fix(plugins): harden marketplace abuse checks

Author: FTMahringer

packages/core/src/main/java/dev/synapse/core/common/domain/StoreEntry.java

@@ -4,6 +4,7 @@
 import org.hibernate.annotations.JdbcTypeCode;
 import org.hibernate.type.SqlTypes;
 
+import java.io.Serializable;
 import java.time.Instant;
 import java.util.List;
 import java.util.Map;
@@ -13,7 +14,9 @@
  */
 @Entity
 @Table(name = "store_entries")
-public class StoreEntry {
+public class StoreEntry implements Serializable {
+
+    private static final long serialVersionUID = 1L;
 
     @Id
     private String id;

packages/core/src/main/java/dev/synapse/plugins/PluginSafetyPolicy.java

@@ -38,4 +38,19 @@ public static PluginSafetyPolicy unverified(String source) {
             )
         );
     }
+
+    public static PluginSafetyPolicy spoofedVerified(
+        String source,
+        String pluginId
+    ) {
+        return new PluginSafetyPolicy(
+            PluginTrustLevel.UNVERIFIED,
+            true,
+            List.of(
+                "This plugin claims verified source '" + source + "' but does not match the store registry metadata for '" + pluginId + "'.",
+                "Treat this as an unverified plugin and review the JAR and manifest before installing.",
+                "Pass confirmed=true to proceed."
+            )
+        );
+    }
 }

packages/core/src/main/java/dev/synapse/plugins/PluginSafetyService.java

@@ -1,7 +1,8 @@
 package dev.synapse.plugins;
 
 import dev.synapse.core.common.domain.Plugin;
-import dev.synapse.core.infrastructure.exception.ResourceNotFoundException;
+import dev.synapse.core.common.domain.StoreEntry;
+import dev.synapse.core.common.repository.StoreEntryRepository;
 import dev.synapse.core.infrastructure.logging.LogCategory;
 import dev.synapse.core.infrastructure.logging.LogLevel;
 import dev.synapse.core.infrastructure.logging.SystemLogService;
@@ -21,21 +22,32 @@ public class PluginSafetyService {
     private static final Set<String> COMMUNITY_SOURCES = Set.of("community", "skills_sh");
 
     private final PluginLifecycleService lifecycleService;
+    private final StoreEntryRepository storeEntryRepository;
     private final SystemLogService logService;
 
-    public PluginSafetyService(PluginLifecycleService lifecycleService, SystemLogService logService) {
+    public PluginSafetyService(
+        PluginLifecycleService lifecycleService,
+        StoreEntryRepository storeEntryRepository,
+        SystemLogService logService
+    ) {
         this.lifecycleService = lifecycleService;
+        this.storeEntryRepository = storeEntryRepository;
         this.logService = logService;
     }
 
     /**
      * Assess trust level for a manifest by its source field.
      */
     public PluginSafetyPolicy assess(Map<String, Object> manifest) {
+        String pluginId = manifest.getOrDefault("id", "unknown").toString();
         Object sourceObj = manifest.get("source");
-        String source = sourceObj != null ? sourceObj.toString() : "";
+        String source = sourceObj != null ? sourceObj.toString().trim().toLowerCase() : "";
+        StoreEntry registryEntry = storeEntryRepository.findById(pluginId).orElse(null);
 
         if (VERIFIED_SOURCES.contains(source)) {
+            if (!matchesRegistryEntry(manifest, registryEntry, source)) {
+                return PluginSafetyPolicy.spoofedVerified(source, pluginId);
+            }
             return PluginSafetyPolicy.verified();
         }
         if (COMMUNITY_SOURCES.contains(source)) {
@@ -75,4 +87,37 @@ public Plugin safeInstall(Map<String, Object> manifest, boolean confirmed) {
 
