Page 1 of 1

RouterOS Script Package Manager

Posted: Thu Aug 12, 2021 1:48 pm
by Cloudisparu
Hi, I'm glad to introduce rspm https://github.com/Detavern/rspm to the community.

It's a package manager for RouterOS script. You can use rspm to install and share script packages.
It also provide many useful script packages for RouterOS, which support rspm itself and fulfill the missing string operation, datetime operation and so on.

If you like it, please star and watch the project on github.
If you have some really good idea, you can open an issue and let me know.

Quick Example

String Operations
# split
:put [$Split "a,b,c,d" ","];
# result: a;b;c;d

# rsplit
:put [$RSplit "a,b,c,d" "," 1];
# result: a,b,c;d

# join
:local a {"a";"b";"c";"d";"e"};
:put [$Join "/" $a];
# result: a/b/c/d/e

# strip
:put [$Strip ("hello world") "hed"];
# result: llo worl

Datetime Operations
# get current datetime
:put [$GetCurrentDatetime ];
# result: 2021;8;26;3;4;32

# convert system clock to datetime
:put [$ToDatetime [/system clock print as-value ]];
# result: 2021;8;26;3;4;32

# from array
:local sdt {"date"="aug/26/2021"; "time"=0:0:0};
:put [$ToDatetime $sdt];
# result: 2021;8;26;0;0;0

# datetime shift by timedelta
:local dt {2021;2;28;0;0;0};
# timedelta: years, months, days, hours, minutes and seconds
:local td {days=1095;minutes=1500};
:put [$ShiftDatetime $dt $td];
# result: 2024;2;29;1;0;0

# datetime shift by time
:local dt {2021;2;28;0;0;0};
# time
:local t -364d0:1000:00;
:put [$ShiftDatetime $dt $t];
# result: 2020;2;29;7;20;0

JSON Operations
# JSON loads
:local s "{\"text\": \"hello world!\"}";
:local array [[$GetFunc "tool.json.loads"] Str=$s];
$Print $array;

# JSON dumps
:local a {
    "a"={
        "aa"=true;
        "ab"=false;
        "ac"=$Nil;
        "b"={1;2;3;4;{"ccc"="dwafagcsad";}};
    };
    "s"="asdvasd";
    "ip"=1.2.3.4;
    "ip-range"=1.0.0.0/8;
    "ipv6"=ffff::0000;
    "time"=12:00:59;
}
# no indent
:put [[$GetFunc "tool.json.dumps"] Obj=$a];
# use indent
:put [[$GetFunc "tool.json.dumps"] Obj=$a Indent=4];

Script Sharing
source code here: https://github.com/Detavern/rspm-pkg-hello-world
You can follow the structure and make your own package
:local metaInfo {
    "name"="rspm.hello-world";
    "author"="rspm";
    "version"="1.0.0";
    "description"="rspm package example: hello-world";
    "url"="https://raw.githubusercontent.com/Detavern/rspm-pkg-hello-world/master/hello-world.rsc";
};

# $helloWorld
# kwargs: Name=<str>    substitution of string "world"
:local helloWorld do={
    :global IsNothing;
    :if ([$IsNothing $Name]) do={
        :put "Hello world!";
    } else {
        :put ("Hello $Name!");
    }
}

:local package {
    "metaInfo"=$metaInfo;
    "helloWorld"=$helloWorld;
}
:return $package;

install and invoke it on routeros
# install
[[$GetFunc "rspm.install"] URL="https://raw.githubusercontent.com/Detavern/rspm-pkg-hello-world/master/hello-world.rsc"];
# invoke
[[$GetFunc "rspm.hello-world.helloWorld"]];
[[$GetFunc "rspm.hello-world.helloWorld"] Name="Alice"];

Re: RouterOS Script Package Manager

Posted: Thu Aug 12, 2021 1:57 pm
by andriys
Reinventing the wheel continues...

Have you seen this MUM presentation?
https://www.youtube.com/watch?v=B9neG3oAhcY (Slides: https://mum.mikrotik.com/presentations/ ... 338589.pdf)

Re: RouterOS Script Package Manager

Posted: Thu Aug 12, 2021 2:13 pm
by rextended
I already see the same with different names 3, 4, 5 times?

1st big issue: arbitrary code execution from importing script inside RouterOS.

No one in the world can guarantee us that no one (with or without your knowledge),
or yourself (why not),
or on someone else's remote scripts,
place malicious script parts inside,
all the machines that download the scripts would be compromised.

We trust MikroTik, true, also on MikroTik RouterOS can be the same,
but trust ANYONE for do that is a security breach

I write script and put it on MikroTik forum, but the users must copy & paste all by hand,
not in automated way, all your script is long and complcated, not everytime one can read all for be sure everything is ok.

If you want share snippet, no problem, indeed, thank you very much,
But if you want "complicate the bread", no thanks.

Re: RouterOS Script Package Manager

Posted: Thu Aug 12, 2021 2:35 pm
by rextended
Reinventing the wheel continues...

