-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Enabled" state not persisted through YAML files (works with Protobuf) #23
Comments
Thanks, you found a weird combination of intended and unintended effects:
The end result is what you experienced, and I agree that it's not the best outcome. As I mentioned above, I intended YAML as the (more) user-readable, stand-alone, shareable version, while ProtoBuf is somewhere between a temptation (it's about 10 lines of code since the rest is already there for settings persistence, so why not) and the notion of it being easier to parse reliably in a standardized way as opposed to YAML which has lots of issues between different implementations. Knowing all this, what would you consider a better solution? |
I prefer to use YAML (easier to read / edit / compare) and I would like to see the Prototobuf and YAML versions working in a same way. That implies adding "enabled" to the YAML format. Regarding YAML parsing differences: you made me curious given that, usually, parsing mismatches lead to interesting bugs |
I agree, YAML is the way for Piper to interact with humans, that's also why I use it for the default config format. What are your thoughts about ignoring
Exactly, this is why YAML is a bad format, as everyone can confirm who tried listing countries using 2-character ISO codes and someone picked Norway. ;) So right now, YAML works for Piper in a way that the same library is used to read and write. But I cannot guarantee that any other YAML parser could
It's a shitty format, but I couldn't find anything better with the same level of human readability and descriptive force such as arbitrary nesting (needed for filters), binary content (also needed for filters), etc. |
Ignoring YAML: thanks for opening my eyes on how bad this format is ;-) Despite the possible incompatibilities, I'd keep it around, as text-based config is much easier to deal with |
Thanks for the confirmation, I'll do it that way then.
Happy to help you become one of today's lucky 10,000 \o/
I agree, that was my original intention. So YAML has always been the main format and ProtoBuf is just there because it would've been a sin not to expose the already existing option to users. |
All good, many thanks! |
Reopening, as this issue came up while developing #29.
During testing, my code fell back to While this can be a bug of Stepper, I think, that assuming every dependency of every Piper script in the default config will be present on every system is unrealistic. We also don't know the edge cases where different Piper scripts with missing dependencies may be triggered. On the other hand when a user explicitly loads some scripts (or enables some defaults) I think it's fair to assume that she wants to use them, and is ready to deal with system dependencies.
|
Maybe I didn't make myself clear enough: by won't break anything I meant not doing anything unexpected for the user, this covers
The first two are typical examples for HTTP listeners which the default config lacks while the last one covers the commands themselves which are considered trusted by definition, since if your threat model includes Piper JAR being mailicous, it's much easier to plant a backdoor in the Kotlin code itself instead of the much shorter and more readable YAML default config. I guess your interpretation of braking thinks (results in tons of exceptions) is fair, yet it's not a big deal in my view: exceptions are part of life, and shouldn't break anything. Yet there's already code in place to handle this, just unused: burp-piper/src/main/kotlin/burp/Extensions.kt Lines 108 to 116 in 634bd29
So if the code below would change from burp-piper/src/main/kotlin/burp/BurpExtender.kt Lines 766 to 767 in 634bd29
Would that solve your issue?
That would be solved by #29 I guess. |
I got one of my homeworks rejected you know where because of this, so maybe it's just my PTSD triggered :D
Yes, I think this is a good solution to the dependency problem.
True, but with this we enable scripts on one load path but not on another, which I think is inconsistent and goes against your stated concerns. Frankly, I don't see how support for automation and protecting the "Piper script supply chain" can be solved together. |
Inconsistent? Maybe. Against my concerns? I don't think so. Think Mark-of-the-Web:
So I think it's quite the opposite of what you stated: the current behavior supports automation yet prevents users from shooting themselves in the foot by loading either malicious or well-intended but flawed configurations. Where do you see our opinions diverge? |
I simply don't see that much of a difference between the GUI and the env var paths in terms of the trustworthiness of the input, or user consent. In both cases the user has to perform explicit actions to make the scripts load, and have the chance to review the scripts, but we can't ensure that she did. If you argue that clicking buttons is a "weaker" consent than setting environment variables, I can accept that, but I think it is important to clarify (and maybe document) this, esp. since there are security concerns. |
Thanks, that's exactly my point. Although the use-cases of GUI and environment variables overlap somewhat, I feel that
And you're right, this should be documented as soon as it's ready for a release. |
Piper behaves differently when importing YAML and Protobuf files. YAML won't persist the "enabled" state
How to reproduce:
Workaround:
The text was updated successfully, but these errors were encountered: