Summary

Unsafe plugins (for instance sql-list) can be installed in subdomain tenants via pack import even if unsafe plugin installation for tenants is disables

Details

I have an example
https://bot20230704.saltcorn.com/view/all_plugins
It's publicly accessible (but has not so secure values except list of tenants).
But using this mech one can read any data from other tenants.

Impact

All tenants of installation (i.e. saltcorn.com), can be compromised from tenant user has admin access. If an untrusted user has admin rights to a tenant instance, they will be able to install a plug-in that can access information from other tenants

Revived after 0.8.7

After patch in 0.8.7 this is not fixed completely.

Here are steps to reproduce:

1. Publish to NPM plugin that was not approved by admin (in case of saltcorn.com) by @glutamate. I've just published this one: https://www.npmjs.com/package/saltcorn-qrcode
2. Publish somewhere plugin store that includes plugin from previous step: https://gist.github.com/pyhedgehog/f1fd7cb13f4d0a7ccf6a965748d19bd2
3. Add plugin store link to tenant store.
4. Install plugin.
5. Use it in tenant: https://bot20230704.saltcorn.com/view/testqr_show/1

Here are logic:
Unsafe plugins checked against this list:
https://github.com/saltcorn/saltcorn/blob/99fe277e497fd193bb070acd8c663aa254a9907c/packages/server/load_plugins.js#L191
But it's under control of tenant admin, not server admin.
Proposed login:

const safes = getRootState().getConfig("available_plugins",[]).filter(p=>!p.unsafe).map(p=>p.location);

References

• GHSA-wxf3-4fvj-vqqx
• saltcorn/saltcorn#1973
• saltcorn/saltcorn@0f32a51
• https://github.com/saltcorn/saltcorn/blob/99fe277e497fd193bb070acd8c663aa254a9907c/packages/server/load_plugins.js#L191