From 31f17cd39b8cca2b712e29be89d51228277818e3 Mon Sep 17 00:00:00 2001
From: Peter Rottmann <rottmann@inveris.de>
Date: Fri, 13 Jan 2017 18:22:17 +0100
Subject: [PATCH] Add plugin loader access permission check.

---
 lib/plugin_loader.js | 104 ++++++++++++++++++++++++-------------------
 1 file changed, 59 insertions(+), 45 deletions(-)

diff --git a/lib/plugin_loader.js b/lib/plugin_loader.js
index 9ece664..fd974af 100644
--- a/lib/plugin_loader.js
+++ b/lib/plugin_loader.js
@@ -1,4 +1,5 @@
 var _    = require('lodash');
+var fs   = require('fs');
 var path = require('path');
 var util = require('util');
 var glob = require('glob');
@@ -6,24 +7,25 @@ var glob = require('glob');
 var app = {};
 
 function PluginLoader(_app) {
-    var self = this;
+  var self = this;
 
-    // global variables
-    app = _app;
+  // global variables
+  app = _app;
 
-    // class variables
-    self.plugins = {};
+  // class variables
+  self.plugins = {};
 
-    // Try to load global apidoc-plugins (if apidoc is installed locally it tries only local)
-    this.detectPugins(__dirname);
+  // Try to load global apidoc-plugins (if apidoc is installed locally it tries only local)
+  this.detectPugins(__dirname);
 
-    // Try to load local apidoc-plugins
-    this.detectPugins( path.join(process.cwd(), '/node_modules') );
+  // Try to load local apidoc-plugins
+  this.detectPugins( path.join(process.cwd(), '/node_modules') );
 
-    if (Object.keys(this.plugins).length === 0)
-        app.log.debug('No plugins found.');
+  if (Object.keys(this.plugins).length === 0) {
+    app.log.debug('No plugins found.');
+  }
 
-    this.loadPlugins();
+  this.loadPlugins();
 }
 /**
  * Inherit
@@ -40,52 +42,64 @@ module.exports = PluginLoader;
  * Search up to root until found a plugin.
  */
 PluginLoader.prototype.detectPugins = function(dir) {
-    var self = this;
-
-    // Search from the given dir up to root.
-    // Every dir start with "apidoc-plugin-", because for the tests of apidoc-plugin-test.
-    var plugins = glob.sync(dir + '/apidoc-plugin-*');
-    if (plugins.length === 0) {
-        dir = path.join(dir, '..');
-        if (dir === '/' || dir.substr(1) === ':\\')
-            return;
-        return this.detectPugins(dir);
+  var self = this;
+
+  try {
+    if (dir === '/') {
+      fs.accessSync(dir + '.')
+    } else {
+      fs.accessSync(dir + '/.')
+    }
+  } catch (e) {
+    app.log.warn(e);
+    return;
+  }
+
+  // Every dir start with "apidoc-plugin-", because for the tests of apidoc-plugin-test.
+  var plugins = glob.sync(dir + '/apidoc-plugin-*');
+  if (plugins.length === 0) {
+    dir = path.join(dir, '..');
+    if (dir === '/' || dir.substr(1) === ':\\') {
+      return;
     }
+    return this.detectPugins(dir);
+  }
 
-    var offset = dir.length + 1;
-    plugins.forEach( function(plugin) {
-        var name = plugin.substr(offset);
-        var filename = path.relative(__dirname, plugin);
-        app.log.debug('add plugin: ' + name + ', ' + filename);
-        self.addPlugin(name, plugin);
-    });
+  var offset = dir.length + 1;
+  plugins.forEach( function(plugin) {
+      var name = plugin.substr(offset);
+      var filename = path.relative(__dirname, plugin);
+      app.log.debug('add plugin: ' + name + ', ' + filename);
+      self.addPlugin(name, plugin);
+  });
 };
 
 /**
  * Add Plugin to plugin list.
  */
 PluginLoader.prototype.addPlugin = function(name, filename) {
-    if (this.plugins[name])
-        app.log.debug('overwrite plugin: ' + name + ', ' + this.plugins[name]);
+  if (this.plugins[name]) {
+    app.log.debug('overwrite plugin: ' + name + ', ' + this.plugins[name]);
+  }
 
-    this.plugins[name] = filename;
+  this.plugins[name] = filename;
 };
 
 /**
  * Load and initialize Plugins.
  */
 PluginLoader.prototype.loadPlugins = function() {
-    _.forEach(this.plugins, function(filename, name) {
-        app.log.debug('load plugin: ' + name + ', ' + filename);
-        var plugin;
-        try {
-            plugin = require(filename);
-        } catch(e) {
-        }
-        if (plugin && plugin.init) {
-            plugin.init(app);
-        } else {
-            app.log.debug('Ignored, no init function found.');
-        }
-    });
+  _.forEach(this.plugins, function(filename, name) {
+    app.log.debug('load plugin: ' + name + ', ' + filename);
+    var plugin;
+    try {
+      plugin = require(filename);
+    } catch(e) {
+    }
+    if (plugin && plugin.init) {
+      plugin.init(app);
+    } else {
+      app.log.debug('Ignored, no init function found.');
+    }
+  });
 };