[app] Secure plugin loading

2021-03-24 17:09:21 +01:00 · 2021-03-24 17:09:21 +01:00 · 1550be5da6
parent dca890dad9
commit 1550be5da6
1 changed files with 15 additions and 6 deletions
--- a/flaschengeist/app.py
+++ b/flaschengeist/app.py
@ -1,3 +1,5 @@
+import enum
+
 import pkg_resources
 from flask import Flask, current_app
 from flask_cors import CORS
@ -22,6 +24,8 @@ class CustomJSONEncoder(JSONEncoder):

        if isinstance(o, datetime) or isinstance(o, date):
            return o.isoformat()
+        if isinstance(o, enum.Enum):
+            return o.value

        # Check if iterable
        try:
@ -40,12 +44,17 @@ def __load_plugins(app):
        logger.debug("Found plugin: >{}<".format(entry_point.name))
        plugin = None
        if entry_point.name in config and config[entry_point.name].get("enabled", False):
-            plugin = entry_point.load()
-            setattr(plugin, "_plugin_name", entry_point.name)
-            plugin = plugin(config[entry_point.name])
-            if plugin.blueprint:
-                app.register_blueprint(plugin.blueprint)
-            logger.info("Load plugin >{}<".format(entry_point.name))
+            try:
+                logger.info(f"Load plugin {entry_point.name}")
+                plugin = entry_point.load()
+                setattr(plugin, "_plugin_name", entry_point.name)
+                plugin = plugin(config[entry_point.name])
+                if plugin.blueprint:
+                    app.register_blueprint(plugin.blueprint)
+            except:
+                logger.error(
+                    f"Plugin {entry_point.name} was enabled, but could not be loaded due to an error.", exc_info=True
+                )
        if isinstance(plugin, AuthPlugin):
            logger.debug("Found authentication plugin: %s", entry_point.name)
            if entry_point.name == config["FLASCHENGEIST"]["auth"]: