From cfe5b2e68a770e4af6b02a0e3cb8bdc85b34805a Mon Sep 17 00:00:00 2001
From: Sam McCall <sam.mccall@gmail.com>
Date: Tue, 2 Mar 2021 10:33:22 +0100
Subject: [PATCH] Prompt when workspace overrides clangd.path and
 clangd.arguments

---
 docs/settings.md            |  17 ++++++++
 docs/workspace-override.png | Bin 0 -> 14026 bytes
 src/clangd-context.ts       |   7 +--
 src/config.ts               |  83 ++++++++++++++++++++++++++++++++++++
 src/extension.ts            |   4 +-
 src/install.ts              |  13 ++++--
 6 files changed, 115 insertions(+), 9 deletions(-)
 create mode 100644 docs/settings.md
 create mode 100644 docs/workspace-override.png

diff --git a/docs/settings.md b/docs/settings.md
new file mode 100644
index 00000000..6e1cbfc1
--- /dev/null
+++ b/docs/settings.md
@@ -0,0 +1,17 @@
+# Settings
+
+## Security
+
+This extension allows configuring command-line flags to the `clangd` executable.
+
+Being able to configure these per-workspace can be convenient, but runs the risk
+of an attacker changing your flags if you happen to open their repository.
+Similarly, allowing the workspace to control the `clangd.path` setting is risky.
+
+When these flags are configured in the workspace, the extension will prompt you
+whether to use them or not. If you're unsure, click "No".
+
+![Screenshot: Workspace trying to override clangd.path](workspace-override.png)
+
+If you choose "Yes" or "No", the answer will be remembered for this workspace.
+(If the value changes, you will be prompted again).
diff --git a/docs/workspace-override.png b/docs/workspace-override.png
new file mode 100644
index 0000000000000000000000000000000000000000..f94fb46f67b201aee130009c0858fa013625605d
GIT binary patch
literal 14026
zcmXwAWk6d^v!;|HMOxg87I$}dcXxM+I}~?!ZGqzM610>6!JVKj?iO5c+V{Ks2)j9R
zW@fXq$$6fciB?gPMtx849tH*mRaQnq4F=}T8g!h72n&7H4YHtx{(I{tCaZynh`91c
z`8Ny<DU7UysD`)ENq&$9rghJ&H7<f>J(@OVkc7Ozx(Z?Smu}P*_?7zSl!6Qo`7_q_
z?tYvbn@;RyWI)U#wr`B)1%r2+Ot^j_KumiH`&1BkmSGfs%aLbT{__N*4wbIrbEJ7a
zkR+PP{IiWz>xQ*eN)`z_8O@Z25G0anQUD_GZSPvZXOevq1@dBKW=0NA_z?zH1O`z7
zEqE{%*SOQ2Hl@*eEUVx0F_5x@?8E;q;=h^Np%q8Pe)EPD29BH@rjrPrY8VdgE6m3%
zHrVf@>JbEVuz$5kNWi%Bk}D)3A;P>NWwC@4XnXxRcRS9#5e7yEK&4?|MMzPCd!J97
zU+5mX&jOegtemuY4AJU_|J)|%vRXi|!ypR$f(yIKR97nOHs5zmIu3a+{Oc`Z4m{k~
zzA(&l+fwJA<GMi`XFS{8Z_JNX^;3ID&hS`>a8T{ucZheC95$syQaL{E+1gQ|F@bkW
zqOt$%ri#Kum-UiAjy5E5K=vD%*=iYHgE|ZiKo%S@Ah>^K72u}KB=-Y^$#`!#1#~h4
zatP@_qJU3So>Mr`Re$ZHME~uMkHkSe^zvFn;KRwMlPOLCLE_kVr6H1e^H)O{_1Cmi
zOyzGJk&}rxmq)HiIK_2M*1~L7x=C;TejqS#A&7BttAX3eyfhaJHFdnUQr`ybua<(&
z_AveWP~rYLdaFq4%7{H@=>+oMK<^8Ns)gQ3DnZ)S_x_NLj_D~`>{^uXzikO4V<~OE
ztYdzZ+ooDK&%mI9U3&MQlBloBG6PQ~BnWh?{`e}ee@%bwo5TD)ZJ9-^9KbCS4^^um
z4l8ChT0A<NgvNpY*T_dfIFZcaGG<bYzv3|BFz)!kH~+S*6Y(pPw04jP$3JhTEb-p{
z9R%-_vqX2sO%i+tdJFJ%>il;(*oKtFwo~BI>S8yzGSk4DqZz{t1{Nys?}ez4!8BU%
zY;Q-DasKO?VcH7;UgAB}(#I%R*wo@tB#nfSQ+_I5E_eQ;4%5w-725fpM*thP@*B3b
zo>2WXbv}G*_EEGKIzlD(+l^dx7s}eZ#kU^0+o`(PwacF8YX%1r+GLX(LEq0uXo+Vq
z*WhTJix3rnu;&}wlWQ`c$VU|}ZVIJmUhjQdX?o`InSM8Bh>sLLu9fC2UKNfQ#1zYK
zgx$`H0mz;Mk%m1UV@66ty35Ed_}8Dd;_VwpNt^{Rvt9#pq%1P#Epy~I?3$EKNL4h#
z;1H7$-S`YeJMPsf7}Q8tDED1|j^|OoEI?j&_0G(ea3Lt#4&ccRJNs<nRf68HAV?rc
