- BlenderCN-LJ changed review status to Awaiting Review
- 3 mo
Custom drag import is a blender addon that allow you to custom your drag import handle You can add your custom drag config, and set your custom scripts to do something after import
fix
This extension requests the following permissions:
Drag Import File Handle
Read Files on clipboard (Windows Only) to import
Obvious permission for Files is missing here.
Also, you have images in add-on zip file, which I assume are from github. While they're not disallowed, you're not doing yourself favors by including them and increasing file size. My advise would be to remove them.
The modifications have been completed, please review again (0.3.2)
There has been an update to the terms of service, a new section Branding
has been added to https://extensions.blender.org/terms-of-service/
Using name or logo of Blender is not allowed.
The add on does not use the Blender logo. The logo on the cover image is used to indicate that it supports Blender add on
All modifications completed
Okay, give me some time to fix it
This extension bundles byte-code compiled code __pycache__
,
which could differ from the original code in ways we can't easily validate and isn't necessary.
This should be removed, we recommend to use the extension build
command which wont include these files.
e.g. blender -c extension build
see: https://docs.blender.org/manual/en/dev/advanced/command_line/extension_arguments.html#command-line-args-extension-build
This add-on uses backslash literals as path separators which won't work on Linux or macOS.
Use os.sep
for the native path separator or utility functions such as os.path.join
or the pathlib
module.
Ref: directory = globals().get('directory') + '\\'
Completed
This add-on manipulates sys
submodule which is not allowed. And looking at it there isn't really a need for it. Just import modules with from . import __
.
error_prone_builtins:
Calls to potentially insecure functions exec()
& eval()
.
Besides security implications if this comes from an untrusted source. This often hints at poor code.
getattr(data, attr)
& setattr(data, attr, value)
can be an alternative.ast.parse(...)
then ast.literal_eval(node)
.output\CustomDragImport\source\CustomDragImport\wrap_handle.py:112:17:
exec(data, {**kwargs})
Sign in to comment.
Ready for review