search

mottosso / Qt.py

Minimal Python 2 & 3 shim around all Qt bindings - PySide, PySide2, PyQt4 and PyQt5.
MIT License
914 stars 254 forks source link

Maya Security Tools flagging modules loaded by Qt.py when loading scene #415

Closed nicolas-psoft closed 3 months ago

nicolas-psoft commented 4 months ago

Not sure if I should post this here since this is not really a bug and it might not be possible to fix it on the Qt.py side.

Our Maya plugin uses Qt.py.

However, if our plugin is loaded by a scene file using it, the Maya Security Tools warning will pop up multiple times to flag modules and functions used by Qt.py. Maya Security Tools: https://apps.autodesk.com/MAYA/ja/Detail/Index?id=8637238041954239715&appLang=en&os=Linux

Looking at the error stack, it looks like Shiboken (used by Qt.py) is the one actually triggering the warnings.

# File "<Plugin scripts path>/Qt_py/Qt.py", line 1522, in setWeight
# wrapper.__doc__ = func.__doc__
# File "shibokensupport/signature/loader.py", line 43, in make_helptext
# File "shibokensupport/signature/errorhandler.py", line 131, in make_helptext
# File "shibokensupport/signature/loader.py", line 31, in pyside_type_init
# File "shibokensupport/signature/parser.py", line 528, in pyside_type_init
# File "shibokensupport/signature/mapping.py", line 166, in update

This was observed with Maya 2025.1 and Qt.py 1.4.1.

These warnings can be avoided by loading our plugin first, before opening the scene.

But is there a known way to avoid them if the plugin is loaded by the scene without turning off the security checks or pre-allowing in the settings all the modules and functions being flagged (which might not be safe when loading files from unknown sources)?

Thanks!

mottosso commented 4 months ago

To confirm, does this happen when not using Qt.py? It's highly unlikely Qt.py can do anything about this. I would have expected shiboken to already be on Maya's PYTHONPATH and thus not be caught by security. Qt.py should be too, but it doesn't sound related to Qt.py

nicolas-psoft commented 4 months ago

I'll try to isolate the problem some more and come back to you.

nicolas-psoft commented 3 months ago

It turns out that the warnings pop up when importing any Python module from outside of Python (in C++ or using mel) while loading a file. So it is not related to Qt.py after all, it was just that Qt.py was ending up at the end of the calling stack in the warning messages.