z3G<8P#Y@+p<)Q~8Ei9XyjQ8VmH1gH}kyO%ud%<!6M_F0K)>2d3RhW5+tyJp3K%dl_
z*=wFP#l91Ebh&{wxsk-TxA5(mN|Keb=Q8R~D(~UyQBHVMZXIH%*!$x)%mC!9YFVsK
zws<uvV1<ymx?@vxaL58HXn0}q#&fovfj-FGvofrYb$RF5zG8LdK$v%E=l(I~{Gmwi
z$8}M)A*T-#&`>fS2PM@eNHclPNMl{;Pi&e`Cs9e<FWbzu)rBdWdNyiwcSGI0DM$BF
ztQ5GhWtC-DW(k8L5c715-(gjbpNphZuvU1H_#QfFT3377p?~Ufbi!iPB~pTkY;)_P
z@Dmo-N~T0iE8;vQnW|G{3!tTTdK)Q2VfxUOO(hU3Y<5{o-?rW~%eZJ@d0KDdc>Dx4
zyu!wIg)lvzDNZGQZfA5%^H>A7rsG)sHZ!A@&l0TfZkL_)%O$5V`|27s-xHn*w{V?I
zRc_?&PDdISIYYydRxNs~;VFlYp!hK-=Cxaxv)SX8Cv5i&cxU?H!5p!FaLM_e_HDl;
z7)2AXqN0CKFsdHdH{ADG&aps>78kRe64237*$P=_mdfH<Y;ttUR!d3xsJw!L%IS#X
zxh^u?gzN!!W!-JO#UIo0jHqh;-jj)3yWgUKA59iTa(%(X6<0Sap34<hX$qfVmG4R`
z%Fp0<y<YBrZqZ?>r|Zzw>=1-QARN)Xvf>c-RPxkSZDF;_Q$zgFx!`0Srp@<a2>XqK
z%tY8olbV*EZg$?mdEXL<94yg616ETPYAA}6E3h%dQOy}*RY$fRa<VV*l2Md+q;?bT
zG#T}IvC@YSy>2K_5-kZdG`fdZSosB~XV|r+A2eG*5LVrD=tX}_%*!$CNIH`-4$4+=
z2-z4Z>5pp(NRtiv)=0QkS`3R)m&vil#-~xs9$T@8|GDf+d7689NcrZ$kJRBQ?;`u>
z%f+YDTVm$St#m+}Yp*U_Y8ARA9j#g?+8M2L+qAb_kCJR#TF*jsAR63^X<M0TgKWk2
zpGL1F0!-RmPi$;Hc~8PTJf#&t4#=KC372e~VOdMZgr3P+dW6kU*QK+&!p<I$E>@Ei
zn@vJ%=Zr2_{p3>?k3-9qvF%*gieT8cJcc8ePdCJ`Y&t@#mKmy~He9ccL)4Po*lHjp
z>^^2{S5e)vWSAw9ZQNL)VovX9sqrybF(vkca}Y8ri&{%f%-fZYHmYddA)3tvRyh4V
zTT1LSlKwfQpI1bo=%B7u3%`Ji8+Ak>+T_nD?0$EIga$orC^tb@RWu{YhgHnX`#r}$
zCE0YpY#>irCB$crMqLV)XyG#XR8)(Vu{t}p77ky=HoA!K5ISn<{aDpVAxZRT;*4gC
zjnQZh^m@amD`(6=Hxfm>i`VFP=D2lml~h{Dd2u%vw;fTr=}TRZqOWxv4XX3Eck?+?
zYfex-C5A5=+uU@hc2q`>(J7*10BeNs%H`I49}^{JS2eC!2VN3zhz9Cwx9zc%($bnp
zfP)?cRIwG01A0|=AVKN=oOOeT#>a6J$}dhf2iG3*FP_GtfD<52XnGNA=KPc+#Si(x
zH-l471hKf(BRH%OOOTZ$ELQt;fE8i%ZWmrc+NjlCd7_LGj;Vxe&K!6#l2Wyxkd!f!
z5Nr!?Io+0HLlsUx;OMyMR&-3uu2uB1XedeB8gY^?lcq|}-ZV7wgR%l~ywJcicAj6`
z%Xr^zi^<EN`#~vEA$?+%RbrGmUnXsuI<w~a3-@PvMYCNaSC5F{2US4~%TgK8!l-|e
zwWUmTBq6^e4gU!TXB(JOZoa4wXsYEVoRLN+j{C7fR@~6B^be)``=2|svhG12D2SU|
z0NsnHVyZJYr#QumDGayGsBX7yZ4K4|acsF_{cQYj`nXu(xAr<&>k1qvKtxtC;8-Rt
zU=YZ`R|JG#h$*YY4y!166U~NMIcsMsbMFk>oXy}Q4=CuSD>^9^inOV~TGOY(!l!j_
z>xq{w%U>IZuiB%ems1~!;L}G@xMy0q$Up<!9uw-2aMdb(;LC^y+1cz%j2Bj{d!|y;
z6*%-zQn6@TBjYx7H}#ufmsL%fe097;WSKFrPRH)n*Q9KMueDV$DZ%73Hj=TmU<G~{
z`JU^4g{|gH3<`QVN)+>yoWWR3@+wfI2#7}Y<q18kuEVx(f`FRMR!uqaa|n3*yR_LX
zxmMh;E6AHDZOe@}9F-?zm8qCZWDZ`;<6J*eeq@Rqc#JJ2z9CbfQW7x>znK;n4_5z>
zEXG(g-VzCJ!SZb4&}`YQ_Nyp&#gttcC$2%QDHx>A9LS6mV~nx}xfkiW8W~wNQU-Tp
zP+^$W@Ia!Y`#-r$^$#LRR5O$nS>=~eHDj>)ldVGrA4%30?LRlEPxE!5G;w*{P}(e%
zFr}o(wku9f<SfxYJA|iIeWW%crqY1J#TPub=L8X;WYmb(dx)BP_eO*sAa?*v>v*J#
z8Nu37>Re5QC4bt(6UrNc(^EF#R;Pz*L5L1d&EU8Drk)uSPGh>U2k-*HeG$ZH#%wz$
zPjITRyUmXaAF|2F>*I@O?>BD<ot>ODU^yE`6igEQf;*T{rzK!#=l#PY=@D<@BfpZY
zjlc>9cM4SczSJQtymK@T=VC2=Ozi-_<6dA4`0?`d*ThtIc6`P4hGLD(&JVe@j3@v2
zl4i~?NCnxr)@4?ONL4K_jiaWmdo+!+CEh_*;rF6ws2zx`df&Hq2ix%&snpR5Nea4a
z4$Y&PdKr3q8eg!y9$a)+2<fH;Weg}6v9NIutDTQIS>a@ma+ch*0T|JUgs0+`Adc`3
zwb_D3IpmyI^O;pIuZCMrTWJv#BH=4S57b*uM@jkpLXoqQ_NkpdsS>&H&sW9vy7nQO
z)mrpO$=ywf=!Vm=_xBYy%a?SRZoH(RW!;kZ+B*9}JqzK{)NEN;di-l^KvF-py7qd~
zA+5QOy5?^;#k(b92Qi2M3?GwVPNt-M)eOX$+#e*mfgTK^<l*L;zQep>pHuhwLRW&7
zgv2c4if6-PqDa@Y1u=ChB|=QKZfIchD-3SFS4hC^h-SEa6ybi5dvCFjQ<FZ%2jBD^
zef|jV4ucZVevt}Z*CkhdJ?dqCrd*gc+sn&n%DTMIwLwulrjk>I{(4L`BUBJRgs<l!
