Basically a plugin would need to request and receive permission to use APIs from the user. Wanna write to disk? Ask the user for disk permissions(preferably limited to certain paths). Wanna phone home? User has to approve that permission upon install(or first usage or whatever)
Kinda like how Android manages permissions (maybe iOS too?I dunno I don't use it)
That's probably a bit of work, but it would make me feel a lot safer about plugins if you could make it happen!
Edit: wait I just realised that the "disclosure" part might actually be this, and I just got confused by the terminology used? I don't think it's entirely clear from the text if a plugin could technically use capabilities without disclosing them? Hopefully they can't, and then that's good enough, I think.
The old permissions model was always a bit of an illusion of choice. The app presented a massive list of permissions and you could take it or leave it. But when every app asks for every permission you don't really get a choice and just had to accept it. The new model where you can install an app and then reject it's permissions is much better.
[1] https://en.wikipedia.org/wiki/The_Network_is_the_Computer
It's auto approved and non declineable in the settings, but technically it's a permission you can revoke, just needs to be surfaced.
One of the things that's held me back (aside from the huge time commitment) is my fear that people will come to depend on that review process, such that if the process misses an obfuscated exploit the project itself will be blamed for the subsequent attacks.
How are you thinking about that?
To me it feels like the difference between the Debian/Ubuntu approach - everything in their registry is tightly reviewed - and the PyPI/npm approach where there's no review guarantees at all.
If we were too controlling there wouldn't be the freedom of exploration that we see in the Obsidian community. There are so many niche use cases. Plugins can target a minuscule number of users, and that's a great thing. That's why malleability is one of our core principles: https://obsidian.md/about
I also believe in treating users with intelligence. Obsidian has always skewed towards giving you the maximum freedom at the cost of letting you shoot yourself in the foot.
It's impossible to guarantee that software has no bugs and no vulnerabilities, especially not third-party plugins. However that doesn't mean that we shouldn't try to detect dangerous or malicious behaviors. Any transparency we can provide in this regard seems helpful if it can be presented in a way that helps users make their own informed decisions.
Have the reviewed / approved plug-ins in the directory, whatever that's not a wild west free-for-all-malware, then have two other levels, alpha channel (submitted) and beta channel (machine-reviewed only, not yet approved).
Display only the main channel by default, but make it easy for the user to click through the earning(s) and indemnity message, and enable either of these two.
So I could have stable, slow moving, sanitised plug-ins, but someone else could instantaneously get access to the most recent ones.
Example from https://community.obsidian.md/plugins/zotlit
But yes, great work indeed. It finally makes me want to move over to Obsidian.
But already they have a great start here.
With just the domain, you can search the code repo and see exactly where it's calling github.com to see what exactly it's trying to reach on github. So it gives you an easy place to track down what's going on. An extra bonus would be clicking on github.com and it would link to the line in the file that makes the github.com call.
Clearly they aren't done covering all the bases, but I think this is a great start! Way more than I expected to be honest.
For instance, an AI summarization plugin that starts by saying it accesses url="api.openai.com"+path with a user-supplied OpenAI key is going to be incredibly common - and I'm really excited for what the community builds here!
But what if that plugin has an update that allows the "user" to choose an arbitrary endpoint as an OpenAI-compatible API - how do you ensure that's not a malicious update that has coopted that flexibility to create a network egress that will bypass your scans, and might subtly prefill that with a malicious endpoint?
And since plugins are open source, users can also audit the code and flag issues via the Community site.
I might encourage adding things like https://ofriperetz.dev/articles/eslint-plugin-security-is-un... or https://github.com/mozilla/eslint-plugin-no-unsanitized as things that flag for further review - and likely adding even more that you might not publicize as part of the eslint-plugin repository, so there's a more obscure level of protection that might catch a would-be attacker!
We have additional checks that also check the release assets to catch issues in dependencies etc, that part is not public.
Curious if you considered oxlint^1? (It's a a faster, simpler, near drop-in replacement for eslint.)
If I may, two suggestions:
1) Allow the user to filter for plugins based on the desired level of strictness (manually reviewed, safety rating, etc).
2) The Disclosures seems a bit too lenient. For example, the popular Templater plugin [2] gets a 92 rating, with Excellent Health and Satisfactory review. But the disclosures are pretty concerning: dynamic code execution, network calls, wasm blobs, malware scan not available, etc.
I know it's tricky to boil this down to a single numerical score that works for everyone, but I think the bar needs to be higher than this. And Plugin developers should be held to a higher standard (e.g. don't use eval()) or at least thoroughly document why you need it.
[1] https://news.ycombinator.com/item?id=48089793
[2] https://community.obsidian.md/plugins/templater-obsidian
2) Yes. You will see these radically improve over the next few weeks. As stated on the scorecard itself they are a work in progress. You have to consider that overnight we intentionally exposed tens of thousands of warning messages across thousands of plugins, so there will be false positive, false negatives, and severity tweaks as we gather feedback from the community. But I expect these to get sorted out fairly quickly!
Thanks for the greatness!
When i tried obsidian and discoverd that the data table thing was not build in but some plugin which has full access, i deleted Obsidian quickly after.
But you are only 7 people? Crazy :D