2 Replies Latest reply on Feb 17, 2011 4:51 PM by Anastasiy Safari

    Security Sandbox Violation Crashes Photoshop

    StevenErat Level 1

      ====================================================

      Problem:

      ====================================================

       

      I have a Photoshop extension whose main app launches a popup window, and that popup window displays an image via a HTTP source and it has a custom event.  When a button click dispatches that custom event, and that event listener opens a local file on the system, Photoshop crashes after a Security Sandbox Violation.

       

      I am building a demo that incorporates LiveCycle DataServices and ColdFusion to synchronize data between a web application and the extension.  Part of the application includes previewing images from the extension over HTTP.  However, to open the image in PS after viewing the preview, I use the Photoshop DOM method open(filePath) which accesses the local file system.

       

      The problem seems to be that network access and local file access are mutually exclusive in Flash/Flex.  If I use the -use-network=false compiler option, then the image will open properly via the DOM, but then I would not be able to preview the images over HTTP.

       

      Questions:

      1) Is there a way in the CS SDK to enable *both* local file system access *and* network access?

      2) If not, then can you suggest a workaround?

      3) Would you agree that this would be a defect in Photoshop and that PS should not crash upon a Flash Player security exception?

       

      Thank you,

      Steven Erat

       

       

      ====================================================

      Environment

      ====================================================

      Photoshop CS5 Extended 12.01 x32

      Flash Builder 4

      CS SDK 1.02

      Extension Builder SDK 3.4

      MacBook Pro / OS X 10.5 / Intel Core 2 Duo 2.66 GHz / Procs: 1 / Cores: 2 / Memory: 8 GB

      App configured for Photoshop CS5 and Photoshop CS5 Extended

       

       

      ====================================================
      NewsAgencyPhotos.mxml (the main app)

      ====================================================

      <?xml version="1.0" encoding="utf-8"?>
      <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml" xmlns="com.stevenerat.news.*"
                      horizontalScrollPolicy="off" verticalScrollPolicy="off" verticalGap="0"
                      layout="vertical" horizontalAlign="left"  backgroundColor="#353535"
                      historyManagementEnabled="false"
                      creationComplete="getPhotos();">

      ...
          <mx:Script>
              <![CDATA[
                    ...            public var selectedPhoto:String;
                  public function handlePhotoClick(data:Object):void {
                      var PreviewImageWindow:PreviewImage = PreviewImage(PopUpManager.createPopUp(this,PreviewImage,true));
                      var filePath:String = data.dirPath + data.fileName;
                      PreviewImageWindow.addEventListener("openImageEvent",handleImageOpenEvent);
                      PreviewImageWindow.setFileName(data.fileName);
                      PreviewImageWindow.setFilePath(filePath);
                      PreviewImageWindow.y = 0;
                      PreviewImageWindow.x = 0;
                  }
                 
                  private function handleImageOpenEvent(event:Event):void{
                      dump(event);
                  }
                 
                  public function dump(obj:Object):void{
                      trace(mx.utils.ObjectUtil.toString(obj));
                  }

       

       

      ====================================================
      PreviewImage.mxml (the popup)

      ====================================================

      <?xml version="1.0" encoding="utf-8"?>    
      <mx:TitleWindow xmlns:mx="http://www.adobe.com/2006/mxml"  title="Preview Image"
          ...

          creationComplete="init();">
         
          <mx:Metadata>
              [ Event( name="openImageEvent", type="flash.events.Event") ]
          </mx:Metadata>
         
          <mx:Script>
              <![CDATA[ 

                     
                  public function init():void{
                      this.title = 'Previewing:     ' + fileName;
                      previewImg.source = "http://localhost:8500/LR_AUTO/imported/previews/" + fileName;
                      previewImg.visible = true;
                      imgProgressBar.visible=true;
                  }   
                   ...
                  private function openImage():void{
                      NewsAgencyPhotoshop.open(this.filePath);
                      var openImageEvent:Event = new Event("openImageEvent");
                      dispatchEvent(openImageEvent);
                      closePopup();
                  }

      ....

