def test_initTrustFail(self):
with pytest.raises(Exception):
Trust("key-not-found")
with pytest.raises(Exception):
Trust.getInstance()
assert Trust.getInstanceOrNone() is None
def _trustHook(self, file_name: Optional[str]) -> bool:
# NOTE: In an enterprise environment, if there _is_ a signature file for an unbundled package, verify it.
# (Note that this is a different behaviour w.r.t. the plugins, where the check is not just verification!)
# (Note that there shouldn't be a check if trust has to be here, since it'll continue on 'no signature'.)
if file_name is None:
return True
trust_instance = Trust.getInstanceOrNone()
if trust_instance is not None:
from UM.Application import Application
install_prefix = os.path.abspath(Application.getInstallPrefix())
try:
common_path = os.path.commonpath([install_prefix, file_name])
except ValueError:
common_path = ""
if common_path is "" or not common_path.startswith(install_prefix):
if trust_instance.signatureFileExistsFor(file_name):
_containerRegistry.setExplicitReadOnly(self.getId()) # TODO???: self._read_only = True
if not trust_instance.signedFileCheck(file_name):
raise Exception("Can't validate file {0}".format(file_name))
return True
def _isScriptAllowed(file_path: str) -> bool:
"""Checks whether the given file is allowed to be loaded"""
if not ApplicationMetadata.IsEnterpriseVersion:
# No signature needed
return True
dir_path = os.path.split(file_path)[0] # type: str
plugin_path = PluginRegistry.getInstance().getPluginPath("PostProcessingPlugin")
assert plugin_path is not None # appease mypy
bundled_path = os.path.join(plugin_path, "scripts")
if dir_path == bundled_path:
# Bundled scripts are trusted.
return True
trust_instance = Trust.getInstanceOrNone()
if trust_instance is not None and Trust.signatureFileExistsFor(file_path):
if trust_instance.signedFileCheck(file_path):
return True
return False # Default verdict should be False, being the most secure fallback