         return lifecycleService.install(manifest);
     }
+
+    private boolean matchesRegistryEntry(
+        Map<String, Object> manifest,
+        StoreEntry registryEntry,
+        String source
+    ) {
+        if (registryEntry == null) {
+            return false;
+        }
+        if (!source.equalsIgnoreCase(registryEntry.getSource())) {
+            return false;
+        }
+
+        String manifestVersion = manifest.getOrDefault("version", "").toString();
+        if (
+            !manifestVersion.isBlank() &&
+            registryEntry.getVersion() != null &&
+            !manifestVersion.equals(registryEntry.getVersion())
+        ) {
+            return false;
+        }
+
+        Object author = manifest.get("author");
+        if (
+            author != null &&
+            registryEntry.getAuthor() != null &&
+            !author.toString().equalsIgnoreCase(registryEntry.getAuthor())
+        ) {
+            return false;
+        }
+
+        return true;
+    }
 }

packages/core/src/main/java/dev/synapse/plugins/StoreRegistryService.java

@@ -114,7 +114,11 @@ public List<StoreEntry> findByType(
     }
 
     @Transactional(readOnly = true)
-    @Cacheable(value = "plugin-metadata", key = "'id:' + #id")
+    @Cacheable(
+        value = "plugin-metadata",
+        key = "'id:' + #id",
+        unless = "#result == null"
+    )
     public StoreEntry findById(String id) {
         return storeEntryRepository.findById(id).orElse(null);
     }

packages/core/src/main/java/dev/synapse/plugins/loader/BytecodeScanner.java

@@ -76,12 +76,22 @@ public ScanResult scan(Path jarPath) throws IOException {
                 }
 
                 try (InputStream is = jarFile.getInputStream(entry)) {
-                    ClassReader reader = new ClassReader(is);
-                    ClassVisitor visitor = new ForbiddenReferenceVisitor(
-                        violations,
-                        entry.getName()
-                    );
-                    reader.accept(visitor, ClassReader.SKIP_DEBUG);
+                    try {
+                        ClassReader reader = new ClassReader(is);
+                        ClassVisitor visitor = new ForbiddenReferenceVisitor(
+                            violations,
+                            entry.getName()
+                        );
+                        reader.accept(visitor, ClassReader.SKIP_DEBUG);
+                    } catch (IllegalArgumentException e) {
+                        violations.add(
+                            new Violation(
+                                entry.getName(),
+                                "Unreadable class file: " + e.getMessage(),
+                                ViolationType.CLASS_REFERENCE
+                            )
+                        );
+                    }
                 }
             }
         }

packages/core/src/main/java/dev/synapse/plugins/loader/PluginSandboxController.java

@@ -23,13 +23,16 @@ public class PluginSandboxController {
 
     private final PluginSandboxService sandboxService;
     private final PluginLifecycleService lifecycleService;
+    private final PluginStorageService storageService;
 
     public PluginSandboxController(
         PluginSandboxService sandboxService,
-        PluginLifecycleService lifecycleService
+        PluginLifecycleService lifecycleService,
+        PluginStorageService storageService
     ) {
         this.sandboxService = sandboxService;
         this.lifecycleService = lifecycleService;
+        this.storageService = storageService;
     }
 
     /**
@@ -42,7 +45,14 @@ public Map<String, Object> scanJar(@RequestBody Map<String, String> body) {
             throw new IllegalArgumentException("jarPath is required");
         }
 
-        BytecodeScanner.ScanResult result = sandboxService.scanJar(Path.of(jarPath));
+        Path managedJar;
+        try {
+            managedJar = storageService.resolveManagedJar(Path.of(jarPath));
+        } catch (Exception e) {
+            throw new IllegalArgumentException(e.getMessage());
+        }
+
+        BytecodeScanner.ScanResult result = sandboxService.scanJar(managedJar);
         return Map.of(
             "clean", result.clean(),
             "violations", result.violations().stream().map(v -> Map.of(

packages/core/src/main/java/dev/synapse/plugins/loader/PluginStorageService.java

@@ -213,6 +213,36 @@ public boolean hasOrphanedStagingJars() {
         return !listStagingJars().isEmpty();
     }
 
