Skip to main content

Safety & Security

At the end of the day, I'm just trying to give you as much freedom as humanly possible to do whatever the flying frick you want.

But at the same time, I'm also very concerned over the safey of the players of my game.

So I've done my best to balance freedom with safety. This has mainly been done through a combination of whitelisting and sandboxing.

Whitelisting

Whitelisting is a way for me to manually specify what types you can use, based on the following C# concepts, in your ModScripts:

  • Namespaces
  • Base Types
  • YOMG2 Singletons
  • Assembly prefixes

Here is the whitelist again, for your convenience:

Namespace whitelist

 "UnityEngine", "UnityEngine.U2D", "UnityEngine.EventSystem", "UnityEngine.InputSystem", "UnityEngine.UI", "UnityEngine.Rendering", "UnityEngine.Rendering.Universal", "UnityEngine.Audio", "UnityEngine.Animations", "UnityEngine.Events", "TMPro", "ETGgames", "ETGgames.Utils", "ETGgames.Extensions", "ETGgames.YOMG2.Extensions", "System.Collections.Generic", "System.Linq", "System.Collections"

Base Type whitelist

typeof(UnityEngine.Object), typeof(EventArgs), typeof(SettingsMemeItem)

Base type whitelist is used if the type wasn't found in the namespace whitelist, but only if it's in the YOMG2 assembly (Assembly-CSharp). It allows types that derive from the specified base types.

Singleton whitelist

typeof(PlayerManager), typeof(CameraManager), typeof(HUD), typeof(MemeUIManager), typeof(OpenNaNoorManager), typeof(PortalManager), typeof(AudioManager), typeof(GamepadInputProxies),

Singleton whitelist is used if the type is a Singleton

Assembly prefixes whitelist

 "UnityEngine.", "Unity.", "mscorlib", "netstandard", "Assembly-CSharp", "System"

Others

All YOMG2 interfaces, and all C# primitive types are allowed.

I think this is a pretty fair balance of freedom, as there's nothing in any of the included types that would allow for network access, operating system access, or input/output.

It essentially allows you access to most Unity code and most YOMG2 code, and some specific, harmless C# System libraries.

Sandboxing

Sandboxing is a way to restrict certain access to the environment your ModScript runs in. It is implemented by MoonSharp, and I've currently set it to Preset_SoftSandbox in this trimmed down enum:

[Flags]
public enum CoreModules
{
    // ...other enum cases
    Preset_SoftSandbox = Preset_HardSandbox | Metatables | ErrorHandling | Coroutine | OS_Time | Dynamic,
    Preset_HardSandbox = GlobalConsts | TableIterators | String | Table | Basic | Math | Bit32,
    Preset_Default = Preset_SoftSandbox | LoadMethods | OS_System | IO,
    Preset_Complete = Preset_Default | Debug,


}

If you are advanced enough to know what all the enum cases mean, this should make sense to you. Otherwise, if interested, look at the MoonSharp sandboxing docs.

Disagree? Please tell me.

If you can come up with a good reason as to why any of the above allows for a significant security risk to players, please create a bug report and I'll do my best to address it.

At the end of the day, I don't care about gameplay quality - that's on you. I only care about the safety of the player, and making sure they can't be hacked, i.e. network access is denied for sending sensitive data from their device to a hacker and sensitive file information can't be written to or read from the disk. And of course it shouldn't be allowed to manipulate any of the user's OS or software.