Version: 265.0.3

Validate that content assemblies have a limited list of names.
Also, only read assemblies once from disk (cherry picked from commit 443a8dfca65be7d60c4bd46181b4c749b4756114)
2026-02-15 03:30:53 +01:00 · 2025-09-26 13:40:40 +02:00 · 2025-09-26 13:40:40 +02:00
8 changed files with 35 additions and 18 deletions
--- a/MSBuild/Robust.Engine.Version.props
+++ b/MSBuild/Robust.Engine.Version.props
@@ -1,4 +1,4 @@
 <Project>

-    <!-- This file automatically reset by Tools/version.py -->
+    <!-- This file automatically reset by Tools/version.py -->

--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -54,6 +54,9 @@ END TEMPLATE-->
 *None yet*


+## 265.0.3
+
+
 ## 265.0.2


--- a/Robust.Shared.Maths/Properties/AssemblyInfo.cs
+++ b/Robust.Shared.Maths/Properties/AssemblyInfo.cs
@@ -6,4 +6,3 @@

 [assembly: InternalsVisibleTo("Robust.Client")]
 [assembly: InternalsVisibleTo("Robust.UnitTesting")]
-[assembly: InternalsVisibleTo("Content.Benchmarks")]
--- a/Robust.Shared/ContentPack/AssemblyTypeChecker.Config.cs
+++ b/Robust.Shared/ContentPack/AssemblyTypeChecker.Config.cs
@@ -88,6 +88,7 @@ namespace Robust.Shared.ContentPack
            public string SystemAssemblyName = default!;
            public HashSet<VerifierError> AllowedVerifierErrors = default!;
            public List<string> WhitelistedNamespaces = default!;
+            public List<string> AllowedAssemblyPrefixes = default!;
            public Dictionary<string, Dictionary<string, TypeConfig>> Types = default!;
        }

--- a/Robust.Shared/ContentPack/AssemblyTypeChecker.cs
+++ b/Robust.Shared/ContentPack/AssemblyTypeChecker.cs
@@ -131,6 +131,16 @@ namespace Robust.Shared.ContentPack
                return false;
            }

+#pragma warning disable RA0004
+            var loadedConfig = _config.Result;
+#pragma warning restore RA0004
+
+            if (!loadedConfig.AllowedAssemblyPrefixes.Any(allowedNamePrefix => asmName.StartsWith(allowedNamePrefix)))
+            {
+                _sawmill.Error($"Assembly name '{asmName}' is not allowed for a content assembly");
+                return false;
+            }
+
            if (VerifyIL)
            {
                if (!DoVerifyIL(asmName, resolver, peReader, reader))
@@ -179,10 +189,6 @@ namespace Robust.Shared.ContentPack
                return true;
            }

-#pragma warning disable RA0004
-            var loadedConfig = _config.Result;
-#pragma warning restore RA0004
-
            var badRefs = new ConcurrentBag<EntityHandle>();

            // We still do explicit type reference scanning, even though the actual whitelists work with raw members.
--- a/Robust.Shared/ContentPack/ModLoader.cs
+++ b/Robust.Shared/ContentPack/ModLoader.cs
@@ -93,19 +93,23 @@ namespace Robust.Shared.ContentPack
        {
            var sw = Stopwatch.StartNew();
            Sawmill.Debug("LOADING modules");
-            var files = new Dictionary<string, (ResPath Path, string[] references)>();
+            var files = new Dictionary<string, (ResPath Path, MemoryStream data, string[] references)>();

            // Find all modules we want to load.
            foreach (var fullPath in paths)
            {
                using var asmFile = _res.ContentFileRead(fullPath);
-                var refData = GetAssemblyReferenceData(asmFile);
+                var ms = new MemoryStream();
+                asmFile.CopyTo(ms);
+
+                ms.Position = 0;
+                var refData = GetAssemblyReferenceData(ms);
                if (refData == null)
                    continue;

                var (asmRefs, asmName) = refData.Value;

