fix: restrict plugins to be loaded only from ./plugins

Agoric · Sep 16, 2020 · 2ba608e · 2ba608e
1 parent 73f9d40
commit 2ba608e
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 2 deletions.
diff --git a/packages/SwingSet/src/devices/plugin-src.js b/packages/SwingSet/src/devices/plugin-src.js
@@ -1,4 +1,4 @@
-/* global harden */
+/* global harden HandledPromise */
 
 import { makeCapTP } from '@agoric/captp';
 

diff --git a/packages/cosmic-swingset/lib/ag-solo/start.js b/packages/cosmic-swingset/lib/ag-solo/start.js
@@ -10,6 +10,7 @@ import anylogger from 'anylogger';
 // import connect from 'lotion-connect';
 // import djson from 'deterministic-json';
 
+import { assert, details } from '@agoric/assert';
 import {
   loadBasedir,
   loadSwingsetConfigFile,
@@ -95,7 +96,20 @@ async function buildSwingset(
     await processKernel();
   });
 
-  const plugin = buildPlugin(require, queueThunkForKernel);
+  const pluginsPrefix = `${path.resolve('./plugins')}${path.sep}`;
+  const pluginRequire = mod => {
+    // Ensure they can't traverse out of the plugins prefix.
+    const pluginFile = path.resolve(pluginsPrefix, mod);
+    assert(
+      pluginFile.startsWith(pluginsPrefix),
+      details`Cannot load ${pluginFile} plugin; outside of ./plugins`,
+    );
+
+    // eslint-disable-next-line import/no-dynamic-require,global-require
+    return require(pluginFile);
+  };
+
+  const plugin = buildPlugin(pluginRequire, queueThunkForKernel);
 
   let config = loadSwingsetConfigFile(`${vatsDir}/solo-config.json`);
   if (config === null) {