[Talk] Ruby Debugger for SketchUp 14+
-
@dan rathbun said:
Bugra said they implemented the communication protocol that some of the Ruby debugger gems also implement. Documented (somewhat) here:
I am wondering if this ruby debug ide protocol is based on (or compatible with,)
the DBGp protocol: http://www.xdebug.org/docs-dbgp.php#description -
Whimper! Bugra (or whoever) please, please! We Mac users are dying of envy....
Steve
-
@slbaumgartner said:
Whimper! Bugra (or whoever) please, please! We Mac users are dying of envy....
Soon.
We need it as well - we share your pain.Btw, have you checked the GitHub repo lately?
-
Nothing seems to have changed in at least a month (and that seems to be only the readme.)
If you have something to announce, come on out and say it.
-
@dan rathbun said:
Why Python, and perhaps GitHub it ?
Why Python? Python just seemed like my best chance for success for a proof-of-concept compared to the alternative ways to extend Npp.
The Python code is currently posted on this Gist. I'm sure it's ugly as I don't know exactly what I'm doing in Python yet - I am learning as I go about Python, PythonScript, and the Npp environment. I'll put it in a proper Github repo when it's more stable.
Maybe there's a Pythonista around who would be willing to help out?
This is also a bit complicated to setup - I had to compile my own version of PythonScript.dll from the latest GitHub source to get the margin click callback to return the correct values.
One big downside of PythonScript is it appears to have weak support for creating Toolbars in Npp, so creating a good user interface may be a problem.
I would love for this to be written in c++ to take advantage of more features of Npp, but that would require learning c++ first and that takes time.
@dan rathbun said:
I am wondering if this ruby debug ide protocol is based on (or compatible with,)
the DBGp protocolNo, DBGp is incompatible.
The commands that the SketchUp Debugging Server accepts can be found by interpreting these regular expressions.
-
Yea.. I agree I poked around in the NPP Plugin "How to" today. The C++ stuff is too complex to learn quickly.
I did not find any Ruby binding, so Python would be the next best thing. It is similar to ruby (without all the "end"s.)
I tried first to install PythonScript in my %AppData% path where all my other NPP plugins are installed, but got an error when trying to open the Python Console. (Something about Python being an ANSI version, and incompatible with the Unicode NPP.)
Installing it in the %ProgramFiles% path works (as the doc stated that is where to install it.) So it will require Admin privileges.
-
I opened the config dialog, hilited "sudb.py" and clicked on the "Add" button. It was added to the top-level "Python Script" menu.
I then made a (quick and dirty) BMP copy of the SU icon, and saved it into "Notepad++/plugins/images/Toolbar" and added the script to the Toolbar list, then hilited it (in the list,) and went thru the file picker after clicking the "Set Icon" button.
I also set the "Initization" to ATSTARTUP:
Restarted Notepad++ and the SketchUp icon appears on the toolbar.
-
And doing the above caused a textfile "PythonScriptStartup.cnf" to be created in "%AppData%\Roaming\Notepad++\plugins\config" (UTF-8 no BOM, Dos/Win EOLs)
containing:
ITEM/C;\Program Files (x86)\Notepad++\plugins\PythonScript\scripts\sudb.py TOOLBAR/C;\Program Files (x86)\Notepad++\plugins\PythonScript\scripts\sudb.py/C;\Program Files (x86)\Notepad++\plugins\images\Toolbar\SketchUp.bmp SETTING/PREFERINSTALLEDPYTHON/1 SETTING/STARTUP/ATSTARTUP -
@dan rathbun said:
And doing the above caused a textfile "PythonScriptStartup.cnf" to be created in "%AppData%\Roaming\Notepad++\plugins\config" (UTF-8 no BOM, Dos/Win EOLs)
Oh cool, this means a Toolbar with icons can be created from the plugin. Thanks.
Too bad Tooltips on the icons do not seem to be supported...
-
I went ahead and made a github repo for this.
Build software better, together
GitHub is where people build software. More than 100 million people use GitHub to discover, fork, and contribute to over 420 million projects.
GitHub (github.com)
Dan, would you prefer a new topic for discussing issues specifically related to this project?
-
@jim said:
Dan, would you prefer a new topic for discussing issues specifically related to this project?
Yes that would be good ... and can also log issues on the repo site.
-
I haven't had a chance to look at the debugger yet but the first thing I thought when I read about was, is this a backdoor that can be used to defeat the .rbs encrypted rubies? Does the debugger reveal anything about the current line of execution, or does it just deliver line numbers? When displaying data about a variable, does it volunteer variable names or does it just respond with a value?
I would be very disappointed to find out it did.
-
The debugger shows the filename and line number of .rbs files. It will not show the contents of the file.
It can, however list variable names and values in .rbs files.
I have not tried to set a breakpoint on a .rbs, so I am not sure if it is allowed. But i found the debugger will follow observers into .rbs files.
-
@avariant said:
I haven't had a chance to look at the debugger yet but the first thing I thought when I read about was, is this a backdoor that can be used to defeat the .rbs encrypted rubies? Does the debugger reveal anything about the current line of execution, or does it just deliver line numbers? When displaying data about a variable, does it volunteer variable names or does it just respond with a value?
I would be very disappointed to find out it did.
You raise some very interesting questions.
If, as I suspect, the rbs unscrambler is an SU facility that decodes the rbs before handing it to a standard Ruby interpreter, then the plaintext source and all other aspects of your plugin would indeed be visible to the debugger. Exploiting this hole isn't as easy as it might sound, since you have to somehow stop Ruby at a breakpoint before the ide commands will work - a bit like shooting in the dark - but I can see that some clever person may find a way.
I think this may come down to how SU implements the debugger ide library. That is, the ide could detect that the source file is rbs and refuse to debug it. This is possible because the SU debugger library implements the ide protocol itself, it does not use the standard debug interface or Gem.
Steve
-
rbs files aren't safe anyway. There are rbs unscramblers.
I tested one to see how safe rbs would be, and it works reeaaally well. It outputs a perfectly clean rb file.So yeah, I would not protect sensitive stuff with that.
-
@jiminy-billy-bob said:
rbs files aren't safe anyway. There are rbs unscramblers.
I tested one to see how safe rbs would be, and it works reeaaally well. It outputs a perfectly clean rb file.So yeah, I would not protect sensitive stuff with that.
This falls into the realm of the old cliche "locks only keep honest people honest". The decryption key and code for rbs are necessarily embedded in the SketchUp application, and the same key is used for all rbs files. Any competent hacker can easily defeat the rbs scrambling. As JBB points out, several have already published code to do so.
So the question isn't whether rbs is secure (it clearly is not), it is whether you believe there are enough dishonest people in the world that you will lose significant intellectual property value when they unscramble your rbs. The same question applies to the potential backdoor via the debugger.
Steve
-
@avariant said:
When displaying data about a variable, does it volunteer variable names or does it just respond with a value?
I would be very disappointed to find out it did
The debugger is exposing nothing new here, the same thing could be done anyway through any of the SU consoles by any savvy Rubyist - using nothing but standard Kernel method calls. Setting trace functions and using the returned bindings to read local and instance variables, get the current method and its call signature, read the call stack etc... can all be done from even the most basic install of Ruby.
You can't actually read the code lines unless they are in a 'plain text' source file (the scrambler presumably 'evals' the unscrambled code, which precludes seeing the source) - but there's not much that can be done to secure the other information without losing the consoles - which would make life very difficult for the amateur developers that we all rely on for our toys!
Advertisement