IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-11-25 18:30:41 -06:00
Code Issues Packages Projects Releases Wiki Activity

Plugins: Fix descendent frontend plugin signature validation (#28638)

Browse Source 
* move plugin root check to earlier in validation process

* remove comment

* only check root if necessary
This commit is contained in:
Will Browne 2020-10-29 15:03:37 +01:00 committed by GitHub
parent 2be217e026
commit b9d71f5cdd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/plugins/plugins.go
View File

@ -373,12 +373,6 @@ func (scanner *PluginScanner) IsBackendOnlyPlugin(pluginType string) bool {
// validateSignature validates a plugin's signature.
func (s *PluginScanner) validateSignature(plugin *PluginBase) *PluginError {
// For the time being, we choose to only require back-end plugins to be signed
// NOTE: the state is calculated again when setting metadata on the object
if !plugin.Backend || !s.requireSigned {
return nil
}
if plugin.Signature == PluginSignatureValid {
s.log.Debug("Plugin has valid signature", "id", plugin.Id)
return nil
@ -403,6 +397,12 @@ func (s *PluginScanner) validateSignature(plugin *PluginBase) *PluginError {
"state", plugin.Signature)
}
// For the time being, we choose to only require back-end plugins to be signed
// NOTE: the state is calculated again when setting metadata on the object
if !plugin.Backend || !s.requireSigned {
return nil
}
switch plugin.Signature {
case PluginSignatureUnsigned:
allowUnsigned := false