From 99eb274029d1690f571aee1b465cbd286d7a7f72 Mon Sep 17 00:00:00 2001
From: Joe Rozner <joe@deadbytes.net>
Date: Sat, 15 Apr 2023 14:39:35 -0700
Subject: [PATCH 1/5] Allow HTTP connections to fetch database

Introduce a new config option to allow requests over HTTP when fetching
a database from a URL.
---
 extensions/ql-vscode/package.json           | 5 +++++
 extensions/ql-vscode/src/config.ts          | 9 +++++++++
 extensions/ql-vscode/src/databaseFetcher.ts | 5 ++++-
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/extensions/ql-vscode/package.json b/extensions/ql-vscode/package.json
index bea5ccdda07..80118b5448c 100644
--- a/extensions/ql-vscode/package.json
+++ b/extensions/ql-vscode/package.json
@@ -293,6 +293,11 @@
           "scope": "window",
           "minimum": 0,
           "description": "Report a warning for any join order whose metric exceeds this value."
+        },
+        "codeQL.allowHttp": {
+          "type": "boolean",
+          "default": false,
+          "description": "Allow databased to be downloaded via HTTP"
         }
       }
     },
diff --git a/extensions/ql-vscode/src/config.ts b/extensions/ql-vscode/src/config.ts
index 5284da6c0dc..8830e65b5d3 100644
--- a/extensions/ql-vscode/src/config.ts
+++ b/extensions/ql-vscode/src/config.ts
@@ -608,3 +608,12 @@ export const CODESPACES_TEMPLATE = new Setting(
 export function isCodespacesTemplate() {
   return !!CODESPACES_TEMPLATE.getValue<boolean>();
 }
+
+export const ALLOW_HTTP = new Setting(
+  "allowHttp",
+  ROOT_SETTING,
+);
+
+export function allowHttp(): boolean {
+  return ALLOW_HTTP.getValue<boolean>() || false;
+}
diff --git a/extensions/ql-vscode/src/databaseFetcher.ts b/extensions/ql-vscode/src/databaseFetcher.ts
index a8994d95532..79434943d98 100644
--- a/extensions/ql-vscode/src/databaseFetcher.ts
+++ b/extensions/ql-vscode/src/databaseFetcher.ts
@@ -27,6 +27,7 @@ import {
 } from "./common/github-url-identifier-helper";
 import { Credentials } from "./common/authentication";
 import { AppCommandManager } from "./common/commands";
+import { ALLOW_HTTP } from "./config";
 
 /**
  * Prompts a user to fetch a database from a remote location. Database is assumed to be an archive file.
@@ -49,7 +50,9 @@ export async function promptImportInternetDatabase(
     return;
   }
 
-  validateHttpsUrl(databaseUrl);
+  if (!ALLOW_HTTP.getValue()) {
+    validateHttpsUrl(databaseUrl);
+  }
 
   const item = await databaseArchiveFetcher(
     databaseUrl,

From 961f71d8a5a9bc42e9911e69957c2e186c5b51c4 Mon Sep 17 00:00:00 2001
From: Joe Rozner <joe@deadbytes.net>
Date: Mon, 17 Apr 2023 12:36:47 -0700
Subject: [PATCH 2/5] Changes requested from PR

---
 extensions/ql-vscode/package.json           |  4 ++--
 extensions/ql-vscode/src/config.ts          |  7 +++----
 extensions/ql-vscode/src/databaseFetcher.ts | 10 ++++------
 3 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/extensions/ql-vscode/package.json b/extensions/ql-vscode/package.json
index 80118b5448c..35d7687f116 100644
--- a/extensions/ql-vscode/package.json
+++ b/extensions/ql-vscode/package.json
@@ -294,10 +294,10 @@
           "minimum": 0,
           "description": "Report a warning for any join order whose metric exceeds this value."
         },
-        "codeQL.allowHttp": {
+        "codeQL.databaseDownload.allowHttp": {
           "type": "boolean",
           "default": false,
-          "description": "Allow databased to be downloaded via HTTP"
+          "description": "Allow databased to be downloaded via HTTP. Warning: enabling this option will allow downloading from insecure servers."
         }
       }
     },
diff --git a/extensions/ql-vscode/src/config.ts b/extensions/ql-vscode/src/config.ts
index 8830e65b5d3..346b96015b9 100644
--- a/extensions/ql-vscode/src/config.ts
+++ b/extensions/ql-vscode/src/config.ts
@@ -609,10 +609,9 @@ export function isCodespacesTemplate() {
   return !!CODESPACES_TEMPLATE.getValue<boolean>();
 }
 
