mirror of
https://github.com/node-red/node-red.git
synced 2025-03-01 10:36:34 +00:00
Implement allow/denyList when loading/installing modules
This commit is contained in:
Nick O'Leary
@@ -15,26 +15,42 @@
|
||||
**/
|
||||
|
||||
|
||||
var path = require("path");
|
||||
var os = require("os");
|
||||
var fs = require("fs-extra");
|
||||
var tar = require("tar");
|
||||
const path = require("path");
|
||||
const os = require("os");
|
||||
const fs = require("fs-extra");
|
||||
const tar = require("tar");
|
||||
|
||||
var registry = require("./registry");
|
||||
var library = require("./library");
|
||||
const registry = require("./registry");
|
||||
const registryUtil = require("./util");
|
||||
const library = require("./library");
|
||||
const {exec,log,events} = require("@node-red/util");
|
||||
var child_process = require('child_process');
|
||||
var npmCommand = process.platform === 'win32' ? 'npm.cmd' : 'npm';
|
||||
var installerEnabled = false;
|
||||
const child_process = require('child_process');
|
||||
const npmCommand = process.platform === 'win32' ? 'npm.cmd' : 'npm';
|
||||
let installerEnabled = false;
|
||||
|
||||
var settings;
|
||||
let settings;
|
||||
const moduleRe = /^(@[^/@]+?[/])?[^/@]+?$/;
|
||||
const slashRe = process.platform === "win32" ? /\\|[/]/ : /[/]/;
|
||||
const pkgurlRe = /^(https?|git(|\+https?|\+ssh|\+file)):\/\//;
|
||||
const localtgzRe = /^([a-zA-Z]:|\/).+tgz$/;
|
||||
|
||||
// Default allow/deny lists
|
||||
let installAllowList = ['*'];
|
||||
let installDenyList = [];
|
||||
|
||||
|
||||
function init(_settings) {
|
||||
settings = _settings;
|
||||
// TODO: This is duplicated in localfilesystem.js
|
||||
// Should it *all* be managed by util?
|
||||
if (settings.externalModules && settings.externalModules.palette) {
|
||||
if (settings.externalModules.palette.allowList || settings.externalModules.palette.denyList) {
|
||||
installAllowList = settings.externalModules.palette.allowList;
|
||||
installDenyList = settings.externalModules.palette.denyList;
|
||||
}
|
||||
}
|
||||
installAllowList = registryUtil.parseModuleList(installAllowList);
|
||||
installDenyList = registryUtil.parseModuleList(installDenyList);
|
||||
}
|
||||
|
||||
var activePromise = Promise.resolve();
|
||||
@@ -118,6 +134,12 @@ function installModule(module,version,url) {
|
||||
reject(e);
|
||||
return;
|
||||
}
|
||||
if (!registryUtil.checkModuleAllowed(module,version,installAllowList,installDenyList)) {
|
||||
const e = new Error("Install not allowed");
|
||||
e.code = "install_not_allowed";
|
||||
reject(e);
|
||||
return
|
||||
}
|
||||
isUpgrade = checkExistingModule(module,version);
|
||||
} catch(err) {
|
||||
return reject(err);
|
||||
@@ -215,6 +237,10 @@ async function getExistingPackageVersion(moduleName) {
|
||||
}
|
||||
|
||||
async function installTarball(tarball) {
|
||||
if (settings.externalModules && settings.externalModules.palette && settings.externalModules.palette.allowUpload === false) {
|
||||
throw new Error("Module upload disabled")
|
||||
}
|
||||
|
||||
// Check this tarball contains a valid node-red module.
|
||||
// Get its module name/version
|
||||
const moduleInfo = await getTarballModuleInfo(tarball);
|
||||
|
||||
Reference in New Issue
Block a user