Request for Feature : ability to do basic system interactions

[Yopai]

It would be useful to be able to do system operations from within the widget :

• read/write files on the disk
• launch a command

I'll try to get some time to develop and create a PR for this. As I'm not a .Net expert, any help about where the modification should be in the code would be appreciated. Thanks :)

[Yopai]

Possible implementation paths

• we can use a hook on console message to do something that would be meaningful (for example, send a system notification - if it is not already possible from pure javascript) (see here)
• we can create a browser extension that allows defining a function that, when called, execute Native code
  (see here)

Security concerns

Giving access to system calls can be very dangerous. So we have to make the user "authorize" a widget to do some actions. Therefore :

• system calls implementation must be limited rather than wide. So you may have authorization to run one script, or scripts in a given directory. Not to "execute any file".
• file system writes (and maybe read) must be anyway limited, not to allow to write system files
• we have to add metas indicating which authorizations are required...
• ... and the widget manager must ask and allow the user to give these authorizations
• note that, anyway, WinWidgets is run by the current user, so it won't be able to do anything the current user is not able to do (but it's far too much)
• we could imagine to use system ACLs by, for example, creating a User group and enforcing that a file we want to write is writable for this group. (Just for posing the idea, it has to be reworked on because ACLs are not meant to be used like that. Maybe run a subprocess with another user ? is it possible ?)

So it seems a big part. But it would allow multiple use cases.
(I will probably personnaly try to implement it, on my own branch, for my own use case.)

[beyluta]

Having a permission system for the Widgets is a must in this case. We also have to make sure that the state of the permissions are saved somewhere in the config file so that some remote resource can't just change/update the permissions.

[Yopai]

Speaking about security, I wanted to ask you something (and didn't see a way to send you a message not related with an issue or pull request, is there one ?)

I saw you use a "WidgetCore.dll", is it built from these sources ? From other sources ?
Because, in order me to use it on my work's computer, my security team will ask for being able to audit this.

[Yopai]

Other implementation path : use a custom scheme handler

[beyluta]

Speaking about security, I wanted to ask you something (and didn't see a way to send you a message not related with an issue or pull request, is there one ?)

I saw you use a "WidgetCore.dll", is it built from these sources ? From other sources ? Because, in order me to use it on my work's computer, my security team will ask for being able to audit this.

https://github.com/beyluta/WinWidgetsCore

You can build it yourself and replace the dll if you want. It's directly built from the source.

[beyluta]

Speaking about security, I wanted to ask you something (and didn't see a way to send you a message not related with an issue or pull request, is there one ?)

I saw you use a "WidgetCore.dll", is it built from these sources ? From other sources ? Because, in order me to use it on my work's computer, my security team will ask for being able to audit this.

If you want a direct line of communication you can send me an email: [email protected]
Or you can add me on discord (beyluta). I check both pretty regularly.