Results 1 to 20 of 20
  1. #1

    View scripts so you can know if to trust them

    Upon opening downloaded blend files it occurs sometimes that a message appears about untrusted scripts and it gives you the option to enable them or ignore them, what I would like to know how to do is see what those scripts ARE. Is there any way to view those scripts so I can work out whether they can be trusted or not, I program in python quite a lot so I think I would be able to resonably tell by looking at the script whether it can be trusted, it's just that I've no idea how to find the script to look at. Can anyone say how to see the sccripts contained in a file, google is not being my friend for this, no clear results for "how to view blender scripts before trusting them". Yours appreciatively, Jackson



  2. #2
    Member Meta-Androcto's Avatar
    Join Date
    Aug 2006
    Location
    australia
    Posts
    4,048
    this error is designed to work with scripts that use drivers.



  3. #3
    So how do I view the contents of drivers? Where can I find them? Also how do I look for any scripts in a file which are not drivers? Yours appreciatively, Jackson



  4. #4
    I still haven't found a full answer. Any chance of some more tips? Yours appreciatively, Jackson



  5. #5
    I've still found nothing online about this, there must be an answer but it's not anywhere obvious. There's plenty about what the blocking of scripts does and how to let them run or not, how to pick a default for trusting or not trusting... But even blender's manual/encylopedia has nothing on how to actually see all the scripts in a file. There really ought to be some explanation somewhere, can anyone help?



  6. #6
    Any more thoughts on this yet anyone, it would be really helpful to know. There is literally nothing I can find online about this, surely someone knows where you search in a blend file to check out what scripts it is carrying? Yours appreciatively, Jackson



  7. #7
    Member Meta-Androcto's Avatar
    Join Date
    Aug 2006
    Location
    australia
    Posts
    4,048
    hi, to see what a script does, if you are interested or have concerns. open blenders install directory navigate to the addons folder & read the script.
    Also I wonder if you have specific concerns with an addon of just generalizing here.
    If your downloading & installing addons from authors you do not know, read the script first before installing.
    There's only a handful of addons that use drivers & need the auto run enabled to use them.
    I think your being over concerned here.
    Hope this helps.



  8. #8
    Ths isn't about downloaded add-ons, it's about .blend files that contain scripts within the files. As in: you download a .blend file and find scripts in it, as shown by the "Auto-run disabled "reaload trusted" or "ignore"" warning. I think it happens when rigs on models have been made in certain ways. I want to check that the scripts contained in certain blend files are safe, and think I'd be able to do so quite easily if I could read the scripts. But as things stand blender just tells me that scripts exist and gives what might be ther name or their first line (shown next to the "reload trusted" and "ignore" buttons but often truncated off the right hand side of the screen), I want to check them out in full. They might be drivers for rigs, but I think they can be drivers for animations and other things too. I don't see how looking in blender's install directory can help when it's a script within a blend file (a script I haven't allowed run yet) that I want to check out, not a script I've installed as an add-on.

    I am generalizing here as I often find that downloaded models give this warning from a wide variety of download sources, including sources that should most definitely be very trustworthy. Often the rigs don't seem to work properly with the "ignore" option chosen, so I'd like to see whether they will if I let the scripts run and be trusted. But I've no intention of trusting something without seeing it, as far as I know scripts like these can basically do anything a python program can do, including modifying any files on a computer. I understand that the chance of some malware maker trying to use a blend file to ditribute his evil is pretty low, but I want to actually see what the scripts I may or may not need to trust want to do. Especially because some of the files I've downloaded which gives these warnings about ""trust" or "ignore"" are ones I hope to do quite a lot of work with, I certainly wouldn't want to end up incorporating a potentially untrustworthy (potentially untrustworthy because I don't yet know how to read the scripts to check them, so I can't know if I can trust them) script into other blender files. But I'd like to know how to actually check these scripts in files. This crops up on all sorts of files and I'd like to be able to check what scripts a file contains before I trust it.

    Maybe script is the wrong word for what these are, if it lead you to beleive I was asking about add-ons. I'm talking about when .blend files have bits of python code in them and you get trusted source warnings upon opening them. I know how to make the warnings go away, but I don't want to until I've checked out what I need to choose whether or not to trust.

