Comments (5)
Thank you for your feedback.
Reply to some comments.
First of all, keep in mind that some code is not mine (that is, it is generally provided as a C++ library).
For example, assembly.hpp
, byte_pattern.cpp
, byte_pattern.h
, injector.hpp
are library code and have not been modified. Therefore, I will refrain from mentioning that part.
A lot of reinterpret_cast (which many consider bad practice to use)
I didn't know it was bad practice because I'm not a C++ professional. I would like to fix this if possible.
You can also submit patches yourself, if possible.
Use of unions (even though the code is seemingly in C++17)
I will not mention this because it is an external library as mentioned above.
However, I am personally working to stop relying on these libraries.
Heaps upon heaps of raw assembly
I also believe that raw assembly should be avoided from a maintainability standpoint, and I am gradually reducing it.
Someone could replace the DLL with a tainted one, and infect user's systems.
This seems like a word that can be taken in several ways.
For example, regarding the use of DLLs in the context of Blender Add-ons, I've seen it in some other add-ons as well, so I don't think it's a problem (as for DLL Hijacking, I'm loading it from an absolute path, so Unintended DLLs should not be loaded, and assuming the DLL is replaceable, an attacker would be more efficient to replace the addon's entry point itself than to replace the DLL.)
Next, the same thing can be said about loading code that the user does not know. Some well-known add-ons can be seen calling external processes internally or installing additional libraries. Since they contain implicit code, they are a security risk.
Finally, I agree with you about using C++ code to replace the in-memory code. However, this is also a context that is not a Blender addon, for example, it is a common context in the mod culture in games (for example, Minecraft and Beat Saber add some modifications to the game itself, and the original localization addon is added to the game. in-memory patch).
Try to integrate this in Blender itself (i.e. add drag and drop to Blender itself without an addon).
This has been done by many developers and users over the years, and has been rejected by the Blender team, so this approach is hopeless. That's why this addon exists.
Clarify why such malware-like practice is needed, and give warnings to the risks of using this addon
I think this is a good idea.
If you do this, I think it will be the following process, but if you have any opinions, I would be happy if you could add them.
- Install the add-on normally
- Added the following settings to the add-on settings screen
- A detailed description of what this addon is doing
- This addon uses C++ DLL code. Please check DLL publisher and DO NOT replace it.
- The C++ DLL hooks calls to certain functions in Blender.exe in order to receive events on drop. This is the desired behavior as Blender itself does not provide any events for drops.
- If you disable the add-on, these behaviors are restored.
- Read the explanation and agree
- A detailed description of what this addon is doing
- Where consent has been obtained, further processing in question
from blender-drag-and-drop.
Hey, @StandingPadAnimations.
Do you have any opinions?
from blender-drag-and-drop.
Looks fine to me, although I think a warning should be added about sources. Maybe something along the lines of "This addon officially can be downloaded from GitHub"
from blender-drag-and-drop.
Thank you for your reply! Surely I should do that too.
Additionally, I would like to provide it for those who can handle SHA256 checksum files to detect tampering.
I'll try to include the corresponding text in the GitHub page (README.md), the documentation site (https://docs.natsuneko.cat), BOOTH (https://natsuneko-vrc.booth.pm/; Japanese marketplace), and the add-on description.
from blender-drag-and-drop.
Supported in 8deef1c
from blender-drag-and-drop.
Related Issues (20)
- [Bug]: Blender 3.2.2 Crash on importing PNG image as reference
- Building release binaries with GitHub Actions for transparency
- [Feature Request]: Support to Blender 3.6.0 HOT 3
- [Feature Request]: Support Blender 3.6.1 HOT 2
- Crashes Blender for Artists after enabling plugin
- [Bug]: Can't drag and drop import models HOT 9
- [Feature Request]: Support Blender 3.6.2 LTS
- I cant enable the addon HOT 6
- Automatically support the latest version with GitHub Actions
- [Bug]: Version 3.6.2 doesnโt work, 3.6.1 was fine. HOT 3
- [Feature Request]: Support to Blender 4.0.0 HOT 2
- [Bug]: When the file extension is *.FBX, the file cannot be imported. HOT 7
- [Bug]: After dragging in the file, the import menu will be displayed three times. HOT 8
- [Bug]: Failed to load archived add-on
- [Feature Request]: Support to Blender 4.0.1 and 4.0.2
- [Feature Request]: Support older versions of Blender HOT 1
- [Bug]: Quickly drag the file several times into blender, the menu will no longer pop up.
- [Feature Request]: Blender 4.1 (alpha) adds `bpy.types.FileHandler` API for handling drag-and-drop officially, replace it
- [Bug]: Blender LTS 3.6 STL/PLY no action HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from blender-drag-and-drop.