z+|xB?Kic|~(iL<!myHF8ySAh>XFq0busa^Gs9qi$yleU>3gXmzH}L}z{$RhBxvoV9
z(&ntnij3K=QE2A0P#8iJlkMThN$%;=$ranpmtkeg{;PF@>8cpGwKbg%$Vaz~)3Bh&
z@jKUvH&nXsd{UqiZjxh?=FVb?Z5T+d2LCX_%uZjzvV1=|J3FQ;T{)4q<g4nJB)3wM
zZ5Q4Bp(d}GQRtK68%NwFebKO|9fgWE;jH{FLQa9W3B`gIwEl%Peh$(g2^ORdHCjy8
zcrh=YNWm^RLPC{5kzdVV8&_IacaS6lXR^XX@}(t4(fEo}+CH1d6^5K*D@uA~Y+8pd
z+XqH#<uc8@3)lB6=n`_Rz7-#eC9<nVQ<}7eZ3wl?%zr9Eu!bNcf*cCeQJ+6qTEWVz
z?0i9&*YIH;B{Iy<lY$T-%YIP!>hn-U0|wc#>P?kbH-V5r?zHPA{Rm7O+I<q^nP-&+
zW#>&Pt$y-&6w9cKINvffa@s{7pVyUlb&>N4z<JAG=l2jC<s5#dg6kX^EYk29$8vHH
z6C;J{#Poe158^adXm4g-8o`IYJ_jtF=D-C-{Tw<%_s%ZR1`gY#xz2Ls;ajJ}NO+lR
zuC%lH3<p}~{!#nmMilq@C_jQ<%c?6Dn`ywcMazs`Z6Xm2>B8;q{Zf*Y<pIStNgG>o
z<eEg4o1PbWr{?zlUnY*V)kPk>pC2Jv)W~@Ojx9L!mX2%cTQfEE>t*KO48AN)HIc6d
zlz+{d(jB^P{AFrIJ*@E!jGjy6%;|#V5J44s+;SO^Z6kE(dZp{=REY4QTXH#`#H(yq
z>(ktCcjp0|(6C;QTUf+l<K{Luhb(XZ%h=_vcr%>rZe`=ekb;E%Faqdvg4e-2;!QE(
zxCev$(rTt}0iOou3<eps{E9G(h(#t}W2*o?a(d<T;5yT9LoC_q?Cp^1rtVTHwKVMu
zCcOvIZu3(wzn3rXGHEpI8n)_#2^F>u-5JVld){I7-%X))w$+SlrS-m&D)GnpwQ{vB
zYM^&^F?tY4d~Ng$s&B(~dI;aT6?vp&#z9!$H($(|cI;!+#eB|Ny~V)9d^X>S(^8F@
zbV+|?u~uq#gYCJ}(@a=VY5VoX`AuK`^(0z_rRX!*Z-#laF`Y4AUGLVbaOPg5tLW5Z
zH@V_RD>rC*%f3E98!1T_a8vOx)fBPckRijhe<ec`PzE`FeTNi8XDsf#{v&Ct@-@QM
z#kk{`-O78;Rcv?EeF4IKfxL;_<TQ%2j$HOS>+`&12o}5A`@CNBik`b!w>-3W{7fFf
z>>%?Nc7y4SY7BY5m6Y=9cZ6uSrXM%85r~raE2xBa-w0rttfweY9a^3$KHyA;?O)RH
zB2(ZP(I-n{jNTrAHzZO%T*3s?Qh)5_sH&$Sc}7Qjv=+YhyY5P)Rrb+Q`QuK(!g_=^
z8&A-T`;Wdbf=#Y7SGZEQ--^e&eEa4vC>9}o14X~+|3kk}8pQDV%{0v4OCp)3DE|gU
zu`v6t?$-zsZ{hypdBX@+n7@N4CMZubJx}rx^&fVJLhJw7kWNGeZo`C6p^p7BKu(d;
zUlO`3b4c!=Zy^mvX@(boMunRIhOo-x-+*PLAS6?ZsPLK=%MQ+7`fNS!n_;n=U5xJb
zqu&$NU+S7gc_l$l#`DB?YyEGX-Rg(b!;MMe_gIXL3~tn9$DKcXdUA|+QtKW)qi?6-
zu@QSgd+c8c&bwV#<b0}rzu_w4$g~`|`dFZtU0eFG>e1&d1lWMELdmR|_W2<8)2a!f
zHrDAZ4~QZ#Kc4%z!krD6{u#lD1NWpSt&MrI!MbXQhfYA`O1=uDOORt-Zoc@ba8XtH
zJ3VheVbcx^u_kkK%+Dk-z}}1cHkkK)WyxI)>v{o?*1L8ydBb%T?4xY_3#m$1j-rCK
zy5OC3m`0ju%iw(rIo^du7Ifw`>=L?P&qLFMG2!cf&@1}6n6#+?W9c6@jvScU(qHEK
zdQvs>u06w-wRBg<g3D~9wY~?Dhf{s=7HMp16I>>mC}#N~BO{f8p!_j)m{R&qaVr_y
zEvQ3fEo&CY*U%4?Cav_)t(1vBb8ehzcO88p8Y&=9RQWD@wPG<kiO1|9WW8fTa^!0<
zD_2VUS*sWv-mv>sP4lIe;fgC@cYGK@KxzIKrS)A`5wCB%LbiZIZL=v&>D&GJQo)On
z5i<*uKc|a}3%*3vUn=A>%T({4S_l*L4GWck4nF=`8zBYYFai0paXCu^7z3KiPQmIw
zG0x(F^}}W9d<MEJpQfw)pV6-UukMm4h9sKfC)0_#J&g6sN0SQM=w|mdr%NL)AJhYx
zd5KrjS4-{|`G^fQ&qXa}nJmy-RBzb^LK^OcR+qkZ*(S?7D3VQILAuur#%-wDgum4?
zmkUZ_HZmA8#U_j!Z47sY_$l_6$k~d8bnom%%muul?XM_S5*W+0bFc@^@`b}mJM9n?
z2jYHgmnjTT9QAbt<XMS}i|6hQu74`;S4EFue01kvvk{hr5H=tudRh&e!m}69;SK>5
zG*{l%g-Xa7CgXr}i&fVg>-~)96N`SkXyRHrtrSos#%JO#(jEi`fQ_n(zEHT%TXiO0
zggHxS1*1qr->kj2U9tD$1CxoCuh)*YI^FiZq;%;N$ww>q#T;VoV=t9<)`(`d`g^X?
