I have just inherited a project that uses SecureSWF. I am trying to utilize RobotLegs (which uses SwiftSuspenders for reflection to implement dependency injection) and have just discovered that SecureSWF breaks the build. Has anyone had a similar problem? Is there a workaround? Is it possible to obscure a SWF that's built with RobotLegs at all?
It's straightforward, actually. You need NAMES for reflection. And they are the primary target for ANY kind of obfuscation and mangling. Since we absolutely can not abuse the verify mechanism in flash player VM (which is damn good), we have no way in getting around it.
I'm using secureSWF too, and I have a mechanism of sewing skins and controllers together with descrybeType() and a hell of a lot of checking of types and members. I exclude my sensitive to obfuscation classes from the protection workflow. They are of no use to a hacker anyway.
Related
There are several packages out there that help in automating the task of writing bindings between C\C++ and other languages.
In my case, I'd like to bind Python, some options for such packages are: SWIG, Boost.Python and Robin.
It seems that the straight forward process is to use these packages to create C\C++ linkable libraries (with mostly static functions) and have the higher language be extended using them.
However, my situation is that I already have a developed working system in C++ therefore plan to embed Python into it so that future development will be in Python.
It's not clear to me how, and if at all possible, to use these packages in helping to extend embedded Python in such a way that the Python code would be able to interact with the various Singleton instances already running in the system, and instantiate C++ classes and interact with them.
What I'm looking for is an insight regarding the design best fitted for this situation.
Boost.python lets you do a lot of those things right out of the box, especially if you use smart pointers. You can even inherit from C++ classes in Python, then pass instances of those back to your C++ code and have everything still work. My favorite resource on how to do various stuff is this (especially check out the "How To" section): http://wiki.python.org/moin/boost.python/ .
Boost.python is especially good if you're using smart pointers or intrusive pointers, as those translate transparently into PyObject reference counting. Also, it's very good at making factory functions look like Python constructors, which makes for very clean Python APIs.
If you're not using smart pointers, it's still possible to do all the things you want, but you have to mess with various return and lifetime policies, which can give you a headache.
To make it short: There is the modern alternative pybind11.
Long version: I also had to embed python. The C++ Python interface is small so I decided to use the C Api. That turned out to be a nightmare. Exposing classes lets you write tons of complicated boilerplate code. Boost::Python greatly avoids this by using readable interface definitions. However I found that boost lacks a sophisticated documentation and dor some things you still have to call the Python api. Further their build system seems to give people troubles. I cant tell since i use packages provided by the system. Finally I tried the boost python fork pybind11 and have to say that it is really convenient and fixes some shortcomings of boost like the necessity of the use of the Python Api, ability to use lambdas, the lack of an easy comprehensible documentation and automatic exception translation. Further it is header only and does not pull the huge boost dependency on deployment, so I can definitively recommend it.
I'm talking about wrappers for third-party libraries. Until recently I was trying to provide a general enough wrapper so I could easily switch libraries if needed. This however proved to be nearly impossible since libraries can vary greatly even in terms of how basic concepts are handled.
So the question came to me why one should use wrappers at all. (In the past I have been encouraged by experienced coders to write wrappers for 3rd-party libs.) I came to the following conclusions; please tell me if they are wrong or if you have anything to add.
If the library isn't widely used in the application (e.g. used by only one or two classes), don't write a wrapper at all, just use it directly. (Especially if it's a portable lib.)
When you do write wrappers don't think you can make one-size-fit-all wrapper. Write something appropriate for the strengths of the lib.
... But in some cases you can still generalize the wrapper enough so that it'll be somewhat easier to switch libraries. (E.g.: most graphics libraries use images and fonts.)
Wrappers are useful for when the library offers more functionality than you need. You can hide the unneeded functionality in the wrapper.
In the case of C libs (if you're using C++), you can also write a wrapper to help you with automatic memory management.
What do you think are the (dis)advantages of using wrappers, and how should they be used properly?
I think you've hit the nail on the head, wrappers just to allow something to potentially be swapped out is a bad idea. The classic example is a database and who has actually ever had to switch from SQL to Oracle (I know people have, but how often and did having a wrapper really help?).
In my experience a wrapper only helps if it is hiding 2+ calls to the 3rd party component or api's into a single call that means something to the calling code (basically a facade pattern) or if it is wrapping the code and adding value / type conversion for the caller (an adapter pattern).
So the wrapper must provide a benefit here and now to the consumer, not a potential future benefit (to the system coder) that may never be needed.
Wrappers are powerfull if you want to test in isolation. For example my development system has no connection to my customers activedirectory that holds usernames and roles. so i have a UserInfoWrapper-Interface with two implementations: one that uses activedirectory and one with fake userdata used for development.
"All problems in computer science can be solved by another level of indirection" by Butler Lampson
There is a cost involved in abstracting third party libraries by creating a wrapper. You need to decide whether the cost is worth it or not. For e.g. it is extremely difficult (or at least involves significant development cost) to create wrapper on UI toolkits or libraries. On the contrary it is relatively easy to create wrappers for third party logging libraries.
Wrapper can also be used to provide domain specific and a simplified API on top of third party libary. Facade pattern could be of help (as Paul Hadfield has mentioned above).
I'm thinking about using Haxe in place of AS3.
