fix(vscode): harden runtime dependency validation (integrity checks, SHA256 verification, metadata timeout)#9376
Merged
lambrianmsft merged 6 commits intoJul 9, 2026
Conversation
…cation, on-disk integrity manifest - Add 30s timeout to readJsonFromUrl so NodeJs/Func/DotNet version lookups can no longer hang the extension on 'Validating Runtime Dependency: NodeJS'. - Verify SHA256 of downloaded NodeJs (SHASUMS256.txt) and FuncCoreTools (.sha2 sidecar) payloads, which upstream Content-MD5 checks don't cover for nodejs.org / GitHub release sources. - Write a per-dependency on-disk integrity manifest (.logicapps-integrity.json) at install time and verify every recorded file + size at validation time so a removed/corrupt file forces a wipe + reinstall instead of failing at runtime. - Wire integrity check into both NodeJs and FuncCoreTools validators; NodeJs validator now awaits binariesExist (fixes un-awaited Promise). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add tests locking in the reinstall-on-corruption behavior for the on-disk integrity manifest: - verifyDependencyIntegrity: manifest-invalid (files not an array), unconfigured binaries location, and a NodeJs happy path. - writeDependencyIntegrityManifest: excludes the manifest file itself. - validateNodeJsIsLatest / validateFuncCoreToolsIsLatest: binaries present but integrity invalid triggers reinstall; valid + current does not. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Extend the on-disk integrity manifest with an optional per-file sha256 for the primary executables (node.exe/node, func.exe/func/func.dll). These hashes are captured at install time right after the archive's CDN SHA256 was verified, so they are transitively CDN-anchored. On every startup the critical files are re-hashed and compared, catching silent same-size corruption that the size-only check misses, while the long tail stays size/existence-checked to avoid re-slowing activation. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
🤖 AI PR Validation ReportPR Review ResultsThank you for your submission! Here's detailed feedback on your PR title and body compliance:✅ PR Title
✅ Commit Type
✅ Risk Level
✅ What & Why
✅ Impact of Change
✅ Test Plan
✅ Contributors
✅ Screenshots/Videos
Summary Table
This PR passes review for title/body compliance. The advised risk level matches the submitter's estimate (
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR hardens the VS Code designer extension’s runtime dependency installation/validation path to prevent activation hangs and detect/repair corrupted or partially deleted Node.js / Azure Functions Core Tools installs.
Changes:
- Adds bounded metadata lookups (timeout) to avoid activation hangs during dependency version resolution.
- Adds SHA256 verification of downloaded dependency archives and writes an on-disk integrity manifest for extracted installs.
- Updates Node.js and Func Core Tools “latest” validators to trigger reinstalls when integrity validation fails, with accompanying unit test coverage.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| Localize/lang/strings.json | Adds localized strings for new workflow-name validation messages. |
| apps/vs-code-designer/test-setup.ts | Extends fs mocks to support new hashing/manifest behavior in tests. |
| apps/vs-code-designer/src/constants.ts | Adds timeout and manifest filename constants for dependency validation. |
| apps/vs-code-designer/src/app/utils/binaries.ts | Implements metadata timeout, archive SHA256 verification, and on-disk integrity manifest write/verify logic. |
| apps/vs-code-designer/src/app/utils/test/binaries.test.ts | Adds unit tests for checksum resolution, SHA256 hashing, and integrity manifest validation. |
| apps/vs-code-designer/src/app/commands/nodeJs/validateNodeJsIsLatest.ts | Reinstalls Node.js when on-disk integrity validation fails. |
| apps/vs-code-designer/src/app/commands/nodeJs/test/validateNodeJsIsLatest.test.ts | Adds tests validating reinstall/no-reinstall behavior based on integrity checks. |
| apps/vs-code-designer/src/app/commands/funcCoreTools/validateFuncCoreToolsIsLatest.ts | Reinstalls Func Core Tools when on-disk integrity validation fails. |
| apps/vs-code-designer/src/app/commands/funcCoreTools/test/validateFuncCoreToolsIsLatest.test.ts | Adds tests validating reinstall/no-reinstall behavior based on integrity checks. |