zc6ve5W6dwR0z8f)IuF;y;4kanp+{jDmOd=!FdKe9&=F4^-D_!+$(Fl1c-u_P;u~mf
znMU0=L=ZrY{XV*7;McQ(dFrfsE}i^Qa*K<VY4l<RU%iD;osFjrXeQNGp3!#{kNtG8
zLjGiBG?y95p|ou}<}Y^<cRv?s;ACu5xzFKf->9`S0KDZJCR7dl=$1zC#F@+Y+8%Je
zxEQ5rHcE=OX=0yA_4;jhG45=q#u6I;05MM_XB~lZbp85Y%oUx=Vn1=U9v(bm9gvd#
zF&ts7kSe3%8{M!GcO$hRCLerTCT8B5(j-8!j<}6hKz&fTthatdKE3zTv9qw|x_j6L
zs2Qi=1^~;uiB%|-Dst{u#~Bp2S<XIGZhBQ?(N3;u8KfN1I9VXzxYlPhr*~_PDiQ8f
zyrDqQzEfyRvVF)9sOYHN&o{y?9A43)0rIf+?{us{Qpc}XlGSm6JZjFgc<XxLQ*PuE
zzj#9pB(~uLD|Oj$K73oc7`i-k04Y*~z(|9ipZLCldL`p}n%(R7A6+Za6azPm^5!S`
z4zy2FTPJ=ohAU{>OH~4?#Iz6Z7Pzj-KNzUWIk~u)PQ3e3kFH>SGDJ_9GR-H2dd3Ie
zYv|=XupoHq<;CRm=<~VkHl!xMhrejMhs2S+<+jKxcRBe({bH?Rk&I%!XYK$Bnvu0-
zDRZcQwQRVW9eW{|4bZ{t(c)Vjzmm%r0X?U|;v&QJdKm>V*?=x&dhuQJe23=dc?%cW
zBm&l6z?ep76H-TA5iyg!er&YVF660l!1;RoY?EPpIE`<aK*%cp&2(Pr;-(+AgMVXd
zwS!?-gDXEZh=$btUEuq1L{-(b<F376?iZEk7)d@%=JduFmEoLag5wVE2>ScGO^PH;
zE-O1re0HTjzU;Ls6ztT?W*n#^?7Dj{?tvO3hHFxkU)4M^#+-P*<arR5G1U07C+D2%
zPP!ViwB7?E!g;<oC9?``gy~Ld%4F*awR)p8xJYJTaC37u+(b8bH;wEkmHDmBb;mch
zdXWlWp>WZu`j+|+TS%nfCVREFA#S`5ScQ^lq-D#Cgu`Xe*4Lgg#lF<r4r7{zNp0=l
zdVzpwjMmOo{bC?>>fcuMOCFI|#y^l$*^GCQw11peBSMZLl+ywepz8PU9&|7(Y-KV!
zXwjQ88y`!PlmM9W*7=p8c7JYT(Dcqq4dV()0c62_F2HL=2K1qnnIeMlHj%tOhqzag
z4WRw?_|axuYBe?c#wxCKug|LK>Zjwk6WV{C%Pt~(>v(blods*hL3MM<%>y$f&UPng
zX}hcjBSYAD!3!u6Ogvr3`221HNF}Ce<4d-a8YRqZ&C>_?!^a7__hwUra!svg>W`gp
z1CN`6hOTvn$Lk*v+)wd<dygq+VrZH&F7#%@sr&^=+uHNq=KV;^qIX0?g4oOa@e9Wc
zEzLFaHCnQc`D51^_2_;}kn+(%`>L2!3)qwPZNaowicu#m9SS#1={@9k=DAFm#Z%Lw
z64j$*EEa-_G5f;xM+u0S#--)+mZ}7LzAWCm?HmL*4eP-nm~j;XZ5KTBkqla_sT6>N
zzHWK>lna4fBX6clK21mil58rS`qtx=uh%eIFI=SC@X3Dd`vCY5_7fB@nzqD^!R*qc
zYnS(1kp%wm{WfmqC5%n&7P(b+9~yss0z}A;h^_!~Z#}swu+u6au@H}&p0yWk2+ir2
z+U+gmXx3V#kFniKOFWJ2WsyAdU90o9vldn|<9HNbITe`M_gA&VbyWnmDpM}*l|*iq
z^43U{Fg|UmTeR>Wv(4iyM)vNOb;f7p<tcPzE8*%3AO7xCnc_G2(u^D#rw|nRC7M}8
zA`)BYMgTLoimz~H$9hU}N1y*hX4yq^#Cg%@P^_n&2jXTPiTy_~8wmlU9^tr?0uDQe
zQEq`%43<JYnZe7)@;+ofp|(295*B6ca8&J!Q^~#&W@3};7gdQ$j1kvKLEc!yynbHI
zt&}l=I(3h8RsRiK+SF(v^*duyDGy@qA?saRb-W-)4#>w5toJ|@{AaPJ{J4A2-VB^U
zo+I%Imy1@vyz9avVGZ->sgF6p(a{g|VOICEv;EGeeneUl#V9T-<q(&;GV+nsO00#9
zJWtfZhzN~DjGrATkR4nl^SG)8jT)^4CH4JQ{aPw)A9KHlLGZkjtjg|A;bT|+r#BM&
z)iWONm|ge3m?axz|4b-};@*ZhdX`vO%C)1HPsm+^3J$WOwYGO@b(EceAOXn{3GA*8
z1u4whxq~zbV?S<g@sC$%W$&c?zGT1IaLlIyFwpA*xneb}=zo10brLOhc^$a$h9&V_
zT2d!u3Q%RdeF)%p;L4=rO!v#k+fdH`B(=xD>f1x^{uXemLWN!`ap0eAh<<ugi)gN7
zZeG<@|3fM`5Tfy|WU^l{cH*p>XvtMTm&`3o@5w5=t8@_kx7h;V@#@b404!F1x-2Ka
z%v|>bqi0`YnAW|qv>Z7Tnjh!Wg1m$2>eAy-z8ZVvid@ODUkGcFur^&k1gfTTC3JM&
