 |
DraxDrax
Apprentice
Joined: 22 Mar 2009
Posts: 149
|
 Posted: Sat Feb 19, 2011 12:55 am
Feature request: Allow the XML parser to execute commands
|
When putting together scripts for zMud, it was very easy to include a #DELCLASS line near the beginning of the .zsc file which, when imported, would remove the class the script was installed in, effectively uninstalling any previous versions before updating to the current version. This was very simple to set up and allowed me to make revisions to scripts which people who didn't understand zscript at all could still import and use with minimal fuss. It was also very easy to include a #SAY line at the end which echoed a message, telling the user that the script had been installed and what version they had. Again, super easy and incredibly robust.
Is there a simple way to do the same sort of thing with .xml formatted scripts imported in to Cmud? Possibly xml tags I can stick the code in which will cause it to execute immediately? |
|
Last edited by DraxDrax on Sat Feb 19, 2011 10:47 am; edited 1 time in total |
 |
|
|
chamenas
Wizard
Joined: 26 Mar 2008
Posts: 1547
|
Posted: Sat Feb 19, 2011 1:43 am
|
You could always create a 1 second or half second alarm trigger that would essentially fire after the settings have been saved and then in the trigger run anything you need to run for an "onInstall" procedure.
|
|
|
|
|
DraxDrax
Apprentice
Joined: 22 Mar 2009
Posts: 149
|
Posted: Sat Feb 19, 2011 2:07 am
|
| chamenas wrote: |
| You could always create a 1 second or half second alarm trigger that would essentially fire after the settings have been saved and then in the trigger run anything you need to run for an "onInstall" procedure. |
I thought of something like that, but it's not exactly simple and wouldn't help at all in executing a command like #DELCLASS to remove any previous versions of a script before updating it, since it's essential that command be executed prior to installing updates.
There are different multi-step solutions to accomplish this, but I'm trying to keep script installation and setup as simple and straightforward as possible so that users who aren't especially Cmud savvy can install and update a script with minimal fuss and have it work for them. I could set such a thing up easily in zMud. There really ought to be a way to make it as easy in Cmud. |
|
|
|
|
Zugg
MASTER
Joined: 25 Sep 2000
Posts: 23379
Location: Colorado, USA
|
Posted: Sat Feb 19, 2011 2:12 am
|
You can't do it with the XML import, sorry. That would make it too easy for somebody to install Malware into your system or scripts. The whole purpose of the XML is to provide a plain-text way to look at scripts and copy/paste them. There isn't any way to make XML text like this "auto execute".
As Chamenas mentioned, you *can* set up an "onLoad" event handler in your script that can take action when you first load/execute the script. This can't happen when you just Paste the XML, but it will happen when you next the session containing the package. It would be pretty easy to set up a variable or class folder naming scheme with the version of your package and then have the onLoad event check for the old version and remove it.
Or you can use the Shared Package Library which is already set up for this kind of stuff. You just update your package in the library, and then people using the package will get an Update status when they update the library and can then download/install the new version. When doing this, CMUD will remove the old version and replace it with the new version. So yes, CMUD *does* make it easy if you use the built-in solutions for it and not try to make it work like zMUD. |
|
|
|
|
DraxDrax
Apprentice
Joined: 22 Mar 2009
Posts: 149
|
Posted: Sat Feb 19, 2011 10:45 am
|
Is there any way you might reconsider adding the ability to 'auto execute' code, as you put it, in to the XML parsing engine? The ability to tailor scripts in XML format so that they can both execute instructions and create settings on a users system would make the import engine much more flexible and make it a great deal easier for me and others to distribute and troubleshoot scripts for less technically inclined users so that the end user only needs to do one thing, not a series of steps in a particular sequence.
| Zugg wrote: |
| That would make it too easy for somebody to install Malware into your system or scripts. |
The XML import engine is wide open to malware and malicious code as it is now. Once someone imports a script as XML, any malicious code it may contain is saved in to their settings and could then be set to execute automatically within half a second, or at any time after that, triggered by any event that a black hat could dream up. Forcing a half second delay in the execution of potentially malicious code that's installed with the import XML feature is completely ineffective as a security measure, but is proving stubbornly effective as a way to complicate the installation process and troubleshooting of scripts for other users.