-export const ALLOW_HTTP = new Setting(
-  "allowHttp",
-  ROOT_SETTING,
-);
+const DATABASE_DOWNLOAD_SETTING = new Setting("databaseDownload", ROOT_SETTING);
+
+export const ALLOW_HTTP_SETTING = new Setting("allowHttp", DATABASE_DOWNLOAD_SETTING);
 
 export function allowHttp(): boolean {
   return ALLOW_HTTP.getValue<boolean>() || false;
diff --git a/extensions/ql-vscode/src/databaseFetcher.ts b/extensions/ql-vscode/src/databaseFetcher.ts
index 79434943d98..fafb22442b0 100644
--- a/extensions/ql-vscode/src/databaseFetcher.ts
+++ b/extensions/ql-vscode/src/databaseFetcher.ts
@@ -27,7 +27,7 @@ import {
 } from "./common/github-url-identifier-helper";
 import { Credentials } from "./common/authentication";
 import { AppCommandManager } from "./common/commands";
-import { ALLOW_HTTP } from "./config";
+import { ALLOW_HTTP_SETTING } from "./config";
 
 /**
  * Prompts a user to fetch a database from a remote location. Database is assumed to be an archive file.
@@ -50,9 +50,7 @@ export async function promptImportInternetDatabase(
     return;
   }
 
-  if (!ALLOW_HTTP.getValue()) {
-    validateHttpsUrl(databaseUrl);
-  }
+  validateUrl(databaseUrl);
 
   const item = await databaseArchiveFetcher(
     databaseUrl,
@@ -359,7 +357,7 @@ async function getStorageFolder(storagePath: string, urlStr: string) {
   return folderName;
 }
 
-function validateHttpsUrl(databaseUrl: string) {
+function validateUrl(databaseUrl: string) {
   let uri;
   try {
     uri = Uri.parse(databaseUrl, true);
@@ -367,7 +365,7 @@ function validateHttpsUrl(databaseUrl: string) {
     throw new Error(`Invalid url: ${databaseUrl}`);
   }
 
-  if (uri.scheme !== "https") {
+  if (!ALLOW_HTTP_SETTING.getValue() && uri.scheme !== "https") {
     throw new Error("Must use https for downloading a database.");
   }
 }

From 8336df9483a3d6c07901dafe9a6a0eb835350a4d Mon Sep 17 00:00:00 2001
From: Andrew Eisenberg <aeisenberg@github.com>
Date: Mon, 17 Apr 2023 15:39:54 -0700
Subject: [PATCH 3/5] Update extensions/ql-vscode/package.json

Fix typo
---
 extensions/ql-vscode/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extensions/ql-vscode/package.json b/extensions/ql-vscode/package.json
index 35d7687f116..9c9d3037abe 100644
--- a/extensions/ql-vscode/package.json
+++ b/extensions/ql-vscode/package.json
@@ -297,7 +297,7 @@
         "codeQL.databaseDownload.allowHttp": {
           "type": "boolean",
           "default": false,
-          "description": "Allow databased to be downloaded via HTTP. Warning: enabling this option will allow downloading from insecure servers."
+          "description": "Allow database to be downloaded via HTTP. Warning: enabling this option will allow downloading from insecure servers."
         }
       }
     },

From 26459ded796af79fa5a6b83a2e9014ab3df66042 Mon Sep 17 00:00:00 2001
From: Andrew Eisenberg <aeisenberg@github.com>
Date: Mon, 17 Apr 2023 15:43:07 -0700
Subject: [PATCH 4/5] Update changelog

---
 extensions/ql-vscode/CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/extensions/ql-vscode/CHANGELOG.md b/extensions/ql-vscode/CHANGELOG.md
index 78b9281fe00..5d605da4e60 100644
--- a/extensions/ql-vscode/CHANGELOG.md
+++ b/extensions/ql-vscode/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 ## [UNRELEASED]
 
+- Add new configuration option to allow downloading databases from http, non-secure servers. [#2332](https://github.com/github/vscode-codeql/pull/2332)
+
 ## 1.8.2 - 12 April 2023
 
 - Fix bug where users could end up with the managed CodeQL CLI getting uninstalled during upgrades and not reinstalled. [#2294](https://github.com/github/vscode-codeql/pull/2294)

From d20600320fe4785206674a47a877889c49fce2a9 Mon Sep 17 00:00:00 2001
From: Andrew Eisenberg <aeisenberg@github.com>
Date: Mon, 17 Apr 2023 15:47:06 -0700
Subject: [PATCH 5/5] Fix invalid variable reference

---
 extensions/ql-vscode/src/config.ts | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/extensions/ql-vscode/src/config.ts b/extensions/ql-vscode/src/config.ts
index 346b96015b9..bd6268a88ad 100644
--- a/extensions/ql-vscode/src/config.ts
+++ b/extensions/ql-vscode/src/config.ts
@@ -611,8 +611,11 @@ export function isCodespacesTemplate() {
 
 const DATABASE_DOWNLOAD_SETTING = new Setting("databaseDownload", ROOT_SETTING);
 
-export const ALLOW_HTTP_SETTING = new Setting("allowHttp", DATABASE_DOWNLOAD_SETTING);
+export const ALLOW_HTTP_SETTING = new Setting(
+  "allowHttp",
+  DATABASE_DOWNLOAD_SETTING,
+);
 
 export function allowHttp(): boolean {
-  return ALLOW_HTTP.getValue<boolean>() || false;
+  return ALLOW_HTTP_SETTING.getValue<boolean>() || false;
 }