zP?vHB8$EgYqna0;D&9VSOUkLuFh6k=0Ek_#OT#iLO^%GFereqv4z3`(s#vOrMrTzD
zG&+~c>3wfWeFI?xO{T+gj=Lku6o>;lByF=gfD~Vc->j*$AdHIdH&-{b&#qfLuw5sV
z$t};+w|x#$mreJ@ix<glnIzl#5qs*ms#zDHs2))OC#qbef@YssFxi}U%IU6}E=<ms
zBjELI`s+tFGhDorKU*ya_Jo+1$W`l-Y|(j><G8D<u&j(09H+)a^V8MJ<IELulD*7}
zNrP6zH)H<$>lyIsE=H2^@SH2_jtxHXea{K4ctVHt6IJ*5Xl@?b&v`x%BW+|PF7-!f
z8_uwP#k0~eD(T0g`(V9K-k%w!!s<uvQo}j->qOS=0)F@Ee6&2PP9tW%6bi#`)mlP=
z3qeZCc3$jqpuZJ5#_uBRQGN@X{3s*2=b!!Mx=<ffnA&sUMJ%e1`cQy?W9jaLdsg3k
zbx*~=l?a!RH32t;nX1c{TNp_GB4x+tmdE6nIB|dJUijf84-JkI%<pAOxqr}7S-Isu
z*{+BHKP43*vJJ6>A{o|yNT!1HV+WJ;5d=?N6zLEK7W$q91vKGnbBrAYP2>h2D8RV;
z@ZAbE6GJC9lu*<Y-wn$OO$D>$BYkC3-dm4sg`%U6@qe?24ceqsP&8D^4!!?i^>NA*
zIw?wqA|j5P_rIVC<34w)bK=<@Bn}gt{p<2JKAb4RlwfG))&@}`nu$W#0eDBO?a1GL
zB-x`4ABfy{k*4Tzwkww`JqLJ%^ea5;@4qR>KvYnNRV^BwO%viE{Fk?sBjwwm9s=@4
zJhQVY?zo+QW*@a<BlfiqQKO1cjw0r2(+HRv?+L)qr17}#cz-434vIhtwbZk<p5}+Y
zn&A_z+EOt{g8hrqvfTe_E(}~UJ^7}~5Q5gzAfH-7az^LqZWdNlPyWhT(t*LdD9@?S
z^?8M7z{EnmTk(Vy1*e&>)G?oNSdjpq@<9Ir$y<H@$L(hg80c~bL`naC$vxE%ED8Jd
zA@kpLo(MXwVu7y<_b*^za6JFk0$6f^S)%h?oJ1n}hxNwI@f;i>`0&Vj#Ow<r)w#{1
z%WJmTQC_0LL=^CPZ=fnIFr!lLUB9sZ)z}o_a_*r%ux`+t3yHTt4HaC^8xx9LWWmF1
z<U>P4>iLISOCv<m4qfpctrKGFLz#uS7g%&azThVOUl@s@_*51iW5#Gd{-ubiaz)ar
z&BHj@^PbsLb*K8de^4sJvY~hm8%_A6G*nPofRC_{K5Z$GRhjpMEa@kM{G{gmeMnLN
zZo;_<T#<Xvm^WTzQxFi2*#Di&(v@GbX?^XX2$`ZT0Cf%5LXE5L`#h_%Y?wlc7PwQd
zW8S_1CFx%gfwu|l?40!bOy^441ZSEh`%5>?Ad@VWe+XG53Fc1b;yamzG99H&F#do{
z2bFa2wZ~O34dhD*B{aNxEMZjv39Lv47+5)*Phzk`HknY?MLh__iIgsq{4c-}C|ML2
zSwAHa5TX6uWjy9LIzxEOtivDv&Z2N&ryueRn$LrIpfea)bwy~nS4N8m{JZrW8r1`k
z;O_qp3KdMJ!2GX5A*k7}BHmC$|L4BX=<lRY0~5xuz;088<X^&E02==1{wB<SCnlAD
zPYI_>`G<eOS^zx^-a_^NQ4I4??PWPUa|nMOK~#noPY94KA^)9Z+5N4nP$W8h3kx+J
zM$MAH4#5}OtUP>;_#rBWg|0Jo?`&EWe2V;bPapj58M{DaJ0BLZGpsAB^q)Ua>Y?C0
zNCn}aKdw+^$xR`7|E+=)x(e*HLbQLY*oL}5Vf~I5dJ3Uy7lp2!jz*mLpWramap{To
zuK$9gGz4b<QbVO+o6l_Fb+Zh}z}B82js0z*d{Jo{^N`hk!~c4=#VyqQ>shLt$wbU+
z<>PcjJB!D!n)}Smp6dI9`AU*n{6(3pnSM;Fmx>LK-d|K4Gf1<RYA-VxG0zD4Xv6~T
zy`^TkT;W+$JY}6Mu9Cja<MO@UbJ}OC#%VpvkB6HdFLDq2+8=hSj5{AjhxQ`tR_`?p
zS2C?nBPKZty4i8g>Yik;FY$Wtq$cwO3~%piF0i=4K7-ghe3iS>gu6a;<g>=@dbK*d
z;CU&{dq{?(k)U2T<afxXFiCfB^2eov)TMSGTHss0O15YGjeGNntp~oj&@F-DFl1J%
z@gv?=ZcOWl5y<afKe0Yt)FRDTidE20B%IYUPCOpizgw}tqT(lZK~&97=CfY*=W~Ko
z(Wfk(r_5Dxr?!qi$ZKdwjgrg_r;7vo1789#zb(JscZk0|jb^^>m+OijU(0J@Sv@=N
z2PIw>TgMFFUo9F3YD+PmG@8mU_$fa{3+uF|Jowt!p-Uq*xEQV=Vx|mdY%UDI$6}7K
zo;2qy*A#SF$T<ZXMHs}*rnNLxl!C(|5NlUme@n_=@WWH5$`<r0a~l9!z;ae6)v8NZ
z18Va#a3B>Ur#S5cu3B{&**s4$fRK)Gy5Wa`{&)3}K{&cvKt)ggFC13dTtN5r_Ow?)