| Zugg wrote: |
| As Chamenas mentioned, you *can* set up an "onLoad" event handler in your script that can take action when you first load/execute the script. This can't happen when you just Paste the XML, but it will happen when you next the session containing the package. It would be pretty easy to set up a variable or class folder naming scheme with the version of your package and then have the onLoad event check for the old version and remove it. |
This seems like a terribly convoluted way to accomplish something which should be much simpler. There are also many situations in which your suggested resolution would be ineffective. If, for example, a new Cmud user installs a version 2.4 of a script and somehow manages to bugger up one of the trigger patterns, reinstalling version 2.4 from the XML won't resolve the problem, since a changed trigger wouldn't be overwritten. Deleting the class the script uses prior to installation would always resolve these sorts of problems, but doing this in Cmud means adding additional steps to the installation process. And that's just one example. There are any number of other potential issues which can best be resolved by executing instructions prior to creating or modifying settings on a user's system.
The Shared Package Library that you mentioned is a great innovation, but the problem with it is that, once a script is published in that way, absolutely every Cmud user has equal access to it. That's a significant concern if you only want to give a script to particular friends of yours, members of your guild or just the Imm staff etc. With some scripts, especially things like bots, an author will want to maintain as much control as possible over its distribution.
Could an addition to the XML parser be made which would have it recognize, say, <execute></execute> tags in such a way that the lines they contain be executed as though entered in the command line by the user? This wouldn't have any impact on the export feature, only on imported XML scripts, and would always require that someone manually edit the XML. Including this feature wouldn't create a meaningful security concern or really add functionality that can't be accomplished in some other way. What it would do is greatly simplify the installation, updating and troubleshooting of distributed scripts so that these tasks can be accomplished with one easy step instead of a series of more complicated steps prone to greater confusion and user error. |
|
|
|
|
Progonoi
Magician
Joined: 28 Jan 2007
Posts: 430
|
Posted: Sat Feb 19, 2011 12:46 pm
|
Just my two cents but the apparent reluctance to use Package Library would be easily solved by coding some sort of security mechanism within the upload process. That way no-one unfamiliar with a, say, password wouldn't have access to it. Problem solved.
However, I'm not actively mudding nor using CMud anymore so perhaps there is such an option already.
Either way, some food for thought. |
|
_________________
The Proud new owner of CMud.
--------------------------------
Intel Core i5-650 3,2GHz
4 DD3 RAM
GTX 460 768MB
Win 7 Home Premium 64x
-------------------------------- |
|
|
|
Rahab
Wizard
Joined: 22 Mar 2007
Posts: 2320
|
Posted: Sat Feb 19, 2011 6:35 pm
|
Actually, using the Package Library _would_ solve the problem of someone accidentally mucking up one of the scripts, because the entire package would be overwritten when they reload it from the library. So you haven't actually shown any problem that is not solved by the Package Library, except that the scripts become public and you can't restrict who can get them.
No, the XML should absolutely not, never, ever, be changed to allow <execute> commands from within the script. Zugg already pointed out that if he did that, someone could write code that would essentially act as a trojan horse on your computer. Zugg really doesn't want the liability associated with that. |
|
|
|
|
DraxDrax
Apprentice
Joined: 22 Mar 2009
Posts: 149
|
Posted: Sun Feb 20, 2011 12:07 am
|
That would help resolve the problem with the availability of scripts, Progonoi, but I have to imagine it would be a larger undertaking to code that sort of system in to the package library than it would be to change the XML parser. There are also situations in which keeping a script secret is as important as restricting who has access to it. In those situations, you don't want the script showing up on a publicly available and searchable listing. So, again, just expanding the functionality of the XML importer seems more effective.
| Rahab wrote: |
| Actually, using the Package Library _would_ solve the problem of someone accidentally mucking up one of the scripts, because the entire package would be overwritten when they reload it from the library. So you haven't actually shown any problem that is not solved by the Package Library, except that the scripts become public and you can't restrict who can get them. |
The ability to control the availability of scripts is absolutely essential. So yes, while the very specific example I gave could be resolved by using the Package Library, it's still not a viable solution because the ability to control the availability of scripts is absolutely essential.
