfiguration.json",
-    "https://spec.openapis.org/oas/3.1/schema/2022-10-07",
-    "https://meta.open-rpc.org/",
-    "https://github.com/usnistgov/OSCAL",
-    "https://schema.postman.com/collection/json/v2.1.0/draft-07/collection.json",
-    "https://www.qgoda.net/schemas/qgoda.json",
-    "https://docs.renovatebot.com/renovate-schema.json",
-    "https://cdn.jsdelivr.net/gh/roadrunner-server/roadrunner@latest/schemas/config/3.0.schema.json",
-    "https://cdn.sdf.com/schemas/sdf-schema-1.3.json",
-    "https://starship.rs/config-schema.json",
-    "https://schemas.wp.org/trunk/theme.json",
-    "https://turborepo.org/schema.json",
-    "https://static.trunk.io/pub/trunk-yaml-schema.json",
-    "https://developer.microsoft.com/json-schemas/tsdoc/v0/tsdoc.schema.json",
-    "https://tstyche.org/schemas/config.json",
-    "https://cdn.jsdelivr.net/npm/tsup/schema.json",
-    "https://sap.github.io/ui5-tooling/schema",
-    "https://github.com/go-vela/types/releases/latest/download/schema.json",
-    "https://www.unpkg.com/wrangler/config-schema.json",
-    "https://json-stat.org/format/schema/2.0/",
-    "https://typedoc.org/schema.json",
-    "https://mise.jdx.dev/schema/mise.json",
-    "https://motif.land/api/motif.schema.json",
-    "https://github.com/helmwave/helmwave/releases/latest/download/schema.json",
-    "https://github.com/fbecart/zinoma/releases/latest/download/zinoma-schema.json",
-    "https://uniswap.org/tokenlist.schema.json",
-    "https://docs.gradle.com/enterprise/admin/schema/gradle-enterprise-config-schema-10.json",
-    "https://docs.gradle.com/build-cache-node/schema/build-cache-node-config-schema-5.json",
-    "https://yarnpkg.com/configuration/yarnrc.json",
-    "https://taskfile.dev/schema.json",
-    "https://render.com/schema/render.yaml.json",
-    "https://www.liquibase.org/json/schema/liquibase-flow-file-latest.json",
-    "https://github.com/mason-org/registry-schema/releases/latest/download/package.schema.json",
-    "https://s3.eu-central-1.amazonaws.com/files.netin.io/spider-schemas/template.schema.json",
-    "https://noodl.s3.us-west-1.amazonaws.com/noodl.schema.json",
-    "https://download.stackhawk.com/hawk/jsonschema/hawkconfig.json",
-    "https://www.updatecli.io/schema",
-    "https://geojson.org/schema/GeoJSON.json",
-    "https://public.dhe.ibm.com",
-    "https://datahubproject.io/schemas/datahub_ingestion_schema.json",
-    "https://upliftci.dev/static/schema.json",
-    "https://github.com/DannyBen/completely/blob/master/schemas/completely.json",
-    "https://docs.visivo.io/assets/visivo_schema.json",
-    "https://enduricastorage.blob.core.windows.net/public/endurica-cl-schema.json",
-    "https://rivet.gg/rivet.schema.json",
-    "https://cdn.subsquid.io/schemas/squid_manifest.json",
-    "https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/raw/master/pkg/agentcfg/agentcfg_schemas/ConfigurationFile.json",
-    "https://www.cardgamesimulator.com/schema/CardGameDef.json",
-    "https://alec016.github.io/Custom-Machinery",
-    "https://bioimage-io.github.io/spec-bioimage-io/bioimageio_schema_latest.json",
-    "https://www.json-wf.org.uk/json-wf-schema-1.0.json",
-    "https://download.qt.io/official_releases/qtcreator/latest/installer_source/jsonschemas/project.json",
-    "https://api.app-prg1.zerops.io",
-    "https://repo1.maven.org/maven2/com/walmartlabs/concord/runtime/v2/concord-runtime-model-v2/2.14.0/concord-runtime-model-v2-2.14.0-schema.json",
-    "https://deployments.allegrogroup.com/tycho/schema",
-    "https://www.eidolonai.com/json_schema/v1/resources/overview.json",
-    "https://waku.ngjx.org/static/schema.json"
-  )
-
-  @JvmStatic
-  fun isAvailableUrl(url: String): Boolean {
-    return urls.any { url.startsWith(it, true) }
-  }
-}
-
-class StubUrlConnection(url: URL): URLConnection(url) {
-  override fun connect() {
-  }
-}