zl~zy*FW?6s|LH!$>zdN!TD|G@uBIFA@8VEv=<~}>0bc*`4(+3{VIj_-S+n2y)4}yw
z5E*57OwcqDxu4dH)j8UG@AdavP6s5dM2}xAZkDybtz5j-pz_QuLJPQaIk;DK0Is5T
z^kc8t?-a*~gWatE#9(Sxv1Hbm>{;6^j`_$}${Xu^!}D6Pr4M+WjI1@m>%@At6uZXR
zN(Qjfvlpy=>)vK1-{lf?1)4lH{D~l8U+-?1EZ4-=MV=;`v(z7q{1)hqt`ATxK}TQ8
z71k9`EV#d-zkG%JCE^4E``<4$NjsU0799Gp_ut_jXH#3HN{sy;Nv$I?owRntpyv|o
z4%A&G-b)v^Za^KatMbYY(@|8(TtDIEtv9(AcH;O{B`$L6$SQkq-~paVw?GLGu{~LJ
zagrzpX44l4784uxHjVxo<KBZ3we=#e-w1_Cc1~{Z>9IVPe^^U2v{evFU*&%m#F|~~
zK^+&otuC-^9-owvqmb@>8nq@wWz99#w!s-x3pK{-de!CcKK=l}UJNYWhy%hbPm%gq
zX9w;Lc`QC7lP&I6(gm@2mB!j}8|Ch-vAg|g1Q`r2Te>vuCl{nrbH5CIw!2pcE~fsV
zTxhpO@_1=#w$i2@_(pj#T@~62+VCRojFQqz>G2#a<A1&TG(b(|HlSR2AYAhN62pC*
z^;OB4zw{t$PQFP0#JXW@KGwQGycgZoarwAlc5z0_PfvzPU-j7zlq1=Y70YMG(*fQW
z38hngR#RTS?#zWO2=G1H4Y7_N_=tY2y-!BI8|IdCMnHdzXJp-UA=j9EE>TWmT6ugh
z%m#<+joCEnIeKPVw=#ej806eI9ba|JLN#_XcW`;-K#7sbGdjAB?XHhnvB(2aX+I5p
zHYaj6*SfK&Qbx>FlZ$X;W3dw=E*CrVp;ab7%2}#@QJmf`-mxYSbZ9I)Ji5=iJzRmK
z%lM6XBWu9l*Bie4PH#)h|GtOgpvJw6R`R?Hd}yIX?o1H0Y8M^Ps=0gA>31Pj0gqu<
zc?w)yC*%($7z_=EZ&DIGlbSDXM`&?)JI}aHH}^PBXKOxBK0P3}c4l4UWi;B26yCnJ
zo3J=Nmy&4OWDo}g{Wf~xv5mGWICy^bzv=SZ&Fio&5<%Tu;TL}H05ViRJik^G#`#d`
zuibSP1?^c&6Y$TEYHi$46%#<5$03QPH9>D>U6#kq4;u-+b_HLI&we<bb~JC9t@=_P
zF{O5%$BMe@t}%a8{Bj=~50j6e)Z^CBw)rH_--tu<aGp|EpFOHY49eet^ph<5pBhzY
zkt{bqjJCx`Iwe#!f(4#?SazmLEkkQwpLK90Uk22Jmdfec?^vt6Ui1xiF^lV-DoY~0
zpQiK=q)EEfo(o@4sXMlCnU7U&+ejLS`Cc_7bG&zbr0`P%lhWKTVvB?GQUc2>jb5&I
z+Y*UglHcVTP5quDQMq9M#lNngop<Kn>U&;k19e!#1NXK3;6dRzH>&^|?;9`8#Q7SV
zIDtM7K@0xB_sgv7*6zfvs}gTD@(7Q*cnIbWw#?i~vK<BAhSmwUQaPPR(a4G$)e0n*
z)L1Q!TQSsn2WZY52-iH#V;`SkN3Q$VZZ^KeyN!YEwKmBwHxf$<*^f|M2Kfs=!cDg8
z?9&L6h&b%B4ZclGeKhGKViP^Wt5v_=X`#}~xL$6JiP%^;SuRiejVD!VIeZK(RcbC5
z<p=1acxJOP9>dnGSUp9dTXK{sX_n2bDb{pjaldW*TWeC2qPIfO$y~fyzP`X!Wf8Y|
znmW=wQ113Ey&&E%<EgUQBPplB;+gJvIC+-ZDZz{)p|kak-F>6ARor?{Y;xj+aR&<y
zz;D$31=!Avf0kgzlMGF61OaJ0c4Cm85%1{<idkD{Uss|s&`;GKQZvs;18yfL@;;km
zkYG~}4z70iZ2c1XEwckAEYs~iKOA|jFn>?PJAKnDWj2!Yixn1e>BN=e<sP1WuQL$r
zoo#S$gM!m0(c~cEd{^|!<hl3Imykf%Hl)7(cAJ=YW<j~;VF(rZEWLqEF~|F5HDS_u
zt$(#t_?F0naX|o`e}c~YA;8ji1{B-<+0X_h4lU5Bl8`j0%g$4#;q*p1i_Cpb?ls6T
zt|MT5)q6TVVwOax_gZJOD|@N@Vq1F&Q}&qPXjOa0DpzS4{%uTFjZ*H)hAE#bG3rmk
zc=+7-eAsb=mpg*XD$qi|XxJ^N4{eKa@IwaN>)ceQ)=>IOvMPs6LNh7~lU}oHh?OOo
zqyJa9y{|7tcj=lgG48ZJt*>F$A&~^_3h_aj6}|2!r~56C(!(ZJJB}KwqmF=%AYs1_
zOmw){DKTkVli!%EN~f5EVb>^*!t;85mDsd&w3BqpDc_vWHk{DWuRgl9^gE@QM<w8X
zHo>FsddeN$8Bt6^Y9Ba89R4gP6P0dHZ_i;smtdYCq_Ntbp44miqH&vv>%3;<y(K?)
z2C-r$-7N4iOg+G-XQkZDijF6;JM~q_ZG5dMlUa-}j(DX#Ip@sk{q=p0e^0sB)Vopw
z@-tg;>Gypw@%T65L2u~JH`_0+71%3V0f|HJy^hy{XFlv|S=4daZJrwRG`|Wf^?0o-
z=lI-ADCMzlHIVd7J-)4-$<n>spXQl7>0#ac?K$g}1)*(<Z&V#Lksyjr^grm<>O6E;
zPG>S-8e9i8$<BjE6Y}=NVsu4-YIBPPE^fCtdVz+rMb-qs7M@SbXWYB7X4Z`QmemS>
zDzn4QwGqU3))jrIc8k4ij+Ygc>()$t<H4tSuSLY_y_XVW(Ydnr654c12#U9x7}3*J
zO3Iu0qjQ`n&u~*%Q955^tGr%+gwVfB9IX9CZix1Ej3Ghr8R*)a5X?51bcebds(shK
zRrGr!nIfn|wNvi`C~&;*T)Ub8QDTt^aYrp|LIcF3@vZ$hJ6#(`pRACF3HdG(mY_B^
zi|oLN$)<Fgx*vAXSQnVnh!=+wuSC@k$Y&CueS`YpW=|#t^V}4<DeeqtLljTsIk4qI
z?tWhM`3IRE13E%E6X!Mo*HP@PXAr;n2&Y(w6S1$dvG4Sv*3CeA@XRf|T*K0j<}x%#
zf8T-oDS2(>z^j$qXun`gm-Sp#3hKC^mj?7)UTZQv!ioh0E-qvZES;0~9@GN%Zr6#h
z@vQs`RT5v$onI4^OY>@zIE}Zf-;YkS6U^<*f17QFqTom*Cip3YnO4&=iePZn!V9Qa
z-A=c<<!;E)e&^XC?w0Eqkxcv!ljR1C14qM2ss7Xkcr~o>>_&S^9W$)D1&Ynid=GRk
zTNU5)`xa1Vtb#~xJ7_4qW!o0ma)mD^SHRtZFvQ8WAEPT<WQ+m`%{$4)QfGR<X8U`A
z{>kp5_fPiK(;;!9k>8H?>$t%=qryG(Da8Rey~06#;@~4OwmsqYWQO@5lYe?PEmY=`
z^9{eR9(&!OJXpeD6D2O7hlWZOOTGg(<22hJ_G1_w0ewK;mPPd@uq6mukV;u;P$S1g
zhD1amK}*m=)TDdDF+b~=Zeg2FPBb71%43Lb0U*TdE<1TdsqgG_$E0W;&UqI^*)~nb
zS#R6!jPVlVj%;JVHhB=7j1c6zqC*frDamXrH(HvsGpLsZq&(ByWtYWVP{l71Oag71
zW5#^;Gx5bIFzcQXSfj@$6pTx=Le*AnfFK3sDOvM~_Rh;PDUWmW5}U(-z3IV8mJye1
