From 298eb27c7f4a2440c4b5f811f44a6ea3a4e26800 Mon Sep 17 00:00:00 2001 From: Remco Burema Date: Tue, 29 Oct 2019 17:45:19 +0100 Subject: [PATCH] Add possibility to check material-profiles. Needed to add the filename to deserialize, feels a bit unsafe as an optional parameter, will discuss tomorrow. part of CURA-6856 --- cura/Settings/ContainerManager.py | 2 +- plugins/LegacyProfileReader/LegacyProfileReader.py | 2 +- plugins/XmlMaterialProfile/XmlMaterialProfile.py | 14 +++++++++++++- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/cura/Settings/ContainerManager.py b/cura/Settings/ContainerManager.py index 4a4a7b64dd..0daf5305c4 100644 --- a/cura/Settings/ContainerManager.py +++ b/cura/Settings/ContainerManager.py @@ -247,7 +247,7 @@ class ContainerManager(QObject): try: with open(file_url, "rt", encoding = "utf-8") as f: - container.deserialize(f.read()) + container.deserialize(f.read(), file_url) except PermissionError: return {"status": "error", "message": "Permission denied when trying to read the file."} except ContainerFormatError: diff --git a/plugins/LegacyProfileReader/LegacyProfileReader.py b/plugins/LegacyProfileReader/LegacyProfileReader.py index 013bab6f11..87b26eb4ec 100644 --- a/plugins/LegacyProfileReader/LegacyProfileReader.py +++ b/plugins/LegacyProfileReader/LegacyProfileReader.py @@ -157,7 +157,7 @@ class LegacyProfileReader(ProfileReader): data = stream.getvalue() profile = InstanceContainer(profile_id) - profile.deserialize(data) # Also performs the version upgrade. + profile.deserialize(data, file_name) # Also performs the version upgrade. profile.setDirty(True) #We need to return one extruder stack and one global stack. diff --git a/plugins/XmlMaterialProfile/XmlMaterialProfile.py b/plugins/XmlMaterialProfile/XmlMaterialProfile.py index 093638d594..752f17feb4 100644 --- a/plugins/XmlMaterialProfile/XmlMaterialProfile.py +++ b/plugins/XmlMaterialProfile/XmlMaterialProfile.py @@ -15,8 +15,9 @@ import UM.Dictionary from UM.Settings.InstanceContainer import InstanceContainer from UM.Settings.ContainerRegistry import ContainerRegistry from UM.ConfigurationErrorMessage import ConfigurationErrorMessage +from UM.Trust import Trust -from cura.CuraApplication import CuraApplication +from cura.CuraApplication import ApplicationMetadata, CuraApplication from cura.Machines.ContainerTree import ContainerTree from cura.Machines.VariantType import VariantType @@ -470,6 +471,17 @@ class XmlMaterialProfile(InstanceContainer): ## Overridden from InstanceContainer def deserialize(self, serialized, file_name = None): + + # NOTE: In an enterprise environment, IT might not trust every material package the user installs. + # In that case, check if this package is trusted first, and return prematurely if not. + if file_name is not None and ApplicationMetadata.CuraIsEnterpriseVersion: + from UM.Application import Application + install_prefix = os.path.abspath(Application.getInstallPrefix()) + common_path = os.path.commonpath([install_prefix, file_name]) + if common_path is None or not common_path.startswith(install_prefix): + if not Trust.getInstance().signedFileCheck(file_name): + raise Exception("Trust-check failed for material file {0}.".format(file_name)) + containers_to_add = [] # update the serialized data first from UM.Settings.Interfaces import ContainerInterface