      <mx:Button id="btnOpen" label="OPEN" visible="false"  click="openImage()"/>

       

       

       

      ====================================================

      NewsAgencyPhotoshop.as

      ====================================================

      ...       
              public static function open(filePath:String):void
              {
                  var app:Application = Photoshop.app;
                  var file:File = new File(filePath);
                  app.open(file);
                 
              }

       

       

      ====================================================

      Extension Builder console output

      ====================================================

      [SWF] StageManager-2.0.swf - 1,188,270 bytes after decompression
      2/15/2011 10:37:57.747 [INFO] com.adobe.csxs.stagemanager.StageManager creationComplete()
      2/15/2011 10:37:57.765 [INFO] com.adobe.csxs.stagemanager.external.ExternalEventReceiver ExternalInterface callback registered.
      2/15/2011 10:37:57.767 [INFO] com.adobe.csxs.stagemanager.external.CSXSEventReceiver ExternalInterface callback registered.
      2/15/2011 10:37:57.770 [INFO] com.adobe.csxs.command.GetPendingStageManagerIdCommand calling GetPendingStageManagerId through ExternalInterface
      2/15/2011 10:37:57.784 [INFO] com.adobe.csxs.command.GetPendingStageManagerIdCommand execute() PlugPlug returned StageManager ID.
      2/15/2011 10:37:57.828 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension CH
      2/15/2011 10:37:57.829 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension com.example.helloworld.extension1
      2/15/2011 10:37:57.830 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension BASICAMFCONNECTOR
      2/15/2011 10:37:57.830 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension CSREVIEW
      2/15/2011 10:37:57.831 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension HELLOPHO
      2/15/2011 10:37:57.831 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension KLR
      2/15/2011 10:37:57.831 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension com.stevenerat.news.extension1
      2/15/2011 10:37:57.832 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension CREATENEWCSREVIEW
      2/15/2011 10:37:57.832 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension NETAVERAGES
      2/15/2011 10:37:57.833 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension com.adobe.rc.mymessages
      2/15/2011 10:37:57.834 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension CHWE
      2/15/2011 10:37:57.834 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension com.adobe.rc.operationalmessages
      2/15/2011 10:37:57.834 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension STORY
      2/15/2011 10:37:57.835 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension FRIO
      2/15/2011 10:37:57.835 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension MINIBR
      2/15/2011 10:37:57.836 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension BLCSLIVE
      2/15/2011 10:37:57.837 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension CHSIGNIN
      2/15/2011 10:37:57.837 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension swfpanel-onOne-0
      2/15/2011 10:37:57.838 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLoader ExtensionLoader() registering ExternalInterface callback loadExtension
      2/15/2011 10:37:57.839 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLoader ExtensionLoader() registering ExternalInterface callback unloadExtension
      2/15/2011 10:37:57.840 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLoader checkLoadingQueue()
      2/15/2011 10:37:57.842 [INFO] com.adobe.csxs.command.GetLoadingQueueCommand calling GetLoadingQueue through ExternalInterface
      2/15/2011 10:37:57.846 [INFO] com.adobe.csxs.command.GetLoadingQueueCommand execute() PlugPlug returned extensions to be loaded.
      2/15/2011 10:37:57.847 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLoader loadExtension() com.stevenerat.news.extension1
      2/15/2011 10:37:57.851 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager Extension com.stevenerat.news.extension1 is not a plugin extension -> validating.
      2/15/2011 10:37:57.857 [INFO] com.adobe.csxs.stagemanager.security.impl.ExtensionValidator In debug mode the extension signature is not validated.
      2/15/2011 10:37:57.861 [INFO] com.adobe.csxs.command.SetExtensionSignedCommand calling SetIsSigned through ExternalInterface
      2/15/2011 10:37:58.071 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager doLoadExtension() Extension com.stevenerat.news.extension1 loaded.
      2/15/2011 10:37:58.185 [INFO] com.adobe.csxs.stagemanager.window.ExtensionWindow onCreationComplete()