z{245(<&bfIcklx?CGT6nR;R~!xYFYOLt0zW*Dti0k2gdZsIyV6?cw&bI8;TxX9?aR
zS3wpr)@L=v#M&71Rmd5v)QQ<H+w2F?V_TM9Ygoj&Jd<t&#KtHT#s>(S9J-0r<05S|
znJ2?p{NbH(6Zys(c?pKSdSjZtrF&KVJM^AU1IO7q#~_lI;)t#y;ZYeb2&v(GQ+BY%
znSmz?24p@Kk5|dy`WJyy-o^D}cJ0fHCGGry8-7h5dYkKDqeAasYLsuxxO-{w>!GXU
zb!8SNwIdlu(CFQLeEI=BmO_$Cw%vjGF-@mikMUW`=@b<eYcV~Qi|*#~PXB<jmH~q&
z1eht4#_F!leZb1}9kBSA--NBqLN;k|cL&@dORR<S<nx-^e&IKx4>(J0At~VB(jL!;
zyp{4D**y;52T$FPYC8tPGTz-eDfwPX!kQW+Bgdz@V7mroQ#@HFYTliH{JgLa;$l*Y
z^7!xpTyxTbu=MB`vFxjAYP91F0q?OM9<}ENX2vU?RJ;S&HAY0_F9;naS(hVdY#!EZ
z%oeTas9ft`3BX&PInlK(oeWh~elaxCRTK&?nEtXf_7I`IPij!4QL+NiQ!XTMp?%$J
zAow^Ecsngck^Sg?&0ps_sg(6HGyBrv*N;g%zige2<sM`ZbSZ8Xe3yLxtEM0+5_o!b
zb*yu3uy*?GI~bg~S9d*=$kKx0wrKyY(quQWSR3Jio7+fi7N#c#mb}aD;kXbbz31ja
zcdqZD4FHV#lo+7(?0ya8(RjDxuJPKlxE%y@wq7gjNIB!xRSOmcu6o8_eaNG~N1m~i
zF1`SfohaAtCfw}5-fg9BMF;DiA1L@eA7Hj9vnGn<d7?0qEOz$eDH7SY0oJ~pj(sQy
z%oz8w?rUz~ZPj~J4$U=l;;-|+6Q%Z=Wp*)LJ&AqWuk62ZyfIBx^B8UwKN{fi+jY{?
z9X+xYuOP5@9q<ymWH*l7-O<oAHNcD8Tj?aF-gDus4UcAMq$!K$AaoR@dqP|GnmREP
zUI|<ya5o~dkV1cqg!QUB_U^Th<T}}3-;*iLbl$(tmxi?$GC$_M+?}PS)BZjh-XDBq
zY_@8Qr!xO~F-XGoRL*T4*6B0O@%w#8A{29rW~yvC8^B4&p`oF`*H#w88__+FA3WCy
zdF}e_`k<Jve3P3DkNbv5Dxvb&%^<dAVGzD*ynFVU3f}z}_i+ShQ|Rs`pPl-S>F4u2
zuBNnN%AdipodaMsVO`g)<oQxeB`~O}pVIPqHhRZc;AS0{4ATF#{wF|K!Tom7@opzk
zZTV&2N9tr{8xwG&IF1H-^=WZt&lx@{Sbm8SsI3^qFX$W3ox6qQ#=_6+3+FM9ur3l1
zh3r(=-+6s6<=+DoT(6ovph@t1kO}3q<9HECDu*&CEGM%9hVC@IRSP=%1UTdU@9dw`
zv_a~B#=>O@GZTsKJ<dJ&l(l4hWuOd;@DF0bfbksJu^{u%%7nQ7DH5Tl5_`xu>T71K
zqPk~vNi4`%)$0#qV!z$V{CUx~ObR|CHbF`#Z9|fh5cguW%ImC_30LhP9W<u?>Cb-j
z#u4sQAgC(*eQ{hLoM0llWlhMJf5g^?A(RE$fVNT$|7Bcx{+iBveqRF%EAks45959h
zSn>ME3nhU*P(#_P$R^`LO(+ZG?*)|$@_IxgM}W%xp=7CfT|fJCtY(7^l~k1_z3jaW
zy?52{B!z>vp7e42CCK9WNphe(n}`Mmj9~)EDfs(eIt%!h>2lc<pM~0vl7l*;3TFI>
z1=TT|1?81EPW^5EHnphALMbphz`GErQzis|`&F)9o@`Oz{_2A&A^)#qMI8%W<G<<}
zSbsR6H*-%?9t8WH?O)Cc+A1T{w|7FFH2|Q1w!TRCDER-^d&6P`Yc5yyohi|0+gm*N
z=|9;%bVTNQ^J??&<UdJ1r2S*SL`X4USNWtUdG9^&iC>|eOJ8Ef0@^)}?5~39r*Fwp
z-jn|8i85Kn5TWA>dU>*6ti6{2zlMIq2{gQ!JgJ)&D-rqs_8g4g8ax<`H^N*xnY`Fi
zy#B6Z<Cy`ods8uF@BVrU1LuuIO7{G6+ne~ZBf+_Eys`M*Jk$dm#C@iK50{fEMEQ?+
z^G1R@U;_<|a5!5rB}-=ps9T+SJ8@>yBTDe1$o<#wgZTODuUX@$aG^(%;o{L3*RcSp
y*M}-Mo5BBBZ5Y@tIDfI@x?vjYDeYJDS7Dmk_v>Pl#11gfKUqm7iCQs}kpBY|15if*

literal 0
HcmV?d00001

diff --git a/src/clangd-context.ts b/src/clangd-context.ts
index 68d8cac5..9f5ceae0 100644
--- a/src/clangd-context.ts
+++ b/src/clangd-context.ts
@@ -46,14 +46,15 @@ export class ClangdContext implements vscode.Disposable {
   client: ClangdLanguageClient;
 
   async activate(globalStoragePath: string,
-                 outputChannel: vscode.OutputChannel) {
-    const clangdPath = await install.activate(this, globalStoragePath);
+                 outputChannel: vscode.OutputChannel,
+                 workspaceState: vscode.Memento) {
+    const clangdPath = await install.activate(this, globalStoragePath, workspaceState);
     if (!clangdPath)
       return;
 
     const clangd: vscodelc.Executable = {
       command: clangdPath,
-      args: config.get<string[]>('arguments'),
+      args: await config.getSecureOrPrompt<string[]>('arguments', workspaceState),
       options: {cwd: vscode.workspace.rootPath || process.cwd()}
     };
     const traceFile = config.get<string>('trace');
diff --git a/src/config.ts b/src/config.ts
index e79a9875..bb084055 100644
--- a/src/config.ts
+++ b/src/config.ts
@@ -6,6 +6,44 @@ export function get<T>(key: string): T {
   return substitute(vscode.workspace.getConfiguration('clangd').get(key));
 }
 
+// Like get(), but won't load settings from workspace config unless the user has
+// previously explicitly allowed this.
