[QGIS-Developer] Mitigating security risks of the Official Plugin Repository

[Daniel Silk]

Hi all

I am currently involved in rolling QGIS 2.18 out in a corporate environment. The security risk of a user installing a malicious plugin from the Official Plugin Repository has come up.

While we can ensure our corporate plugin repository is immediately visible to all corporate users via a startup.py script, it appears that we:
- cannot remove the Official Plugin Repository from the repository list (due to https://github.com/qgis/QGIS/blob/release-2_18/python/pyplugin_installer/installer_data.py#L316-L326)
- cannot disable the Official Plugin Repository via Python API (and the user would just be able to enable via the Plugin Manager interface anyway)
- cannot set the Plugin Manager interface to only show trusted plugins
- cannot set the url parameters to include trusted=true as the url params are hardcoded: https://github.com/qgis/QGIS/blob/release-2_18/python/pyplugin_installer/installer_data.py#L228

So is there any other way to remove the Official Plugin Repository or limit the plugins that we allow users to view and install?

Thanks
Daniel

________________________________

This message contains information, which may be in confidence and may be subject to legal privilege. If you are not the intended recipient, you must not peruse, use, disseminate, distribute or copy this message. If you have received this message in error, please notify us immediately (Phone 0800 665 463 or info at linz.govt.nz) and destroy the original message. LINZ accepts no responsibility for changes to this email, or for any attachments, after its transmission from LINZ. Thank You.