| Rahab wrote: |
| No, the XML should absolutely not, never, ever, be changed to allow <execute> commands from within the script. Zugg already pointed out that if he did that, someone could write code that would essentially act as a trojan horse on your computer. Zugg really doesn't want the liability associated with that. |
| DraxDrax wrote: |
| The XML import engine is wide open to malware and malicious code as it is now. Once someone imports a script as XML, any malicious code it may contain is saved in to their settings and could then be set to execute automatically within half a second, or at any time after that, triggered by any event that a black hat could dream up. Forcing a half second delay in the execution of potentially malicious code that's installed with the import XML feature is completely ineffective as a security measure, but is proving stubbornly effective as a way to complicate the installation process and troubleshooting of scripts for other users. |
I've bolded the part you seem to have missed. |
|
|
|
|
Rahab
Wizard
Joined: 22 Mar 2007
Posts: 2320
|
Posted: Sun Feb 20, 2011 1:26 am
|
It is more than a half-second delay. It delays execution until you have a chance to actually examine the code. Putting an <execute> code into the XML would cause it to activate as soon as you loaded it--not even giving you the chance to examine the code! In fact, the code could be written to do something to your system, and then _change_ its own code to something harmless, so that when you examined the code, you wouldn't realize that it had done something malicious. It is an incredible security risk. In the current system, you always have the chance to examine the code before you use it in Cmud.
|
|
|
|
|
DraxDrax
Apprentice
Joined: 22 Mar 2009
Posts: 149
|
Posted: Sun Feb 20, 2011 2:07 am
|
Are you using the same import XML function that I am, Rahab? The one I use requires that I, the user, actively copy and paste from some other source or save an XML file before importing it in to Cmud. This act of copying and pasting text or saving a file to my computer prior to importing it will ALWAYS provide me with an opportunity to examine the XML. Malicious code embedded in XML cannot circumvent these steps by the user which give them opportunities to examine the XML... So no, the situation you describe in which XML could be installed on your system through Cmud without any opportunity to examine it is impossible. That can't happen.
It would not be an "incredible security risk" to allow imported XML to execute instructions. Including that functionality in to the XML parser would make it effectively as secure, and effectively as insecure, as the XML import function is right now. To put that another way, the change I am proposing will make no difference to the security or insecurity of the import XML function... It would just be really useful and make various tasks much simpler. |
|
|
|
|
Rahab
Wizard
Joined: 22 Mar 2007
Posts: 2320
|
Posted: Sun Feb 20, 2011 8:01 pm
|
The more usual method of XML import is to use the Import XML function. This _would_ have the problem I described, as would using the Package Library. You are not using the normal methods for importing XML to Cmud, so while that functionality might be good for you, it would be potential disaster for everyone else.
|
|
|
|
|
DraxDrax
Apprentice
Joined: 22 Mar 2009
Posts: 149
|
Posted: Sun Feb 20, 2011 8:40 pm
|
Help me out here, Rahab... What 'Import XML function' are you talking about? How do navigate to it and use it? The normal method of importing XML that I use is navigated to by opening the Cmud Package Editor, then clicking on 'File', selecting 'Import XML' and then selecting a file I previously created or downloaded. The other method of importing XML that I use is to copy XML from someplace like these forums in to my windows clipboard and then paste it directly in to the Cmud Package Editor. By using either of these methods, I always have an opportunity to review the contents of the XML before installing them. What method are you using that circumvents the opportunity to review the XML?
You're right in saying that using the package library will install packages without giving the user an opportunity to view them first, but that is a vulnerability in the package library itself, and I'm not even sure if the package library uses XML at any point. That vulnerability in the package library could be exploited right now. The feature I am requesting will not make it any more vulnerable to malicious code.
