Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
Gradle Support
vscode-java provides partial Gradle support for Java projects, by embedding the Eclipse Buildship project.
Known limitations:
- Android projects are not supported
- Kotlin build descriptors (
build.kts) are not supported - Only Java files are compiled. Cross-language compilation is not supported.
Supported settings:
-
java.import.gradle.enabled: Enable/disable the Gradle importer. - Specify the Gradle distribution used by the Java extension:
-
java.import.gradle.wrapper.enabled: Use Gradle from the 'gradle-wrapper.properties' file. Defaults totrue. -
java.import.gradle.version: Use Gradle from the specific version if the Gradle wrapper is missing or disabled. -
java.import.gradle.home: Use Gradle from the specified local installation directory or GRADLE_HOME if the Gradle wrapper is missing or disabled and no 'java.import.gradle.version' is specified.
-
-
java.import.gradle.arguments: Arguments to pass to Gradle. -
java.import.gradle.jvmArguments: JVM arguments to pass to Gradle. -
java.import.gradle.offline.enabled: Enable/disable the Gradle offline mode. Defaults tofalse. -
java.import.gradle.user.home: setting for GRADLE_USER_HOME.
Suspicious gradle wrapper detection
When a project uses the gradle wrapper, and "java.import.gradle.wrapper.enabled"=true (the default), it will be automatically executed when opening VS Code.
There is potential for a bad actor to replace the gradle-wrapper.jar with a malicious binary in a seemingly innocent repository, tricking users into automatically executing malware as soon as the folder is opened.
In order to mitigate this issue, vscode-java performs integrity checks on any gradle wrapper used to run a build, similar to the Github Action published by the Gradle team. If the wrapper's checksum doesn't match a known good checksum, a security warning is displayed (actually an error, so it stays visible):
The link opens this page.
If you trust the wrapper to be executed, the application settings.jon will be updated like:
"java.imports.gradle.wrapper.checksums": [
{
"sha256": "504b38a11c466aecb2f5c0b0d8ce0ed7ffa810bf70b9b7a599c570051be8fb4e",
"allowed": true
}
],and the wrapper will be used.
If you don't trust it, "allowed":"false" will be stored.
The default Gradle version embedded in Buildship will be used to build your project until the wrapper is explicitly trusted.
