search

doyensec / inql

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
https://doyensec.com/
Apache License 2.0
1.52k stars 156 forks source link

Live reload of the Python code #86

Open execveat opened 1 year ago

execveat commented 1 year ago

Add the liver reload functionality for the development. This should only affect Python code.

Implementation, roughly: add setting to enable live reload with a requirement to specify directory on the file system to use, instead of JAR file. Shuffle sys.path_hooks (as mentioned in Jython docs) to prioritize file system over JAR. Add a button "Reload InQL" that is only shown when debugging is enabled in the settings. On click issue Python 2's reload() command for each module (not sure whether this has to be every import statement? how do we track them?).

This only makes sense after the core functionality (like temporary directory creation) gets moved to Kotlin as we should tear down all UI elements & stop Python threads & recreate them after reload.

execveat commented 1 year ago

While at this, also investigate remote debugger viability. At first glance, it might work pydevd-pycharm in PyCharm and debugpy in Visual Studio Code. Not sure how useful it is, given that the goal is to rewrite UI functionality in Kotlin and the rest should be a separate library.

execveat commented 1 year ago

Just noticed this snippet from https://www.jython.org/jython-old-sites/docs/library/zipimport.html:

Using the built-in reload() function will fail if called on a module loaded from a ZIP archive; it is unlikely that reload() would be needed, since this would imply that the ZIP has been altered during runtime.

So, maybe we need to 1) enable debug setting; 2) reload extension; 3) upon reload detect debug setting and change sys.path_hooks, do the other stuff before loading modules as it won't be possible to modify them after they get loaded through zip.