    Yours appreciatively, Jackson



  9. #9
    Member
    Join Date
    Aug 2010
    Location
    Adelaide, South Australia
    Posts
    2,738
    User prefs -> file -> auto execution -> autorun python scripts enable -> save user settings



  10. #10
    doublebishop, I know how to enable the scripts like that, but I don't want to enable them, I want to read them and see what they are. Sorry for not explaining that properly. Yours appreciatively, Jackson



  11. #11
    For what it's worth, I agree with JacksonJones' concerns. Thinking about security isn't fun ... but it is important.



  12. #12
    Member Meta-Androcto's Avatar
    Join Date
    Aug 2006
    Location
    australia
    Posts
    4,048
    For what it's worth.
    make sure you have auto run scripts off.
    open blender
    file append
    append the text from the .blend you wish to examine
    read the text



  13. #13
    Thanks, meta-androcto. Just to check though, when you say "file append", you mean take an element from a blend file (like you might take a wheel mesh from a model of a car) and load it in another. So I open up blender with no file open, go to append stuff from the file with the scripts, then I'll get a list of all the scripts it has, which I can view to my hearts content and which will not run as I'll have trusted source set to be unticked.



  14. #14
    Ok, I've done that, I was able to read some python files, looks like the rig. But I did note that the text which wad displayed in the trusted source error message was not found when I searched through the appended texts for it, this strikes me as a bit odd? If the trusted scripts warning is based on what python scripts are found in the blend file why would it give a piece of error text which was not found anywhere in the python script?
    Yours appreciatively, Jackson



  15. #15
    Ok, I made a copy of the questionable file and with trusted scripts turned off I had a little poke around in the file, I don't know whether I was able to find all the sctipts but I found the following.

    By going into the "drivers" part of the graph editor and checking the little "ghost" icon to view drivers of unselected/and/or/hidden objects I was able to bring up a list of drivers, all of which looked rig related. I went through this list and removed all the drivers with scripted expressions, checking each of them first to see what it was, they all sounded harmless, just stuff about scaling and angles. I then closed the file and opened it again, I still got the warning about untrusted scripts but this time it mentioned only a text (the same text as I'd already looked at earlier using the append trick), rather than the drivers it had mentioned before I had gone through and removed them . I then unticked "register" for this .py file in the text editor. I then closed the blend file and opened it again, this time it did not give an untrusted scripts warning. I guess therefore that by getting rid of all the drivers and de-registering the python script in the text editor I had removed all the scripts from the copy of the file, would I be correct in thinking that by having made modifications which resulted in the "untrusted scripts" thing no longer being shown when the file was opened I would have removed all the scripts in the file?

    Ofcourse by removing all the scripts in the file the rig no longer worked, but as this was a copy of the file I think I've been able to use this method as a way to know that I had found everywhere in the file where the scripts were. As all the scripts I had to go through and remove while editing the copy of the file looked safe enough, no mention of "import os" or "import sys" or any reading or writing to other files on my hard drive, would I be right in thinking I've proved that the original unedited file contains no dangerous scripts? Does my logic here hold:
    1.I copied the file
    2.I managed to remove as many script like things as I could from the copy until it no longer gave a scripts warning when opening
    3.While removing those scripts I looked at each and spotted nothing that seemed to odd
    4.Hence I can know that there are no scripts contained in the file which I did not look at while removing them?
    5.Hence as none of the scripts I removed looked odd I know there were no dodgy scripts in there to be removed?
    6.Hence I know that the scripts in the original unedited file are just like those which I removed from the copy of the blend file?
    7.And as the scripts I was able to find and remove from the copy all appeared safe from reading by eye, I know that the only scripts found in the original unedited file are identical to the safe ones I found in the copy?
    8.Hence I can now know that the original file is safe to allow its scripts to run?

    Yours appreciatively, Jackson



  16. #16
    Can anyone confirm whether I'm right in post #15?
    Yours appreciatively, Jackson



  17. #17
    Any thoughts on whether post #15 is sound reasoning?
    Yours appreciatively, Jackson



  18. #18
    Can anyone suggest whether the #15th post is sound logic, just to be sure of my reasoning? Yours appreciatively, Jackson



  19. #19
    It sounds right to me.



  20. #20
    Thanks for the clarification Roken.



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •