How do developers allow for plug-ins in their apps

Question

I've seen in some applications that were written in compiled languages where plug-ins are accepted and the solution to the question of how still eludes me. For example in Eclipse, Google Chrome, Firefox, and IntelliJ developers can write plug-ins for the software and it runs as though it was apart of the program.

From my basic understanding, a program's code can't be altered after it's been compiled. So it begs the question, how is it that some Desktop and Mobile applications are accept plug-ins written by other developers after the program has been compiled?

What's the architecture behind it and how do developers check for malicious code and other mishaps?

Answer 1

I mean this is a partial answer and I can't say I know the defacto methods-- if there really are any -- but these are some things that come to mind, and it probably depends on whats appropriate:

• A dll --> this is probably your answer here and what you're looking for.
• Independent processes that consume data through a pipe, stdin, shared file, database, etc
• Separate service
• Interpreted plugin (think chrome extensions)

So the other part, I'm sure someone can explain dlls better than I can, but you have to figure this is essentially just opcodes and you could imagine pointing to a memory address for the next instruction during runtime instead of having that be statically determined beforehand. There's obviously details involved in that, but probably lower level than you care about since that's all abstracted away for the most part. There's probably a library that is provided by the software to interact with the main program (which ultimately is just pointing to some compiled code).

In terms of security, checking for malicious code? Eh my hunch is that there's probably less done here than you would think. Of course if you only expose certain parts of the code you should be fine, but if it's running as the same process I imagine you could potentially buffer overflow, and hit any part of the programs code that you want if you're smart about it. Maybe some static analyzers can check? I think in general plugins are much like downloading an executable on its own in the fact that you just kind of have to trust it to some extent. You could probably sandbox it by running it as a separate process w/ reduced privileges so you can't touch certain resources, have a separate address space, etc.

Answer 2

In Java you load the class from disk, and instantiate them from disk. The class should implement the interface the app expects from a plugin.

Obviously only plugin from trusted developers should be used. There's no way to avoid malware.

In this example I have this two files in the /tmp folder:

public interface ITest{
        public void test();
    }

and

 public class Test implements ITest {
        public void test(){
            System.out.println("OK");
        }
 }

In Eclipse I have this test class:

import java.io.File;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLClassLoader;


public class Loader {

    public static void main(String[] args) throws ClassNotFoundException, InstantiationException, IllegalAccessException, MalformedURLException {
        //folder containing the class I want to load
        File file = new File("/tmp/"); 
        URL url = file.toURL(); 
        URL[] urls = new URL[]{url};        
        ClassLoader cl = new URLClassLoader(urls);
        // name of the class, in this example is a literal
        Class c = cl.loadClass("Prueba"); 
        //creates an instance of the class loaded from disk 
        //and castes it to the expected interface, note than
        //an identical interface ITest exists in our project
        ITest p = (IPrueba)c.newInstance(); 
        //run a method of the class 
        p.test(); 
    }

}

Output:

OK