+    /**
+     * Resolves a managed plugin JAR path inside system/ or staging/.
+     * Rejects arbitrary filesystem paths outside plugin storage.
+     */
+    public Path resolveManagedJar(Path requestedPath) throws IOException {
+        if (requestedPath == null) {
+            throw new IllegalArgumentException("jarPath is required");
+        }
+
+        Path realRequested = requestedPath.toRealPath();
+        Path realSystemDir = systemDir.toRealPath();
+        Path realStagingDir = stagingDir.toRealPath();
+
+        boolean inSystem = realRequested.startsWith(realSystemDir);
+        boolean inStaging = realRequested.startsWith(realStagingDir);
+        if (!inSystem && !inStaging) {
+            throw new IllegalArgumentException(
+                "jarPath must point to a managed plugin JAR in system/ or staging/"
+            );
+        }
+        if (!Files.isRegularFile(realRequested)) {
+            throw new IllegalArgumentException("jarPath must point to a plugin JAR file");
+        }
+        if (!realRequested.getFileName().toString().endsWith(".jar")) {
+            throw new IllegalArgumentException("jarPath must point to a .jar file");
+        }
+
+        return realRequested;
+    }
+
     private List<Path> listJars(Path dir) {
         if (!Files.isDirectory(dir)) {
             return List.of();

packages/core/src/test/java/dev/synapse/core/plugins/PluginSafetyServiceTest.java

@@ -0,0 +1,99 @@
+package dev.synapse.core.plugins;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import dev.synapse.core.common.domain.StoreEntry;
+import dev.synapse.core.common.repository.StoreEntryRepository;
+import dev.synapse.core.infrastructure.logging.SystemLogService;
+import dev.synapse.plugins.PluginLifecycleService;
+import dev.synapse.plugins.PluginSafetyPolicy;
+import dev.synapse.plugins.PluginSafetyService;
+import dev.synapse.plugins.PluginTrustLevel;
+import java.util.Map;
+import java.util.Optional;
+import org.junit.jupiter.api.Test;
+
+class PluginSafetyServiceTest {
+
+    private final PluginLifecycleService lifecycleService = mock(
+        PluginLifecycleService.class
+    );
+    private final StoreEntryRepository storeEntryRepository = mock(
+        StoreEntryRepository.class
+    );
+    private final SystemLogService logService = mock(SystemLogService.class);
+
+    private final PluginSafetyService safetyService = new PluginSafetyService(
+        lifecycleService,
+        storeEntryRepository,
+        logService
+    );
+
+    @Test
+    void verifiedSourceShouldRequireMatchingStoreEntry() {
+        StoreEntry entry = new StoreEntry();
+        entry.setId("anthropic");
+        entry.setSource("official");
+        entry.setVersion("1.0.0");
+        entry.setAuthor("synapse-core");
+        when(storeEntryRepository.findById("anthropic"))
+            .thenReturn(Optional.of(entry));
+
+        PluginSafetyPolicy policy = safetyService.assess(
+            Map.of(
+                "id", "anthropic",
+                "source", "official",
+                "version", "1.0.0",
+                "author", "synapse-core"
+            )
+        );
+
+        assertThat(policy.trustLevel()).isEqualTo(PluginTrustLevel.VERIFIED);
+        assertThat(policy.requiresConfirmation()).isFalse();
+    }
+
+    @Test
+    void spoofedVerifiedSourceShouldBeDowngraded() {
+        when(storeEntryRepository.findById("evil-plugin"))
+            .thenReturn(Optional.empty());
+
+        PluginSafetyPolicy policy = safetyService.assess(
+            Map.of(
+                "id", "evil-plugin",
+                "source", "official",
+                "version", "1.0.0",
+                "author", "attacker"
+            )
+        );
+
+        assertThat(policy.trustLevel()).isEqualTo(PluginTrustLevel.UNVERIFIED);
+        assertThat(policy.requiresConfirmation()).isTrue();
+        assertThat(policy.warnings().getFirst()).contains("claims verified source");
+    }
+
+    @Test
+    void spoofedVerifiedInstallShouldRequireConfirmation() {
+        when(storeEntryRepository.findById("evil-plugin"))
+            .thenReturn(Optional.empty());
+
+        assertThatThrownBy(() ->
+            safetyService.safeInstall(
+                Map.of(
+                    "id", "evil-plugin",
+                    "source", "official",
+                    "version", "1.0.0",
+                    "author", "attacker",
+                    "type", "channel",
+                    "description", "spoofed"
+                ),
+                false
+            )
+        )
+            .isInstanceOf(IllegalStateException.class)
+            .hasMessageContaining("Confirmation required")
+            .hasMessageContaining("verified source");
+    }
+}