topic Re: Plugin Security in Fusion Support Forum

Plugin Security

boeld — Thu, 28 Jan 2021 21:23:55 GMT

After installing a plugin that didn't work at all, I searched for where it was and found out that there are dll's installed with plugins. Made me wonder about the security of plugins for Fusion 360. Is that an issue at all? Or is it (theoretically) not possible that harmful code is injected in the plugins that are available for download?

Re: Plugin Security

jodom4 — Tue, 02 Feb 2021 19:22:05 GMT

@prainsberry , can you offer some insight here?

Re: Plugin Security

prainsberry — Tue, 02 Feb 2021 21:10:19 GMT

Hello,

For plugins downloaded from the Autodesk App store there are some levels of scrutiny that are applied, but I would refer you to the publisher guidelines for information on what it takes to publish to the store:
https://apps.autodesk.com/Publisher/ProductGuidelines
For add-ins and scripts sourced from other locations it comes down to whether you trust the source. Add-ins running in Fusion 360 are being executed at runtime and are not really restricted from accessing resources outside the parent Fusion 360 process and thus it is possible that a malicious actor could have placed some nefarious code into a plugin.

We would definitely encourage you to know the source of any add-in or script you attempt to install.

Re: Plugin Security

boeld — Wed, 03 Feb 2021 21:41:49 GMT

The plugin I was talking about, came from the app store. But is there a guarantee that the guidelines you posted, are actually used in the plugins in the app store? How is this tested? How are these guidelines more than just guidelines? How are they enforced - if at all?

In other words: to what extend I can trust plugins that I download from the app store?

Re: Plugin Security

godfreb — Thu, 04 Feb 2021 04:33:06 GMT

Hello,

The apps contained within the App Store are scanned by multiple virus scanners. Any components within an application should be safe.

Brandon, App Store Developer.