1. Overview Purpose: Allow a host application (e.g., editor, IDE, media player, game engine) to open external files via a plugin system. The plugin registers a custom file open handler to intercept or extend the application’s native file opening behavior.
def open(self, path, mode='r'): with open(path, 'rb') as f: encrypted = f.read() decrypted = self.decrypt(encrypted) return decrypted.decode('utf-8') plugin file open
# Fallback to native open return native_open(filepath) # plugin.py from hostapi import FileOpenHandler class CustomHandler(FileOpenHandler): def can_handle(self, path): return path.endswith('.encrypted') def open(self, path, mode='r'): with open(path, 'rb') as
// Called after host opens file void (*on_after_file_open)(const char* path, void* context, int host_result); mode='r'): with open(path
def decrypt(self, data): # custom decryption logic return xor_cipher(data, key='secret') | Threat | Mitigation | |--------|-------------| | Path traversal (../../etc/passwd) | Sanitize and canonicalize paths; reject if outside allowed roots | | Plugin crash crashing host | Run plugin in separate process or sandbox (e.g., WASM, Lua sandbox) | | Malicious plugin reading arbitrary files | Enforce capability-based permissions: allow_paths=["/data/project/*"] | | Symlink attacks | Use realpath() and verify file ownership/permissions before open | | Recursive plugin calls | Set a recursion guard (max depth = 3) |
// Called instead of host opening (if plugin handles fully) int (*on_open_file)(const char* path, void* context, char** output_data, size_t* output_size);