…entries computeFileSha256 now feeds the Buffer chunk straight into hash.update instead of copying it into a new Uint8Array per chunk, removing avoidable allocation/CPU overhead when hashing large archives. verifyDependencyIntegrity now fails fast (and schedules reinstall) when a recorded manifest entry is no longer a regular file (e.g. replaced by a directory or symlink), reported via the new 'not-a-file' integrity result. Adds a regression test and updates existing statSync stubs to model isFile(). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…pper, drop URL regex and per-file integrity hashing - Replace new echo executeCommand logs with ext.outputChannel.appendLog (localized) - Rename downloadFileWithVerification -> downloadFileWithTransportVerification (transport-only) - Remove URL regex in resolveExpectedDependencySha256; derive SHASUMS URL + artifact name from downloadUrl - Drop per-file SHA256 from the on-disk integrity manifest (keep size+existence checks); manifest write/verify are now synchronous - Trim verbose constants.ts comments; zero-copy hash.update view Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Replace logging-only executeCommand(..., echo, ...) calls with direct output channel appendLog calls across runtime dependency validation. Keep executeCommand only for real external processes like the DotNet installer, dotnet --version, and tar extraction. Also align FuncCoreTools binary validation with NodeJS by skipping version probes when on-disk integrity has already failed, so a corrupt func install is reinstalled without executing it first. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
andrew-eldridge
approved these changes
Jul 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Commit Type
Risk Level
What & Why
TL;DR: Hardens the VS Code extension against runtime-dependency corruption and startup hangs, so a corrupt/partially-deleted NodeJs or FuncCoreTools install is detected and repaired -- without re-slowing activation or redownloading when the on-disk copy is actually healthy.
Why: Users reported the extension getting stuck on "Validating Runtime Dependency: NodeJS" (blocking the designer from loading), silent failures when Function Host
node/DLL files went missing (surfacing only as a crypticfunchost crash:The system cannot find the file specified/Failed to start Worker Channel), and endless redownloads of NodeJs/FuncCoreTools on every restart. Only the extension bundle was integrity-checked; the other runtime dependencies had no health check.This PR adds four layers of bounded, verifiable integrity checking:
SHASUMS256.txt, func-core-tools.zip.sha2) before extraction; a corrupt download is caught and retried instead of extracted..logicapps-integrity.jsonmanifest of every extracted file with its size. On startup each dependency is validated against its manifest; a missing file or size mismatch triggers a targeted reinstall, while a healthy install with a valid manifest is not redownloaded.node.exe/node,func.exe/func/func.dll), captured at install right after the archive''s CDN SHA256 was verified (so they are transitively CDN-anchored). On startup those few files are re-hashed to catch silent same-size corruption that a size-only check misses.Whole-tree hashing was deliberately avoided: publishers hash the compressed archive (not the extracted tree, and extraction isn''t reversible), the Functions Core Tools release publishes zero per-file hashes, and re-hashing ~150 MB Function Host + ~70 MB NodeJs on every startup would risk reintroducing the exact activation hang being fixed.
Impact of Change
writeDependencyIntegrityManifest/verifyDependencyIntegrityare nowasync(awaited at 3 call sites). New telemetry signals for observability:<dep>IntegrityResult(passed/manifest-missing/size-mismatch/sha256-mismatch),<dep>IntegrityHashedFiles,<dep>IntegrityMismatchFile.Test Plan
Build:
pnpm run build:extensionsucceeds (esbuild). Biome clean on all changed files.Contributors
223556219+Copilot@users.noreply.github.com)Screenshots/Videos
Not applicable -- CI/dependency-infra change with no visual UI surface. Verification evidence is unit-test output (116 passing) and local extension-host logs showing integrity-check pass/reinstall decisions.