Implement allow/denyList when loading/installing modules

2025-03-01 10:36:34 +00:00 · 2020-12-27 12:49:17 +00:00
parent fc459be531
commit aacb92a7ae
6 changed files with 191 additions and 27 deletions
--- a/packages/node_modules/@node-red/registry/lib/localfilesystem.js
+++ b/packages/node_modules/@node-red/registry/lib/localfilesystem.js
@@ -14,10 +14,16 @@
 * limitations under the License.
 **/

-var fs = require("fs");
-var path = require("path");
-var log = require("@node-red/util").log;
-var i18n = require("@node-red/util").i18n;
+const fs = require("fs");
+const path = require("path");
+const log = require("@node-red/util").log;
+const i18n = require("@node-red/util").i18n;
+const registryUtil = require("./util");
+
+// Default allow/deny lists
+let loadAllowList = ['*'];
+let loadDenyList = [];
+

 var settings;
 var disableNodePathScan = false;
@@ -25,6 +31,16 @@ var iconFileExtensions = [".png", ".gif", ".svg"];

 function init(_settings) {
    settings = _settings;
+    // TODO: This is duplicated in installer.js
+    //       Should it *all* be managed by util?
+    if (settings.externalModules && settings.externalModules.palette) {
+        if (settings.externalModules.palette.allowList || settings.externalModules.palette.denyList) {
+            loadAllowList = settings.externalModules.palette.allowList;
+            loadDenyList = settings.externalModules.palette.denyList;
+        }
+    }
+    loadAllowList = registryUtil.parseModuleList(loadAllowList);
+    loadDenyList = registryUtil.parseModuleList(loadDenyList);
 }

 function isIncluded(name) {
@@ -137,8 +153,12 @@ function scanDirForNodesModules(dir,moduleName) {
                    try {
                        var pkg = require(pkgfn);
                        if (pkg['node-red']) {
-                            var moduleDir = path.join(dir,fn);
-                            results.push({dir:moduleDir,package:pkg});
+                            if (!registryUtil.checkModuleAllowed(pkg.name,pkg.version,loadAllowList,loadDenyList)) {
+                                log.debug("! Module: "+pkg.name+" "+pkg.version+ " *ignored due to denyList*");
+                            } else {
+                                var moduleDir = path.join(dir,fn);
+                                results.push({dir:moduleDir,package:pkg});
+                            }
                        }
                    } catch(err) {
                        if (err.code != "MODULE_NOT_FOUND") {
@@ -308,8 +328,7 @@ function getNodeFiles(disableNodePathScan) {
            } else {
                result = false;
            }
-            log.debug("Module: "+mod.package.name+" "+mod.package.version+(result?"":" *ignored due to local copy*"));
-            log.debug("        "+mod.dir);
+            log.debug((result?"":"! ")+"Module: "+mod.package.name+" "+mod.package.version+" "+mod.dir+(result?"":" *ignored due to local copy*"));
            return result;
        });