+export function getSecure<T>(key: string, workspaceState: vscode.Memento) : T|undefined {
+  const prop = new SecureProperty<T>(key, workspaceState);
+  return prop.get(prop.blessed ?? false);
+}
+
+// Like get(), but won't implicitly load settings from workspace config.
+// If there is workspace config, prompts the user and caches the decision.
+export async function getSecureOrPrompt<T>(key: string, workspaceState: vscode.Memento) : Promise<T> {
+  const prop = new SecureProperty<T>(key, workspaceState);
+  // Common case: value not overridden in workspace.
+  if (!prop.mismatched)
+    return prop.get(false);
+  // Check whether user has blessed or blocked this value.
+  const blessed = prop.blessed;
+  if (blessed !== null)
+    return prop.get(blessed);
+  // No cached decision for this value, ask the user.
+  const Yes = 'Yes, use this setting', No = 'No, use my default', Info = 'More Info'
+  switch(await vscode.window.showWarningMessage(
+    `This workspace wants to set clangd.${key} to ${prop.insecureJSON}.
+    \u2029
+    This will override your default of ${prop.secureJSON}.`,
+    Yes, No, Info)) {
+    case Info:
+      vscode.env.openExternal(
+        vscode.Uri.parse('https://github.com/clangd/vscode-clangd/blob/master/docs/settings.md#security'));
+      break;
+    case Yes:
+      await prop.bless(true);
+      return prop.get(true);
+    case No:
+      await prop.bless(false);
+  }
+  return prop.get(false);
+}
+
 // Sets the config value `clangd.<key>`. Does not apply substitutions.
 export function update<T>(key: string, value: T,
                           target?: vscode.ConfigurationTarget) {
@@ -54,3 +92,48 @@ function replacement(name: string): string|null {
 
   return null;
 }
+
+// Caches a user's decision about whether to respect a workspace override of a
+// sensitive setting. Valid only for a particular variable, workspace, and value.
+interface BlessCache {
+  json: string // JSON-serialized workspace value that the decision governs.
+  allowed: boolean // Whether the user chose to allow this value.
+}
+
+// Common logic between getSecure and getSecureOrPrompt.
+class SecureProperty<T> {
+  secure: T|undefined
+  insecure: T|undefined
+  public secureJSON: string
+  public insecureJSON: string
+  blessKey: string
+
+  constructor(key: string, private workspaceState: vscode.Memento) {
+    const cfg = vscode.workspace.getConfiguration('clangd');
+    const inspect = cfg.inspect<T>(key);
+    this.secure = inspect.globalValue ?? inspect.defaultValue;
+    this.insecure = cfg.get<T>(key);
+    this.secureJSON = JSON.stringify(this.secure);
+    this.insecureJSON = JSON.stringify(this.insecure);
+    this.blessKey = "bless." + key;
+  }
+
+  get mismatched() : boolean {
+    return this.secureJSON != this.insecureJSON;
+  }
+
+  get(trusted: boolean) : T|undefined {
+    return substitute(trusted ? this.insecure : this.secure);
+  }
+
+  get blessed() : boolean|null {
+    let cache = this.workspaceState.get<BlessCache>(this.blessKey);
+    if (!cache || cache.json != this.insecureJSON)
+      return null;
+    return cache.allowed;
+  }
+
+  async bless(b : boolean) : Promise<void> {
+    await this.workspaceState.update(this.blessKey, {json: this.insecureJSON, allowed: b});
+  }
+}
\ No newline at end of file
diff --git a/src/extension.ts b/src/extension.ts
index b5bb522c..40f6598c 100644
--- a/src/extension.ts
+++ b/src/extension.ts
@@ -20,10 +20,10 @@ export async function activate(context: vscode.ExtensionContext) {
   context.subscriptions.push(
       vscode.commands.registerCommand('clangd.restart', async () => {
         await clangdContext.dispose();
-        await clangdContext.activate(context.globalStoragePath, outputChannel);
+        await clangdContext.activate(context.globalStoragePath, outputChannel, context.workspaceState);
       }));
 
-  await clangdContext.activate(context.globalStoragePath, outputChannel);
+  await clangdContext.activate(context.globalStoragePath, outputChannel, context.workspaceState);
 
   setInterval(function() {
     const cppTools = vscode.extensions.getExtension('ms-vscode.cpptools');
diff --git a/src/install.ts b/src/install.ts
index 0db9d4d9..9722ec6d 100644
--- a/src/install.ts
+++ b/src/install.ts
@@ -11,8 +11,12 @@ import * as config from './config';
 
 // Returns the clangd path to be used, or null if clangd is not installed.
 export async function activate(context: ClangdContext,
-                               globalStoragePath: string): Promise<string> {
-  const ui = new UI(context, globalStoragePath);
+                               globalStoragePath: string,
+                               workspaceState: vscode.Memento): Promise<string> {
+  // If the workspace overrides clangd.path, give the user a chance to bless it.
+  await config.getSecureOrPrompt<string>('path', workspaceState);
+
+  const ui = new UI(context, globalStoragePath, workspaceState);
   context.subscriptions.push(vscode.commands.registerCommand(
       'clangd.install', async () => common.installLatest(ui)));
   context.subscriptions.push(vscode.commands.registerCommand(
@@ -23,7 +27,8 @@ export async function activate(context: ClangdContext,
 
 class UI {
   constructor(private context: ClangdContext,
-              private globalStoragePath: string) {}
+              private globalStoragePath: string,
+              private workspaceState: vscode.Memento) {}
 
   get storagePath(): string { return this.globalStoragePath; }
   async choose(prompt: string, options: string[]): Promise<string|undefined> {
@@ -122,7 +127,7 @@ class UI {
   }
 
   get clangdPath(): string {
-    let p = config.get<string>('path');
+    let p = config.getSecure<string>('path', this.workspaceState);
     // Backwards compatibility: if it's a relative path with a slash, interpret
     // relative to project root.
     if (!path.isAbsolute(p) && p.indexOf(path.sep) != -1 &&