Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
FMPVC
, output format or content may change with no change to the underlying FileMaker files or their DDR. Therefore, when using FMPVC
with a version control system, it is prudent to only run a new version fmpvc
on a clean repository and check for differences before proceeding.FMPVC
is a tool to help FileMaker developers by creating a set of text files which represent design objects in their databases (e.g. scripts, custom functions, layouts, etc.). fmpvc
has no access to database content. The command, fmpvc
, parses a Database Design Report (DDR) produced by FileMaker Pro Advanced and creates text files for each of the primary FileMaker objects described in the DDR. With those files the developer may:
DDR parsing is a one-way process, and there is currently no way to re-create a FileMaker file from DDR, Therefore, there is no direct way to restore, for instance, an old version of a FileMaker Script to your current working FileMaker file. The best we can do is retrieve the previous text version and examine it to recreate the FileMaker script manually. It is recommended that developers save clones of the FileMaker databases with each version control commit so that older versions of some of the items may be copied from the clone and pasted into latest versions (or, of course, entire databases may be restored).
FMPVC
is a ruby gem and may be installed as follows:
$ gem install fmpvc
FMPVC
will parse DDRs generated by FileMaker Pro Advanced versions 11, 12, 13, and 14 (before 0.3.3, FMPVC
would fail on DDRs produced by FileMaker Pro Advanced versions prior to 13).
FMPVC
requires both Nokogiri and ActiveSupport gems.
FMPVC
requires ruby 2.0 or later. FMPVC has only been tested on Mac OS X, and in it's current state, it is unlikely to work properly in a Windows ruby environment (due to line endings, file paths, etc.). fmpvc
should run fine on a Linux machine, but of course, the DDR generation requires FileMaker Pro Advanced, which is only available on Mac OS X and Windows.
By default the fmpvc
command looks for a Summary.xml
file in a directory called fmp_ddr
in the current working directory. It reads the contents of that file and then processes each of the referenced report files (there is one for each FileMaker file included in the DDR). It produces a set of text files and directories representing each database inside of the directory, fmp_text
. Example output looks like this:
├── fmp_clone/
│ └── FMServer_Sample Clone.fmp12
├── fmp_ddr/
│ ├── FMServer_Sample_fmp12.xml
│ └── Summary.xml
├── fmp_text/
│ └── FMServer_Sample_fmp12.xml/
│ ├── Accounts.txt
│ ├── CustomFunctions/
│ │ └── GetWorkDays (id 1).txt
...etc.
Usage in brief:
fmp_ddr
, to hold DDRSummary
fmp_clone
(this is not required)fmpvc
Command-line options:
-h Show help message
-b, --base-dir <directory> Path to base directory (contains fmp_ddr/).
-d, --ddr-dir <directory> Look for DDR files in directory named <directory>.
-D, --text-dir <directory> Write text files in directory named <directory>.
-q, --quiet Suppress progress messages.
-R, --no-record-info Suppress record specific information in Table YAML
-s, --summary-file <filename> Look for Summary file named <filename>.
-t, --tree-file <filename> Set tree file name.
-T, --no-tree Don't create a tree file.
-Y, --no-yaml Suppress YAML in text files.
By default, fmpvc
appends a YAML representation of the FileMaker element to each text file. fmpvc
doesn't capture all of the details of every FileMaker object, and even when it does, there are cases where there isn't an easy way to represent the object that is more concise or clear than the YAML description. In cases where fmpvc
doesn't describe an aspect of a FileMaker element, by including a full YAML representation, changes will not be missed in a diff. The YAML is typically more human-readable and easier to diff than the original XML from the DDR.
YAML generation can be suppressed with the -Y
command-line option.
The DDR includes record specific info in the Tables section:
This information appears in the YAML and causes the Tables files to change even with no changes to the database schema, and therefore, it's undesireable when using these files with a version control system. This record info (in the YAML) can be suppressed with the -R
command-line option (the default behavior is to include all information).
The tree command creates a textual representation of a directory and its filesystem objects. By default, fmpvc
searches for tree
in the shell's path and if it finds, one, uses it to create the file, ./fmp_text/tree.txt
.
tree
is not available by default on Mac OS X, but can be easily installed with a package manager such as homebrew. Most Linux installations include the tree
command.
After checking out the repo, run bin/setup
to install dependencies. Then, run bin/console
for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install
. To release a new version, update the version number in version.rb
, and then run bundle exec rake release
to create a git tag for the version, push git commits and tags, and push the .gem
file to rubygems.org.
git checkout -b my-new-feature
)git commit -am 'Add some feature'
)git push origin my-new-feature
)FAQs
Unknown package
We found that fmpvc demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.