Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LOOKDEVX-1429 - Mark USD and MayaUSD Python bindings as safe #3119

Merged
merged 4 commits into from
May 30, 2023
Merged

LOOKDEVX-1429 - Mark USD and MayaUSD Python bindings as safe #3119

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
994f92e
LOOKDEVX-1429 - Mark USD and MayaUSD Python bindings as safe
JGamache-autodesk May 25, 2023
42057af
LOOKDEVX-1429 - Use MAYA_SCRIPT_PATH instead for Python modules
JGamache-autodesk May 26, 2023
4bb9b15
LOOKDEVX-1429 - Add parameter for MODULE_PATH
JGamache-autodesk May 29, 2023
c69dba5
LOOKDEVX-1429 - Let module set env if MODULE_PATH is specified
JGamache-autodesk May 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
468 changes: 281 additions & 187 deletions cmake/test.cmake
View file
Open in desktop

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions modules/alUSD.mod.template
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
+ AL_USDMaya ${AL_USDMAYA_VERSION} ${CMAKE_INSTALL_PREFIX}/plugin/al
plug-ins: plugin
PYTHONPATH+:=lib/python
MAYA_SCRIPT_PATH+:=lib/python
${PXR_OVERRIDE_PLUGINPATH_NAME}+:=lib/usd
${PXR_OVERRIDE_PLUGINPATH_NAME}+:=plugin
1 change: 1 addition & 0 deletions modules/alUSD_Win.mod.template
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
+ AL_USDMaya ${AL_USDMAYA_VERSION} ${CMAKE_INSTALL_PREFIX}/plugin/al
plug-ins: plugin
PYTHONPATH+:=lib/python
MAYA_SCRIPT_PATH+:=lib/python
PATH+:=lib
PXR_USD_WINDOWS_DLL_PATH+:=lib
${PXR_OVERRIDE_PLUGINPATH_NAME}+:=lib/usd
Expand Down
3 changes: 2 additions & 1 deletion modules/mayaUSD.mod.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
icons:
plug-ins:
presets:
scripts:
scripts: lib/python
resources:
PYTHONPATH+:=lib/python
USD_LOCATION:=
Expand All @@ -16,6 +16,7 @@ presets:
scripts: lib/scripts
resources:
PYTHONPATH+:=lib/python
MAYA_SCRIPT_PATH+:=lib/python
${PXR_OVERRIDE_PLUGINPATH_NAME}+:=lib/usd
MAYAUSD_VERSION=${MAYAUSD_VERSION}
PXR_MTLX_STDLIB_SEARCH_PATHS+:=libraries
Expand Down
3 changes: 2 additions & 1 deletion modules/mayaUSD_Win.mod.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
icons:
plug-ins:
presets:
scripts:
scripts: lib/python
resources:
PYTHONPATH+:=lib/python
PATH+:=bin
Expand All @@ -24,6 +24,7 @@ resources:
PATH+:=lib
PXR_USD_WINDOWS_DLL_PATH+:=lib
PYTHONPATH+:=lib/python
MAYA_SCRIPT_PATH+:=lib/python
${PXR_OVERRIDE_PLUGINPATH_NAME}+:=lib/usd
MAYAUSD_VERSION=${MAYAUSD_VERSION}
PXR_MTLX_STDLIB_SEARCH_PATHS+:=libraries
Expand Down
1 change: 1 addition & 0 deletions modules/pxrUSD.mod.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@ icons: maya/lib/usd/usdMaya/resources
plug-ins: maya/plugin
scripts: maya/lib/usd/usdMaya/resources
PYTHONPATH+:=lib/python
MAYA_SCRIPT_PATH+:=lib/python
${PXR_OVERRIDE_PLUGINPATH_NAME}+:=lib/usd
1 change: 1 addition & 0 deletions modules/pxrUSD_Win.mod.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ icons: maya/lib/usd/usdMaya/resources
plug-ins: maya/plugin
scripts: maya/lib/usd/usdMaya/resources
PYTHONPATH+:=lib/python
MAYA_SCRIPT_PATH+:=lib/python
PATH+:=maya/lib
PXR_USD_WINDOWS_DLL_PATH+:=maya/lib
${PXR_OVERRIDE_PLUGINPATH_NAME}+:=lib/usd
16 changes: 15 additions & 1 deletion test/lib/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
set(TEST_SCRIPT_FILES
testMayaUsdConverter.py
testMayaUsdCreateStageCommands.py
testMayaUsdPythonImport.py
testMayaUsdLayerEditorCommands.py
testMayaUsdCacheId.py
)
Expand Down Expand Up @@ -32,6 +31,21 @@ foreach(script ${TEST_SCRIPT_FILES})
set_property(TEST ${target} APPEND PROPERTY LABELS MayaUsd)
endforeach()

# The testMayaUsdPythonImport now checks that we can import both the USD Python bindings
# and the MayaUSD Python bindings in a script node context. For this to be tested, we
# need to point to the updated module file and explicitly ask Maya to block execution of
# insecure scripts.
mayaUsd_get_unittest_target(target testMayaUsdPythonImport.py)
mayaUsd_add_test(${target}
WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
PYTHON_MODULE ${target}
MODULE_PATH ${CMAKE_INSTALL_PREFIX}
ENV
"LD_LIBRARY_PATH=${ADDITIONAL_LD_LIBRARY_PATH}"
"MAYA_SECURE_BATCH_ENABLE=1"
)
set_property(TEST ${target} APPEND PROPERTY LABELS MayaUsd)

foreach(script ${INTERACTIVE_TEST_SCRIPT_FILES})
mayaUsd_get_unittest_target(target ${script})
mayaUsd_add_test(${target}
Expand Down
29 changes: 29 additions & 0 deletions test/lib/testMayaUsdPythonImport.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@
#

import unittest
import os
from maya import cmds


class MayaUsdPythonImportTestCase(unittest.TestCase):
Expand All @@ -34,3 +36,30 @@ def testImportModule(self):
# not causing USD libraries to be loaded any other way.
stageCache = mayaUsdLib.StageCache.Get(True, True)
self.assertEqual(type(stageCache).__name__, 'StageCache')

def testPixarModulesAreSafeForScripting(self):
"""Test that a script node can import the
Pixar Python modules in a secure scripting
context"""

node = cmds.createNode("script")

# This Pixar import will fail and stop the script unless it was added to the secure import paths.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The unit tests do not use the .mod files. All the variables are setup in the ctest.cmake file. I think you need to modify that for the tests.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed, this is why I set MAYA_MODULE_PATH for the testMayaUsdPythonImport unit test here. This is also where MAYA_SECURE_BATCH_ENABLE is added to stop the script from running if an unsecure module import is detected.

cmds.setAttr(node + ".b", "from maya import cmds\nfrom pxr import Sdr\ncmds.createNode('script')\n", type="string")
cmds.setAttr(node + ".st", 1) # Execute on Open call
cmds.setAttr(node + ".stp", 1) # Python script

# Save and re-load the scene
testDir = os.path.join(os.path.abspath('.'), 'TestMayaUsdPythonImport')
try:
os.makedirs(testDir)
except OSError:
pass
tmpMayaFile = os.path.join(testDir, 'testPxrScriptNode.ma')
cmds.file(rename=tmpMayaFile)
cmds.file(save=True, type='mayaAscii')
cmds.file(new=True, force=True)
cmds.file(tmpMayaFile, open=True, force=True)

# If the script was safe, we should have a second script node:
self.assertEqual(cmds.getAttr("script2.st"), 0)