QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-05-12 11:25:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,585 Commits 488 Branches 544 Tags
extensions-security-sandbox
Commit Graph

4 Commits

Author SHA1 Message Date
Evan Rusackas
4ae0bc9ade feat(extensions): add security trust configuration and signature verification 
Implements a comprehensive security system for Superset extensions:

Backend:
- Add EXTENSIONS_TRUST_CONFIG to superset_config.py for admin control
- Create ExtensionSecurityManager for trust validation and signature verification
- Support Ed25519 signatures for extension manifests
- Integrate trust validation into extension loading pipeline

CLI:
- Add `generate-keys` command for creating Ed25519 signing keypairs
- Add `sign` command and `--sign` option to `bundle` for manifest signing

Frontend:
- Add WASM support to webpack config for QuickJS sandbox
- Update Extension interface with trust-related fields
- ExtensionsManager now uses backend-validated trust levels

Documentation:
- Add Administrator Configuration guide for trust settings
- Add Extension Signing guide for developers
- Update security.md and sandbox.md with cross-references
- Add Security subcategory to sidebar

Tests:
- Add 21 unit tests for trust validation and signature verification

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-07 23:43:07 -08:00
Michael S. Molina
ba8d6eb9ac docs: Adds a new "Dependencies" page to the Developer Portal (#36817) 2025-12-23 10:41:10 -08:00
Michael S. Molina
5e3ff0787b docs(extensions): Add community extensions registry page (#36312) 2025-12-02 09:03:04 -05:00
Michael S. Molina
fe21485065 docs: Reorganizes the extensions documentation (#36298) 
Co-authored-by: Evan Rusackas <evan@preset.io>
 2025-11-26 16:48:36 -05:00