What are the disadventages of that? I can think about:
Difficulties with using native AS3 libraries.
Difficulity of debugging after language translation.
Haxe is quite young, it may have some rough edges. Does it?
Does any one of you have expirience with Haxe dark sides?
What are the adventages? I've heard:
Performance.
Multiple targets (But I don't see how that is useful)
Better typing that AS3
Maybe better syntax.
Haxe is big enough that there should be more. What are the pros of Haxe?
Edit:
If there are no real disadvantages then why Haxe is not replacing AS3?
Your first point is surely true. Some "native" libraries (such as Flex) may require a little of gym to be included in your project. In the vast majority of cases it is a quite smooth process. Haxe supports multiple -swf-lib which permit to have the code of the imported assets immediately available in your application. Note that the imported libs are not just embedded but are recognized as code asset, so if your IDE is integrated with Haxe you will have type completion for that too.
About the debugging there are no issues at all for the translation, that because the language is not translated to AS3 but directly compiled to AVM2 bytecode. When the -debug switch is on, the full stack trace with source code references (filename, line and position) is fully preserved. An uncaught exception will point you exactly at the line of code that generated it.
Haxe is not really that young and for sure the AVM2 output is the one with the best support of all. There are no rough edges in my opinion.
Of the pros you have outlined I want to underline that multiple targets can be huge. Of course to take really advantage of it you can't really rely on external libs specific for AS3. Even so there are always big chunks of code that you want/can reuse across projects.
To mention a few other advantages:
macros are a recent addition which add a huge pool of possibilities.
Molehill API is already available for Haxe (SVN version) and Nicolas is working on a Shader system that makes it even bigger.
Haxe is evolving constantly bringing new (important) features at each release.
In Podcast 58 (about 20 minutes in), Jeff complains about the problems of HTML.Encode() and Joel talks about using the type system to have ordinary strings and HTMLStrings:
A brief political rant about the evil of view engines that fail to HTML
encode by default. The problem with
this design choice is that it is not
“safe by default”, which is always the
wrong choice for a framework or API.
Forget to encode some bit of
user-entered data in one single
stinking place in your web app, and
you will be totally owned with XSS.
Believe it. I know because it’s
happened to us. Multiple times!
Joel maintains that, with a strongly-typed language and the right
framework, it’s possible (in theory)
to completely eliminate XSS — this
would require using a specific data
type, a type that is your only way to
send data to the browser. That data
type would be validated at compile
time.
The comments at the blog post mention using static analysis to find potential weaknesses. The transcript Wiki isn't done yet.
Is it possible to implement Joel's suggestion without having a new ASP.NET framework?
Might it be possible to implement it simply by subclassing every control and enforcing new interfaces based on HTMLString? If most people already subclass controls in order to better able to inject site-specific functionality, wouldn't this be fairly easy to implement?
Would it be worth doing this instead of investing in static analysis?
To use HtmlString everywhere, you would essentially have to rewrite every property and method of every web control. System.String is sealed, so you can't subclass it.
An easier (but still very time consuming) approach would be to use control adapters to replace web controls with safe alternatives. In this case, you would subclass each web control and override the Render methods to HTML-encode dynamic content.
I'm not looking so much for language-specific answers, just general models for implementing a plugin system (if you want to know, I'm using Python). I have my own idea (register callbacks, and that's about it), but I know others exist. What's normally used, and what else is reasonable?
What do you mean by a plugin system? Does Dependency Injection and IOC containers sounds like a good solution?
I mean, uh, well, a way to insert functionality into the base program without altering it. I didn't intend to define it when I set out. Dependency Injection doesn't look particularly suitable for what I'm doing, but I don't know much about them.
A simple plugin architecture can define a plugin interface with all the methods the plugin ought to implement. The plugin handles event from the application, and can use the application's standard code, model objects, etc. to get things done. Basically the same as an ASP.NET Form does, except that you're overriding rather than implementing.
Nobody taught me this part, and I'm no expert, but I feel: In general a plugin will be less stable than its application, so the application should always be in control and only give the plugin periodic opportunities to act. If a plugin can register an Observer, then calls to the delegate should be tried/caught.
There is a very good episode of Software Engineering Radio, which you may be interested in.
For future reference, I have reproduced here the "Rules for Enablers" (alternative link) given in the excellent Contributing to Eclipse by Erich Gamma, Kent Beck.
Invitation Rule - Whenever possible, let others contribute to your contributions.
Lazy Loading Rule - Contributions are only loaded when they are needed.
Safe Platform Rule - As the provider of an extension point, you must protect yourself against misbehavior on the part of extenders.
Fair Play Rule - All clients play by the same rules, even me.
Explicit Extension Rule - Declare explicitly where a platform can be extended.
Diversity Rule - Extension points accept multiple extensions.
Good Fences Rule - When passing control outside your code, protect yourself.
Explicit API Rule - separate the API from internals.
Stability Rule - Once you invite someone to contribute, don?t change the rules.
Defensive API Rule - Reveal only the API in which you are confident, but be prepared to reveal more API as clients ask for it.
In Python you can use the entry-point system provided by setuptools and pkg_resources. Each entry point should be a function that returns information about the plugin -- name, author, setup and teardown functions, etc.
How about abstract factory? Your base program defines how the abstract concepts interact with each other, but the caller has to provide the implementation.