Have you seen this MUM presentation?
https://www.youtube.com/watch?v=B9neG3oAhcY (Slides: https://mum.mikrotik.com/presentations/ ... 338589.pdf)

The problem is here:
Please...
  • ...use it
  • ...clone or fork!
  • ...send your patches!
  • ...send your feedback!
Always the 2nd choice ...
Instead of helping what already exists ...

Re: RouterOS Script Package Manager

Posted: Thu Aug 12, 2021 4:40 pm
by Cloudisparu
Reinventing the wheel continues...

Have you seen this MUM presentation?
https://www.youtube.com/watch?v=B9neG3oAhcY (Slides: https://mum.mikrotik.com/presentations/ ... 338589.pdf)

The problem is here:
Please...
  • ...use it
  • ...clone or fork!
  • ...send your patches!
  • ...send your feedback!
Always the 2nd choice ...
Instead of helping what already exists ...
Hi, glad to hear your response, long answer here.
First question of arbitrary code execution, it is the elephant in the room. I do realize it, and I certainly cannot guaranting anything. I'm pretty sure none of us don't expect a better script interpreter, that thing simply doesn't existed for a long time. And won't come true in the near future, since Mikrotik is busy preparing for their new v7 and new kernel.

Security first! which by no means we should do copy, paste, modify job all the day for maybe a tiny NIC change of hardware. Since you have noticed 3 to 5 or more similar projects before, you should realize the huge demand behind it. Automation may not fit for the current RouterOS, but it should take a place in the future product.

And come back to rspm itself, it is not a running service in the background. It only downloads global functions such as string operation, time operation and rspm itself into your local script repository and schedule the load of global functions by default. It do nothing unless you type something like all other kinds of command. It may have bugs or vulnerabilities, but no mistakes for doing nothing. That's simply not my attitude. RSPM help you distribute your code/logic snippet because it makes no sense to throw the same snippet everywhere in your scripts. It accelerate the procedure after you have fully read the scripts or aka, know exactly what you are doing.

I dare to say, quite a lot users just glance at the script and execute it and hope it can do sth magically. Wouldn't it be nicer to build a repository and let everyone audit it?
Anyway, I'm not the first person and i won't be the last. My intention is just to let the script writers have a better experience, and rspm is just a compromise.

Re: RouterOS Script Package Manager

Posted: Thu Aug 12, 2021 4:44 pm
by rextended
To be clear, nothing personal.
But ignoring "security concept", and "do not accept candy from strangers",
when I made a script must be autonomus.
I do not want one "repository" once modified, for some reason,
cause my others scripts to fail, why not, also for my wrong use of one function.

Re: RouterOS Script Package Manager

Posted: Thu Aug 12, 2021 5:30 pm
by Cloudisparu
Dont worry, nothing personal at all.
On opposite, I learned quite a lot from your scripts.
Your default filewall rules still running on my device...

Re: RouterOS Script Package Manager

Posted: Thu Aug 12, 2021 5:49 pm
by rextended
Thanks for telling me, really gentle.

Re: RouterOS Script Package Manager

Posted: Wed Aug 18, 2021 6:13 pm
by eworm
We trust MikroTik, true, also on MikroTik RouterOS can be the same,
but trust ANYONE for do that is a security breach
I can not disagree more.
I do trust Mikrotik as well, but nobody from outside Mikrotik can guarantee that there's no malicious code inside RouterOS. After all it's closed source.

My scripts are open source, and every change is documented with a commit message. So everybody is free to review and verify my code - including you.
Nobody is forced to use it without verification.

BTW, Linux is open source and I contributed there as well. So is RouterOS insecure after all? ;-p
I write script and put it on MikroTik forum, but the users must copy & paste all by hand,
not in automated way, all your script is long and complcated, not everytime one can read all for be sure everything is ok.
I am sure a forum is not suitable for a development platform. Someone posts code, another person modifies it and posts it again... Different versions sum up - every one with its own issues.

I am happily using git (in combination with development platforms like github or gitlab). Anybody can contribute changes - and all revisions are documented.

BTW, if anybody does not want automated updates but use a version verified by her/him - just clone the repository and use that. As git is used even merging changed manually (after verification) is perfectly possible.
If you want share snippet, no problem, indeed, thank you very much,
But if you want "complicate the bread", no thanks.
My code is more complicated than most snippets here in the forum. But it is well tested and works out-of-the box.
And I can use features (for example reliably sending notifications) with just a single call of a function. Also there's just a single place for configuration.
Well, I am glad I escaped copy-and-paste snippet hell.

Given that my code runs on thousands of devices without complaints shows that it works pretty well I guess.

Re: RouterOS Script Package Manager

Posted: Wed Aug 18, 2021 6:32 pm
by rextended
Dear Christian,
nothing personal, that's my point of view,
but if I had to choose between the various script repository authors, I would also give you the passwords of my routers.
There is a nice difference, we "know" you...
You are not a one-post-and-go user registered on 21 Jun 2018 and first (and unique 3) post on 12 Aug 2021
like old MikroTik users used from the spam bots, for weakness of the password... Like @Cloudisparu

R.

Re: RouterOS Script Package Manager

Posted: Wed Aug 25, 2021 2:47 pm
by Cloudisparu
Wait, that couldn't be more personal, I still read these updates!