mertgunduz / yiffy Goto Github PK

configuration file:

IS_NSFW=NO
IMG_DISPLAY_COMMAND=ascii-image-converter

credentials file:

API_KEY=
USERNAME=

NOTE:
Since the updates on formatting, the config-credential reading/modifying files should be written from scratch.

Add plog system to files, make it work if only plog is on in the configuration file.

Default on.

Works in search.c and fetch.

yiffy --key "api key"

it will be used for search function api access.

Change the documentation, app name, repo name and comments.

The whole codebase will be checked after the development by using cppcheck.

Also the whole code files will be manually checked.

The whole code security will be checked after the development and poor security code blocks will be rewritten to ensure security.

1: Check vulnerable functions like gets, strcpy, etc...
2: Static code analysis with cppcheck and flawfinder.
3: Memory analysis with Valgrind.

Some distros like gentoo uses different build systems.

It is needed to create folder and readme for all installation distros provided.

gentoo.sh installation file needed for easy setup.

for reference, debian.sh installation file can be checked to get general idea about how it works.

https://github.com/MertGunduz/yiffy/blob/main/install/debian.sh

We need to add table-completion system to yiffy.

For example when we do tab to this command: yiffy --nsfw

it will show this:

on off

To make the folders and code more managable, the msg folder needed to be seperated into two different folders to have a better managability/scalability.

new:

msg/info_msg
msg/err_msg

arch.sh installation file needed for easy setup.

for reference, debian.sh installation file can be checked to get general idea about how it works.

https://github.com/MertGunduz/yiffy/blob/main/install/debian.sh

There's no man page of yiffy.

The --ivcommand added to system as a new feature, plog will be discontinued.

Check the potential bugs/errors in the code related to the --ivcommand feature.

yiffy --username "username"

it will be used for search function api access.

The conf_nsfw.c is used to configure the data by adding or deleting "nsfw" keyword from the /home/user/.yiffy/yiffy-config.txt config file.

It does the job without any bug but code is relatively hard to read and needs commenting.

Source File
https://github.com/MertGunduz/yiffy/blob/main/src/conf/conf_nsfw.c

From the 78th line to the end-of-file, the code needs more documentation.

/src/msg/file_open_error_msg.c needs bugfix.

If the file pointer is NULL, you shouldn't do fclose on it. It will cause undefined behavior.

It might crash or harm current loaded memory on old systems.

/**
 * @file file_open_error_msg.c
 * 
 * @brief This file is used to show some information about file permissions when yiffy is not able to read file.  
 * 
 * @author Mehmet Mert Gunduz ([email protected])
 * 
 * @date 05/08/2023
*/

#include "yiffy_messages.h"

/**
 * @brief Shows some information about file permissions when yiffy is not able to read file.  
 * 
 * @param file This is used to close the file. 
*/
void file_open_error_msg(FILE *file)
{ 
    fprintf(stderr, "yiffy: error opening the file.\n");
    fprintf(stderr, "yiffy: please check the file read-write permissions.\n");

    fclose(file);
}

The FILE *file parameter and fclose function should be removed from the code.

After removing the code files using this function should be fixed.

to create a release these should be finished:

#19

#18
#17
#16
#15

#12
#10

#2
#1

The conf_plog.c is used to configure the data by adding or deleting "plog" keyword from the /home/user/.yiffy/yiffy-config.txt config file.

It does the job without any bug but code is relatively hard to read and needs commenting.

Source File
https://github.com/MertGunduz/yiffy/blob/main/src/conf/conf_plog.c

From the 78th line to the end-of-file, the code needs more documentation.

Enable stack protection to help prevent stack buffer overflow attacks

-fstack-protector-all

Enable additional checks for some standard library functions to detect buffer overflows

-D_FORTIFY_SOURCE=2

Generate position-independent code (PIC) suitable for use in a shared library

-fPIE

Create a position-independent executable (PIE)

-pie

Enable read-only relocations (RELRO) for more secure memory handling

-Wl,-z,relro

When enabled, the dynamic linker will resolve symbols when the application is started, reducing the risk of certain types of attacks

-Wl,-z,now

yiffy uses these additional packages and programs:

• gcc
• build-essential
• ascii-image-converter
• aria2
• cmake
• make
• libncurses-dev

Before creating the requests and using the program, it should do a dependency check in the https://github.com/MertGunduz/yiffy/blob/main/src/app/yiffy.c file.

The main reason doing this is missing dependencies can create problems like undefined behaviour etc... in some systems.

So we need to implement this feature to yiffy.

wgen will be removed and replaced with error show system werror.

bsd.sh installation file needed for easy setup.

for reference, debian.sh installation file can be checked to get general idea about how it works.

https://github.com/MertGunduz/yiffy/blob/main/install/debian.sh

search.c needs to written from scratch.

ncurses menu, cjson, aria2, etc...

UI:

The search.c is used to search e621/e926 posts by using a TUI .

It is really hard to maintain because code is very big and we want to make it more modular.

Source File
https://github.com/MertGunduz/yiffy/blob/main/src/search/search.c

We need to change the mallocs to callocs to provide a better security to fix some bugs.

Implement a new changeable image output/show system to yiffy.

The system will read it ~/.yiffy/yiffy-config.txt

For example: wgen:nsfw:ascii-image-converter

And system will read it then start the process.

It can use these image output/show applications:

• ascii-image-converter (default dependency)
• tiv
• timg
• jp2a
• img2sixel

Command system: yiffy --image-app ascii-image-converter

The project has a .vscode folder, it has to be removed.

And we have to add .vscode folder to .gitignore.

search.c, fetch.c, dfetch.c can't be used without the credentials because api doesn't provide some posts when they aren't provided to api as a get method.

The wanted api request for search function:

https://e621.net/posts.json?login=USERNAME&api_key=API_KEY&limit=POST_LIMIT&page=PAGE_INDEX&tags=SELECTED_TAGS
https://e926.net/posts.json?login=USERNAME&api_key=API_KEY&limit=POST_LIMIT&page=PAGE_INDEX&tags=SELECTED_TAGS

if the credentials aren't provided to the application, it'll give an error message that indicates no credentials were provided to the program.

The current api availability control system isn't working well. A better one needed.

fedora.sh installation file needed for easy setup.

for reference, debian.sh installation file can be checked to get general idea about how it works.

https://github.com/MertGunduz/yiffy/blob/main/install/debian.sh

For loops are using this in the current codebase:

for (int i = 0; i < NUM; i++)
{
      // code
}

We want to make it like this for better readability and optimisation:

for (size_t i = 0; i < NUM; i++)
{
      // code
}

In some countries e621/e926 is banned.

Implement a ping check before to https://github.com/MertGunduz/yiffy/blob/main/src/app/yiffy.c file, if you can't send ping. Then you are in prohibited access zone to e621/e926 like Middle East and some African countries.

If it happens then give users a message that says it might be banned in your country or you can't access e621/e926 (whatever is used in client side), please use a vpn or proxy to access.

The whole code documentation will be checked after the development and poor docs will be rewritten.

The search.c is used to search e621/e926 posts by using a TUI .

It does the job without any bug but code is relatively hard to read and needs comments.

Source File
https://github.com/MertGunduz/yiffy/blob/main/src/search/search.c