Menu

#973 Can't mark a script as TRUSTED with 20.03

Release_xx.yy
fixed
bluehazzard
scripting (9)
Bug_Report
2022-05-09
2020-05-31
Takeshi Kodama
No

CB20.03, Win10/mingw64.

  • Open [Scripting console] dialog by [View|Script console].
  • Execute the following by [Command] text box.
    IO.RemoveFile(_T("Dummy.dat"))
  • [Security Warning!] dialog pops up.
  • Choose "Mark this script as TRUSTED for this session" on [Choose your action] drop down list. Click [OK] to close the dialog.
  • Open [Scripting settings] dialog by [Settings|Scripting]. Open [Trusts] tab page.

With 17.12, an anonymous script is registered with Signature=0 and Temp?=Yes. With 20.03, it is not registered.

Discussion

  • Miguel Gimenez

    Miguel Gimenez - 2021-05-28

    Looks like revision 11627 is the source of the problem. When you want to mark the script as trusted execution reaches this point

    void ScriptingManager::TrustCurrentlyRunningScript(bool permanently)
{
     if (!m_data->m_RunningScriptFileStack.empty())
    {
        const wxString currentlyRunningScriptFile = m_data->m_RunningScriptFileStack.back();
        TrustScript(currentlyRunningScriptFile, permanently);
    }
}

    but m_data->m_RunningScriptFileStack is empty, so the script is not marked as trusted.

     

    Last edit: Miguel Gimenez 2021-05-28

  • Teodor Petrov

    Teodor Petrov - 2021-05-28
    • labels: --> scripting
     

  • Miguel Gimenez

    Miguel Gimenez - 2021-05-28 
    std::vector<wxString> m_RunningScriptFileStack;

    Why don't use a proper std::stack here?

     

  • bluehazzard

    bluehazzard - 2021-05-28
    • assigned_to: bluehazzard
     

  • bluehazzard

    bluehazzard - 2021-05-28

    i try to look into it

     

  • bluehazzard

    bluehazzard - 2021-05-28

    Side question:

    template<

    class T,
    class Container = std::deque<T>
> class stack;

    why do they use deque and not vector? This would save overhead and ram space

     

  • Teodor Petrov

    Teodor Petrov - 2021-05-28

    Both of these doesn't matter actually... if you push_back and pop_back in a vector it is just like you're using a stack, but it is not called a "stack". A deque is a linked list of vectors, so some of the operations are better and some worse. Still it doesn't matter here. The stack depth is 10 in a bad day and the worse case would be something like 100. In realistic situations.

    The actual problem as far as I understand is that you cannot associate functions to files and so you cannot trust them with the current system. And the "Script console" looses this information, because it is not a file. I think the whole trust system should be redesigned a bit. In its current form I don't think it is really that useful. But I hope to do other stuff now and less scripting related, so I don't think I'll work on this in the coming months.

     

  • Miguel Gimenez

    Miguel Gimenez - 2022-05-09

    May be fixed in [r12799].

     

    Related

    Commit: [r12799]

  • bluehazzard

    bluehazzard - 2022-05-09
    • status: open --> fixed
     

  • bluehazzard

    bluehazzard - 2022-05-09

    Yes this is "fixed" in the commit.
    I have not implemented trusting console scripts, but this should be fine for now.
    If someone complains we can make it better in the future....

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.