Here, I'll give you two examples:
Example 1 (the XML parser as it works now)
| Code: |
<?xml version="1.0" encoding="ISO-8859-1" ?>
<cmud>
<trigger name="_Alarm0" type="Alarm" priority="440">
<pattern>+0.1</pattern>
<value>
ZSCRIPT CODE
ZSCRIPT CODE
ZSCRIPT CODE
ZSCRIPT CODE
</value>
</trigger>
<alias name="Example_Alias">
<value>#NOOP</value>
</alias>
<var name="Example_variable">0</var>
<trigger priority="410">
<pattern>Example_trigger</pattern>
<value>#NOOP</value>
</trigger>
</cmud> |
Example 2 (the XML parser with the addition of the feature I am requesting)
| Code: |
<?xml version="1.0" encoding="ISO-8859-1" ?>
<cmud>
<execute>
ZSCRIPT CODE
ZSCRIPT CODE
ZSCRIPT CODE
ZSCRIPT CODE
</execute>
<alias name="Example_Alias">
<value>#NOOP</value>
</alias>
<var name="Example_variable">0</var>
<trigger priority="410">
<pattern>Example_trigger</pattern>
<value>#NOOP</value>
</trigger>
</cmud>
|
If you import Example 1 using the import XML feature, you will create one alias, one variable one regular trigger and one alarm type trigger. The alarm will cause the four lines of ZSCRIPT CODE to execute automatically within half a second of being imported, and that alarm will be deleted. This very simple technique can be used to have zscript code executed on a users system when they import XML. This is how the XML parser works now.
If Zugg adds the feature I am requesting, and you were to import Example 2, the same four lines of ZSCRIPT CODE would be executed exactly as they are executed in Example 1, but they would be executed BEFORE the alias, trigger and variable are created on a users Cmud session. That's the only difference. That difference is irrelevant to how vulnerable the XML parser is to malicious code. It's only important in the way that it can potentially make the installation, updating and troubleshooting of shared scripts much easier.
If you think that the feature I am requesting will make the import XML parser more vulnerable to malware/malicious code, you haven't realized how vulnerable it is now or you've misunderstood what it is I'm requesting. |
|
|
|
|
chamenas
Wizard
Joined: 26 Mar 2008
Posts: 1547
|
Posted: Mon Feb 21, 2011 3:35 am
|
I'd like to know what people are talking about as well. As DraxDrax points out, the only scripting allowed in the <EXECUTE> tags would be zScript code, which, while it could possibly contain something malicious is no different than the fact that any normal zScript code could contain something malicious. And, as mentioned, you always get a chance to see what's in the code. Now, if it's a specific worry with the Package Library, you could always have it function that packages in the Package Library can't contain <EXECUTE> tags, I suppose.
|
|
|
|
|
DraxDrax
Apprentice
Joined: 22 Mar 2009
Posts: 149
|
Posted: Mon Feb 21, 2011 4:31 am
|
I don't think the package library even stores anything as XML. It saves and transfers packages as .pkg files.
Not sure about that though. |
|
|
|
|
Rahab
Wizard
Joined: 22 Mar 2007
Posts: 2320
|
Posted: Mon Feb 21, 2011 11:33 pm
|
Yes, the Package Library saves things as .pkg files, I believe. The .pkg file is an SQLite format. However, when you load the package from the Package Library, the XML Parser still has to parse the XML from within the SQLite database.
You do have a point that someone could put such an alarm into a package. I have a vague recollection that there was a discussion about this a long time ago. You can prevent that problem by turning triggers off before loading the file. I'm sure almost no one does, but that is a solution if there is a concern. Do you have a similar mechanism for your proposed <execute> tags? |
|
|
|
|
DraxDrax
Apprentice
Joined: 22 Mar 2009
Posts: 149
|
Posted: Tue Feb 22, 2011 12:49 am
|
| Rahab wrote: |
| Yes, the Package Library saves things as .pkg files, I believe. The .pkg file is an SQLite format. However, when you load the package from the Package Library, the XML Parser still has to parse the XML from within the SQLite database. |
If the change I am proposing was made, <execute> tags would only ever be encountered in XML that was manually altered. These tags would never appear in .pkg files or in XML files generated by the 'export to XML' function.
