Mirrored_Repos/InvenTree
1
0
Fork 0
mirror of https://github.com/inventree/InvenTree synced 2024-08-30 18:33:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

make db setting fetching safe

Browse Source
This commit is contained in:
Matthias 2021-11-14 02:03:56 +01:00
parent 4abb23963a
commit 8faed72278
No known key found for this signature in database
GPG Key ID: F50EF5741D33E076
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
InvenTree/plugin/apps.py
View File

@ -67,10 +67,15 @@ class PluginAppConfig(AppConfig):
# these checks only use attributes - never use plugin supplied functions -> that would lead to arbitrary code execution!! # these checks only use attributes - never use plugin supplied functions -> that would lead to arbitrary code execution!!
plug_name = plugin.PLUGIN_NAME plug_name = plugin.PLUGIN_NAME
plug_key = plugin.PLUGIN_SLUG if getattr(plugin, 'PLUGIN_SLUG', None) else plug_name plug_key = plugin.PLUGIN_SLUG if getattr(plugin, 'PLUGIN_SLUG', None) else plug_name
plugin_db_setting, _ = PluginConfig.objects.get_or_create(key=plug_key, name=plug_name) try:
plugin_db_setting, _ = PluginConfig.objects.get_or_create(key=plug_key, name=plug_name)
except (OperationalError, ProgrammingError) as error:
# Exception if the database has not been migrated yet
logger.error('Database error while gettign/setting PluginConfig', error)
plugin_db_setting = None
# always activate if testing # always activate if testing
if settings.PLUGIN_TESTING or plugin_db_setting.active: if settings.PLUGIN_TESTING or (plugin_db_setting and plugin_db_setting.active):
# init package # init package
# now we can be sure that an admin has activated the plugin -> as of Nov 2021 there are not many checks in place # now we can be sure that an admin has activated the plugin -> as of Nov 2021 there are not many checks in place
# but we could enhance those to check signatures, run the plugin against a whitelist etc. # but we could enhance those to check signatures, run the plugin against a whitelist etc.
@ -78,7 +83,8 @@ class PluginAppConfig(AppConfig):
plugin = plugin() plugin = plugin()
logger.info(f'Loaded integration plugin {plugin.slug}') logger.info(f'Loaded integration plugin {plugin.slug}')
plugin.is_package = was_packaged plugin.is_package = was_packaged
plugin.pk = plugin_db_setting.pk if plugin_db_setting:
plugin.pk = plugin_db_setting.pk
# safe reference # safe reference
settings.INTEGRATION_PLUGINS[plugin.slug] = plugin settings.INTEGRATION_PLUGINS[plugin.slug] = plugin