Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

do not allow modules to import unsafe engine classes #4639

Closed
keturn opened this issue May 1, 2021 · 3 comments · Fixed by #4747
Closed

do not allow modules to import unsafe engine classes #4639

keturn opened this issue May 1, 2021 · 3 comments · Fixed by #4747
Assignees
@keturn
Labels
Blocker Issue reporting or PR addressing a critical problem that blocks other efforts Category: Security Requests, Issues and Changes targeting security Type: Bug Issues reporting and PRs fixing problems
Milestone
v5.0.0

Comments

@keturn
Copy link
Member

keturn commented May 1, 2021

The Malicious module detected a regression in #4622 that allows modules to import any class in the org.terasology.engine package.

Related: MovingBlocks/gestalt#112

It would help to have a test for this as part of the normal automated test suite that doesn't require manually launching a game and searching the logs.
@keturn keturn added Type: Bug Issues reporting and PRs fixing problems Category: Security Requests, Issues and Changes targeting security Blocker Issue reporting or PR addressing a critical problem that blocks other efforts labels May 1, 2021
@keturn keturn added this to the v4.4.0 milestone May 1, 2021
@keturn
Copy link
Member Author

keturn commented May 2, 2021

I stashed some work in progress where I was experimenting with this at keturn@e95fc8d

@keturn keturn self-assigned this May 2, 2021
This was referenced May 3, 2021
Open
Merged
@keturn
Copy link
Member Author

keturn commented May 14, 2021

Ah, at least part of why I didn't want to merge that WIP commit as-is is because there are some refactorings in there like static Module loadAndConfigureEngineModule(…) that I didn't actually end up making use of.

(because as I wrote tests, it became clear that the tests I was trying to write depended upon the combination of that and stuff from setupSandbox and/or loadEnvironment)

and I'm not sure if the stuff I was trying to do with org.terasology.unittest.stubs was in a working state

@keturn keturn mentioned this issue Jun 5, 2021
Merged
1 task
@jdrueckert
Copy link
Member

jdrueckert commented Jun 12, 2021
edited by skaldarnar
Loading

Fixed by MovingBlocks/gestalt#112

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@keturn keturn

Labels
Blocker Issue reporting or PR addressing a critical problem that blocks other efforts Category: Security Requests, Issues and Changes targeting security Type: Bug Issues reporting and PRs fixing problems
Projects
None yet
Milestone
v5.0.0
Development

Successfully merging a pull request may close this issue.

chore(ModuleManager): refactor and document engine module setup MovingBlocks/Terasology
2 participants
@keturn @jdrueckert