IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Plugins: Add file permission error check when attempting to verify plugin signature (#61860)

Browse Source 
add permission err check
This commit is contained in:
Will Browne 2023-01-23 12:01:10 +01:00 committed by GitHub
parent 50608db59a
commit 59ef144e9e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/plugins/manager/signature/manifest.go
View File

@ -200,8 +200,12 @@ func verifyHash(mlog log.Logger, pluginID string, path string, hash string) erro
// on the path provided in a manifest file for a plugin and not user input. // on the path provided in a manifest file for a plugin and not user input.
f, err := os.Open(path) f, err := os.Open(path)
if err != nil { if err != nil {
if os.IsPermission(err) {
mlog.Warn("Could not open plugin file due to lack of permissions", "plugin", pluginID, "path", path)
return errors.New("permission denied when attempting to read plugin file")
}
mlog.Warn("Plugin file listed in the manifest was not found", "plugin", pluginID, "path", path) mlog.Warn("Plugin file listed in the manifest was not found", "plugin", pluginID, "path", path)
return fmt.Errorf("plugin file listed in the manifest was not found") return errors.New("plugin file listed in the manifest was not found")
} }
defer func() { defer func() {
if err := f.Close(); err != nil { if err := f.Close(); err != nil {
@ -211,12 +215,12 @@ func verifyHash(mlog log.Logger, pluginID string, path string, hash string) erro
h := sha256.New() h := sha256.New()
if _, err := io.Copy(h, f); err != nil { if _, err := io.Copy(h, f); err != nil {
return fmt.Errorf("could not calculate plugin file checksum") return errors.New("could not calculate plugin file checksum")
} }
sum := hex.EncodeToString(h.Sum(nil)) sum := hex.EncodeToString(h.Sum(nil))
if sum != hash { if sum != hash {
mlog.Warn("Plugin file checksum does not match signature checksum", "plugin", pluginID, "path", path) mlog.Warn("Plugin file checksum does not match signature checksum", "plugin", pluginID, "path", path)
return fmt.Errorf("plugin file checksum does not match signature checksum") return errors.New("plugin file checksum does not match signature checksum")
} }
return nil return nil