website/stories/injector.html

141 lines
5.9 KiB
HTML

<INJECT>cat $HOME/template/header.html | sed "s/__PAGE TITLE__/Injector/"</INJECT>
<p>
Folders: <INJECT>cd $CURRENT && ls */ -d | sed 's/\///' | python3 $HOME/bscripts/ls_to_a.py</INJECT>
<br>
Files: <INJECT>cd $CURRENT && ls *.html | python3 $HOME/bscripts/ls_to_a.py</INJECT>
</p>
<h1>Injector</h1>
<p>
<a href = "https://gitea.rustystriker.dev/RustyStriker/command_injector">Source Code</a>
</p>
<div>
<p>
So, I have finally made the html "injector" I wanted to make for ages before
I could really start working on this website...
<br><br>
I guess it ain't really an "Injector", but rather it detects a special &lt;INJECT&gt; tag
in html files, and replaces them in what lies between the opening and closing tag,
so something like:
<br>
<code>&lt;INJECT&gt;echo Hello world&lt;&Backslash;INJECT&gt;</code>
<br>
will result in the text:
<br>
<code>Hello world</code>
<br>
instead<br>
which allows me to use bash and <b>THE POWER OF UNIX TERMINAL</b>
to auto update things on my website(like a unified header, footer and such).
<br><br>
It also provides 3 env variables with useful values:
<ul>
<li>$HOME - the start directory which the injector copies files from.</li>
<li>$CURRENT - current directory the injector is copying from.</li>
and
<li>$FILE - the current file we are injecting.</li>
</ul>
This allows me to do stuff like injecting the files in the directory the current page sits in,
and, because it runs the command in bash, I also get to pipe it around,<br>
letting me tranform the output of <code>ls</code> for example, to simple &lt;a&gt; tags using
<a href = "https://gitea.rustystriker.dev/RustyStriker/website/src/branch/master/bscripts/ls_to_a.py">
a simple python script
</a>
<br>
and a call to python3
(the actual commands are in the top of the source code of this page for example)
</p>
<hr>
<h3>But, can't it leak critical information to the outside world?</h3>
<p>
I am not a security expert, but you have full control over the commands,
and they are run on the server/compiling machine during compile time
<br>
so unless you let random people push compiling web pages,
it shouldn't have any risks involved.
<br><br>
If your website is open source(like mine) or source available,
<br>
well,
<br>
you can just use commands that are in the same directory as the compiling websites
(like i keep the build scripts in the <i>bscripts</i> folder).
</p>
<hr>
<h3>Interesting notes from making it using Rust</h3>
<p>
Overall, it is a 188 lines main file, using 0 dependencies(apart from std),
<br>
I did a <i>really</i> simple arguments parser, which will prob be a pain
for people who aren't me.
</p>
<p>
Running a command/process is really nice when using the <code>Command</code>
struct, with fun builder functions(and easily lets you read its output)
</p>
<p>
The whole <code>OsStr</code> vs <code>str/String</code> is really annoying,
and made me do a lot of <code>to_str().unwrap()</code>
</p>
<p>
Generally speaking tho, I have 31 <code>unwrap()</code>s in my code,
<br>
which I WILL need to remove(at least most of them),
<br>
I also have 3 <code>unsafe</code> blocks, 2 for using a static variable,
and another 1 for lossly converting a <code>[u8]</code> to <code>&str</code>.
</p>
<hr>
<h3>The original plan</h3>
<p>
The original plan was different, I initially wanted a fully real time thingy,
with specific items in mind,
<br>
and only yesterday(10/6/22) I decided to just have simple commands,
<br>
which later(roughly 3 minutes after finishing the first draft)
<br>
I decided to make into a bash commands, to better have what I aimed for
</p>
<hr>
<h3>Rust can be annoing sometimes</h3>
<p>
Rust can be a bitch when it comes to handling strings,
especially when you compare it to C,
<br>
where every string is a byte array, and you just handle it as such...
<br><br>
Yes, I know this is due to characters not being uniform in length when using UTF-8,
<br>
and I know that C can fuck everything up if you dont watch out for multiple length bytes,
<br>
but it's just soo easy destroying strings there and you can just manipulate a string so easily,
<br>
without any extra functions or allocations or anything really...
</p>
<hr>
<h3>Still glad I used Rust</h3>
<p>
I'm kind of a Rust fanboy(<i>catgirl</i>),
because it lets you not worry about a lot of things,
and mostly because of it <b>STRONG</b> type system,
so it aint a surprise I used it
<br>
(and glad because of it)
</p>
<p>
The repetuar of my languages isn't big, it's actually kinda small,
I know Rust well, I can do C quite easily(although I will need a lot of debugging),
I have a lot of experience with C#, and can do JavaScript, Java(tho not really), Python
and probably some more but very slowly.also want to rely on it less and less
<br>
<i>(i can also do GDScript if you consider it, as it can only run, afaik, in Godot)</i>
</p>
<p>
So it is usually either using Rust, or C, since I will (<i>hopefully</i>)
wont use python for something big(more than 50 lines of code),
and C# feels locked away on linux(and I don't want to use it outside of work).
</div>
<INJECT>cat $HOME/template/footer.html</INJECT>