• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Run Only
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Run Only

  • Subject: Run Only
  • From: Rob Jorgensen <email@hidden>
  • Date: Mon, 18 Dec 2000 23:17:02 -0500
Howdy :-)

Keeping in mind that I'm paranoid about running unknown scripts, and I'm bored...

As far as I know, Mac anti-virus programs don't look inside AppleScript scripts to check for damaging content. As long as the loaded script is NOT read-only, this script will look for keywords, in the text of the loaded script, which may lead to harmful events. As you can see, this is not a comprehensive list of keywords right now 'cause I'm just messin' around. I've done very minimal testing so far, so I'm sure this would need several revisions to be bullet-proof.

FYI: /r = continuation

on open {theScript}
load script theScript
set sText to result as text

if sText contains "delete" or sText contains "trash" or sText contains "move" /r
or sText contains "empty" then
display dialog "The script may perform harmful events." buttons ("OK") default button 1
else
--run script theScript
end if

end open

Main question: Is there any way to use a script such as this to peek inside a run-only script (is the script text stored in the resources?), allowing it to perform a similar keyword check?

-- Begin related but off-topic shtuff --

On a similar note, FileMaker files are another source of concern for the same reason. They can contain scripts which reach well beyond the database file(s) in which they are imbedded. In a test, I created an embedded script which ran on startup of the database. The script moved common, well known files and folders from the System folder of the startup disk to the trash, and then emptied the trash with no confirmation needed. This all happened in the blink of an eye and some sorry sucker who thought he was getting a free database to keep track of his girlfriends' phone numbers has now lost critical files from his system (hypothetically, of course). ;-)

I hesitate to even bring this kind of stuff up in a public forum, but sticking our heads in the sand is not the way to address security issues. I'm not a programmer, but I'd sure like to find a workable solution, aside from common sense and caution regarding unknown files.

-- End off-topic shtuff --

Anywho, thanks for any insight you might provide (no pun intended). :p

Later,

Rob Jorgensen
Ohio, USA

  • Follow-Ups:
    • Re: Run Only
      • From: Chris Nebel <email@hidden>
  • Prev by Date: Re: speak a message through the phone connection help
  • Next by Date: Re: Executing AScripts automatically?
  • Previous by thread: RE: Regarding Handlers...
  • Next by thread: Re: Run Only
  • Index(es):
    • Date
    • Thread