From fe2098376ff0a8f70aa44510cd534671bf1e50c2 Mon Sep 17 00:00:00 2001
From: Remco Burema <r.burema@ultimaker.com>
Date: Fri, 17 Jan 2020 17:15:37 +0100
Subject: [PATCH] Prepare PostProcessingPlugin for security.

---
 plugins/PostProcessingPlugin/PostProcessingPlugin.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/plugins/PostProcessingPlugin/PostProcessingPlugin.py b/plugins/PostProcessingPlugin/PostProcessingPlugin.py
index 8be0523b65..bb1d42c42e 100644
--- a/plugins/PostProcessingPlugin/PostProcessingPlugin.py
+++ b/plugins/PostProcessingPlugin/PostProcessingPlugin.py
@@ -4,6 +4,7 @@
 from PyQt5.QtCore import QObject, pyqtProperty, pyqtSignal, pyqtSlot
 from typing import Dict, Type, TYPE_CHECKING, List, Optional, cast
 
+from UM.Trust import Trust
 from UM.PluginRegistry import PluginRegistry
 from UM.Resources import Resources
 from UM.Application import Application
@@ -161,7 +162,12 @@ class PostProcessingPlugin(QObject, Extension):
             # Iterate over all scripts.
             if script_name not in sys.modules:
                 try:
-                    spec = importlib.util.spec_from_file_location(__name__ + "." + script_name, os.path.join(path, script_name + ".py"))
+                    file_location = __name__ + "." + script_name, os.path.join(path, script_name + ".py")
+                    trust_instance = Trust.getInstanceOrNone()
+                    if trust_instance is not None and Trust.signatureFileExistsFor(file_location):
+                        if not trust_instance.signedFileCheck(file_location):
+                            raise Exception("Can't validate script {0}".format(file_location))
+                    spec = importlib.util.spec_from_file_location(file_location)
                     loaded_script = importlib.util.module_from_spec(spec)
                     if spec.loader is None:
                         continue