OWASP Amass is an information security tool that performs external network mapping and asset discovery. You can learn more about the project on GitHub, Snapcraft and Twitter.
The tool potentially accepts many input files and usually writes output files to a default output directory. It would be nice if this could be $HOME/.amass/ for future releases, and I would like to request permission to use the personal-files plug for read/write access to that directory.
FYI, $HOME/.amass is allowed to the snap, but the snap’s runtime sets $HOME to ~/snap/amass/<revision>. Are the output files meant to be directly accessed by users or are they only accessed via the amass tool (if the later, is $HOME/.amass enough?).
That said, the amass snap is the clear owner of $HOME/.amass; it sounds like you are saying that only output files put in this directory and not, configuration, etc. Is this accurate?
The output files are meant to be directly accessed by users. The user can put a configuration file in the directory, input files containing data that determine the tool’s behavior, a log file is generated there, text and JSON files, etc.
The amass tool is the clear owner of $HOME/.amass, yet read and write access is required. Currently, the $HOME/amass directory is being used because of this constraint imposed by snap.
Is this everything you require to move forward? We appreciate your assistance.
You mentioned that the user can put configuration files in this directory. Is the configuration forward and backward compatible such that if the user also installs amass via source, traditional package manager, etc, can the snap break the other install or vice versa? As mentioned, $HOME is set to ~/snap/amass/<revision> which is meant, in part, to avoid this sort of thing.
All of this is already taking place in ~/amass/ and we just want to change the name of the directory to ~/.amass/
Snapcraft has been preventing us from accomplishing this. I would like to make this change before Kali includes the tool in their next release without having to stop support for the Snapcraft package
The review-tools need a corresponding update that is committed but not yet in production. Once it is, it will pass automated review. In the meantime, you can request a manual review.