      [SWF] Users/stevenerat/Library/Application Support/Adobe/CS5ServiceManager/extensions/com.stevenerat.news/NewsAgencyPhotos.swf - 1,958,036 bytes after decompression
      2/15/2011 10:37:58.398 [INFO] com.adobe.csxs.stagemanager.window.ExtensionWindow Loading of extension com.stevenerat.news.extension1 complete.
      2/15/2011 10:37:58.400 [INFO] com.adobe.csxs.stagemanager.window.impl.SWFEventDispatcher Loading of extension com.stevenerat.news.extension1 complete.
      2/15/2011 10:37:58.503 [INFO] com.adobe.csxs.stagemanager.external.CSXSEventReceiver receiveExternalEvent() dispatching CSXSEvent to all extensions...
      2/15/2011 10:37:58.504 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager Dispatching event of type com.adobe.csxs.internally.events.BroadcastEvent to all extensions.
      2/15/2011 10:37:59.426 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLifeCycleNotifier onExtensionComplete()
      2/15/2011 10:37:59.428 [INFO] com.adobe.csxs.command.SetExtensionLoadedCommand calling SetIsLoaded through ExternalInterface
      2/15/2011 10:37:59.430 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLifeCycleNotifier dispatchInvokeEvent()
      2/15/2011 10:37:59.433 [INFO] com.adobe.csxs.command.CheckStartOnEventCommand calling CheckStartOnEvent through ExternalInterface for com.stevenerat.news.extension1
      2/15/2011 10:37:59.437 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowStateManager onExtensionComplete()
      2/15/2011 10:37:59.445 [INFO] com.adobe.csxs.stagemanager.window.impl.SWFEventDispatcher dispatchEventToExtension() Dispatching event of type com.adobe.csxs.events::StateChangeEvent to extension com.stevenerat.news.extension1
      2/15/2011 10:37:59.451 [INFO] com.adobe.csxs.stagemanager.external.CSXSEventReceiver receiveExternalEvent() dispatching CSXSEvent to all extensions...
      2/15/2011 10:37:59.451 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager Dispatching event of type com.adobe.csxs.internally.events.BroadcastEvent to all extensions.
      2/15/2011 10:37:59.488 [INFO] com.adobe.csxs.stagemanager.external.CSXSEventReceiver receiveExternalEvent() dispatching CSXSEvent to all extensions...
      2/15/2011 10:37:59.488 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager Dispatching event of type com.adobe.csxs.internally.events.BroadcastEvent to all extensions.
      2/15/2011 10:38:03.763 [INFO] com.adobe.csxs.stagemanager.window.impl.SWFEventDispatcher dispatchEventToExtension() Dispatching event of type com.adobe.csxs.events::StateChangeEvent to extension com.stevenerat.news.extension1
      2/15/2011 10:38:16.926 [INFO] com.adobe.csxs.stagemanager.window.impl.SWFEventDispatcher dispatchEventToExtension() Dispatching event of type com.adobe.csxs.events::StateChangeEvent to extension com.stevenerat.news.extension1
      2/15/2011 10:38:17.236 [INFO] com.adobe.csxs.stagemanager.external.CSXSEventReceiver receiveExternalEvent() dispatching CSXSEvent to all extensions...
      2/15/2011 10:38:17.237 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager Dispatching event of type com.adobe.csxs.internally.events.BroadcastEvent to all extensions.
      *** Security Sandbox Violation ***
      SecurityDomain 'http://localhost:8500/LR_AUTO/imported/ERAT_STEVEN_20110122_060.jpg' tried to access incompatible context 'app:/StageManager-2.0.swf'

       

       

       

      screen-capture-4.png

       

      screen-capture-5.png

        • 1. Re: Security Sandbox Violation Crashes Photoshop
          StevenErat Level 1

          I solved this issue by creating a symbolic link on the file system so that my CS SDK project src folder now sees the directory in the file system webroot that it was previously accessing images over HTTP.  The extension only sees resources over the local filesystem, not the network.

           

          A bit of a kludge, but it would be great to have the CS SDK APE player provide a way to access the network and the file system.  At the moment, I'm not aware of one.

           

          And I'll just add that although I have a workaround, it still seems like a defect that PS would crash on a sandbox exception.

           

          Thanks for reading!

          • 2. Re: Security Sandbox Violation Crashes Photoshop
            Anastasiy Safari Level 1

            Agree! Let's add it to wishlist for CS Next (term (c) Harbs )


            You can add this issue to CS Bugs list as well (http://forums.adobe.com/thread/653948) to keep essential bugs in one place.

             

            CS extension is different from AIR and Flash, and I think that it doesn't need sandbox restrictions at all. I doubt that anyone will ever be writing a virus as a CS plugin.

             

            Thanks!