def test_initTrustFail(self): with pytest.raises(Exception): Trust("key-not-found") with pytest.raises(Exception): Trust.getInstance() assert Trust.getInstanceOrNone() is None
def _trustHook(self, file_name: Optional[str]) -> bool: # NOTE: In an enterprise environment, if there _is_ a signature file for an unbundled package, verify it. # (Note that this is a different behaviour w.r.t. the plugins, where the check is not just verification!) # (Note that there shouldn't be a check if trust has to be here, since it'll continue on 'no signature'.) if file_name is None: return True trust_instance = Trust.getInstanceOrNone() if trust_instance is not None: from UM.Application import Application install_prefix = os.path.abspath(Application.getInstallPrefix()) try: common_path = os.path.commonpath([install_prefix, file_name]) except ValueError: common_path = "" if common_path is "" or not common_path.startswith(install_prefix): if trust_instance.signatureFileExistsFor(file_name): _containerRegistry.setExplicitReadOnly(self.getId()) # TODO???: self._read_only = True if not trust_instance.signedFileCheck(file_name): raise Exception("Can't validate file {0}".format(file_name)) return True
def _isScriptAllowed(file_path: str) -> bool: """Checks whether the given file is allowed to be loaded""" if not ApplicationMetadata.IsEnterpriseVersion: # No signature needed return True dir_path = os.path.split(file_path)[0] # type: str plugin_path = PluginRegistry.getInstance().getPluginPath("PostProcessingPlugin") assert plugin_path is not None # appease mypy bundled_path = os.path.join(plugin_path, "scripts") if dir_path == bundled_path: # Bundled scripts are trusted. return True trust_instance = Trust.getInstanceOrNone() if trust_instance is not None and Trust.signatureFileExistsFor(file_path): if trust_instance.signedFileCheck(file_path): return True return False # Default verdict should be False, being the most secure fallback