I poked around in some packages and the only information in .pkg files which appears to be saved in anything resembling XML format are the options associated with a zScript object. For example, the options field of a function I made has these values associated with it in the .pkg file: <opt><ArgList>$echo, $line, $data</ArgList></opt>. If inappropriate tags are encountered in a package file where they're not meant to be, it should return an error or do nothing. This includes tags like <trigger> <func> <var> <alias> <value> and, if it's added, the <execute> tag. All of those tags appear in XML formatted scripts but none of them should ever appear in package files. So, the inclusion of the <execute> tag in to the XML parser should not change the way package files are handled, or change the package library.
| Rahab wrote: |
| You do have a point that someone could put such an alarm into a package. I have a vague recollection that there was a discussion about this a long time ago. You can prevent that problem by turning triggers off before loading the file. I'm sure almost no one does, but that is a solution if there is a concern. Do you have a similar mechanism for your proposed <execute> tags? |
Yes. Only install XML scripts if you trust the source or you've checked the code, or someone you trust has checked the code. Basically the same security features that protect XML now... because, as you say, I'm sure nobody disables triggers before importing XML scripts. Whatever other security measures a user might take (like disabling triggers before importing XML) the act of checking the XML before importing it is a better option than checking to see what changes are made to your settings after importing it.
If that was deemed insufficient, a toggleable option to 'allow <execute> tags in XML' could be added to Cmud's general options. If that option wasn't checked, <execute> tags would be ignored. I'd rather this option was on by default, since the whole point in my asking for this feature is to make things easier for people who don't really understand Cmud, and getting them to go digging around in the options enabling things runs contrary to that goal... but if there was a concern, <execute> tags could be disabled that way. |
|
|
|
|
Rahab
Wizard
Joined: 22 Mar 2007
Posts: 2320
|
Posted: Tue Feb 22, 2011 2:44 am
|
This <execute> is only supposed to be encountered in XML that is manually altered? But you aren't supposed to do that. Zugg has said before that we should not edit the XML code. Doing so is a good way to corrupt a package.
|
|
|
|
|
DraxDrax
Apprentice
Joined: 22 Mar 2009
Posts: 149
|
Posted: Tue Feb 22, 2011 3:57 am
|
Files which are generated with the 'export to XML' feature or copy/pasted from the package editor will only ever generate XML that creates settings which reside on your Cmud session. So, things like aliases, variables and triggers etc. The entire point of the <execute> tag is to have a means of executing zScript commands at the time the XML is imported that will not create settings which reside in your Cmud session... things like an executed #SAY command or #DELCLASS or #BEEP. Those commands are executed and leave no settings behind. So, indeed, this would always require that XML be manually edited if it's to include <execute> tags.
That's the whole point, Rahab. I've said this a few times now. You seem to be confused about a number of points and I'm starting to wonder if going over them again and again for you is actually accomplishing anything.
I haven't seen Zugg say that manually editing XML is something we shouldn't ever be doing. None the less, I routinely edit XML files or snippits of XML code for various reasons. It's possible to make mistakes and create bugs or corrupt settings in this way, but that's true of absolutely every means of creating/altering code.
See the two examples of XML I posted two or three comments back? Both of those were manually edited. One, obviously, because it contains tags that don't exist, and the other because exporting an alarm trigger that only exists for half a second isn't very easy to do. I also removed the copy="yes" data that was unnecessary. It's very common for people to remove the <?xml version="1.0" encoding="ISO-8859-1" ?> tag from the beginning of XML, or the <cmud></cmud> tags, as these appear to be unnecessary when importing XML but are always generated when you copy/paste or use the export XML feature. Sometimes you spot issues in the XML and edit it directly, rather than changing your Cmud settings and exporting it all over again...
If you're not confident enough with zScript code or XML tags to be comfortable manually modifying XML, the proposed <execute> tags aren't for you. If, like me, you feel you have a solid grasp of these languages and formats, it would be a very useful addition and make Cmud better. |
|
|
|
|
Rahab
Wizard
Joined: 22 Mar 2007
Posts: 2320
|
Posted: Tue Feb 22, 2011 1:44 pm
|
At this point, I am pretty sure that I do understand what you are saying. I simply completely disagree that it is a good idea. And I was pointing out that Zugg has said that the XML code is not intended to be modified and is not supported. I myself am quite confident that I could edit it, if I chose. But it is not a supported feature of Cmud. There are other ways of achieving the ultimate goal that you want (supporting upgrades for people using your package). I have used several methods myself.
Perhaps you would be interested in the OnLoad event? |
|
|
|
|
DraxDrax
Apprentice
Joined: 22 Mar 2009
Posts: 149
|
Posted: Tue Feb 22, 2011 4:01 pm
|
Sadly, the onLoad event has not become a more viable solution since it was first mentioned in this topic three days ago.
|
|
|
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