-                if (!files.TryAdd(asmName, (fullPath, asmRefs)))
+                if (!files.TryAdd(asmName, (fullPath, ms, asmRefs)))
                {
                    Sawmill.Error("Found multiple modules with the same assembly name " +
                                  $"'{asmName}', A: {files[asmName].Path}, B: {fullPath}.");
@@ -122,10 +126,10 @@ namespace Robust.Shared.ContentPack

                Parallel.ForEach(files, pair =>
                {
-                    var (name, (path, _)) = pair;
+                    var (name, (_, data, _)) = pair;

-                    using var stream = _res.ContentFileRead(path);
-                    if (!typeChecker.CheckAssembly(stream, resolver))
+                    data.Position = 0;
+                    if (!typeChecker.CheckAssembly(data, resolver))
                    {
                        throw new TypeCheckFailedException($"Assembly {name} failed type checks.");
                    }
@@ -137,14 +141,15 @@ namespace Robust.Shared.ContentPack
            var nodes = TopologicalSort.FromBeforeAfter(
                files,
                kv => kv.Key,
-                kv => kv.Value.Path,
+                kv => kv.Value,
                _ => Array.Empty<string>(),
                kv => kv.Value.references,
                allowMissing: true); // missing refs would be non-content assemblies so allow that.

            // Actually load them in the order they depend on each other.
-            foreach (var path in TopologicalSort.Sort(nodes))
+            foreach (var item in TopologicalSort.Sort(nodes))
            {
+                var (path, memory, _) = item;
                Sawmill.Debug($"Loading module: '{path}'");
                try
                {
@@ -156,9 +161,9 @@ namespace Robust.Shared.ContentPack
                    }
                    else
                    {
-                        using var assemblyStream = _res.ContentFileRead(path);
+                        memory.Position = 0;
                        using var symbolsStream = _res.ContentFileReadOrNull(path.WithExtension("pdb"));
-                        LoadGameAssembly(assemblyStream, symbolsStream, skipVerify: true);
+                        LoadGameAssembly(memory, symbolsStream, skipVerify: true);
                    }
                }
                catch (Exception e)
@@ -174,7 +179,7 @@ namespace Robust.Shared.ContentPack

        private (string[] refs, string name)? GetAssemblyReferenceData(Stream stream)
        {
-            using var reader = ModLoader.MakePEReader(stream);
+            using var reader = ModLoader.MakePEReader(stream, leaveOpen: true);
            var metaReader = reader.GetMetadataReader();

            var name = metaReader.GetString(metaReader.GetAssemblyDefinition().Name);
--- a/Robust.Shared/ContentPack/Sandbox.yml
+++ b/Robust.Shared/ContentPack/Sandbox.yml
@@ -17,6 +17,10 @@ WhitelistedNamespaces:
 - Content
 - OpenDreamShared

+AllowedAssemblyPrefixes:
+- OpenDream
+- Content
+
 # The type whitelist does NOT care about which assembly types come from.
 # This is because types switch assembly all the time.
 # Just look up stuff like StreamReader on https://apisof.net.
--- a/Robust.Shared/Properties/AssemblyInfo.cs
+++ b/Robust.Shared/Properties/AssemblyInfo.cs
@@ -9,7 +9,6 @@
 [assembly: InternalsVisibleTo("Robust.UnitTesting")]
 [assembly: InternalsVisibleTo("OpenToolkit.GraphicsLibraryFramework")]
 [assembly: InternalsVisibleTo("DynamicProxyGenAssembly2")] // Gives access to Castle(Moq)
-[assembly: InternalsVisibleTo("Content.Benchmarks")]
 [assembly: InternalsVisibleTo("Robust.Benchmarks")]
 [assembly: InternalsVisibleTo("Robust.Client.WebView")]
 [assembly: InternalsVisibleTo("Robust.Packaging")]
Author	SHA1	Message	Date
PJB3005	50534cc3bb	Version: 265.0.3	2025-09-26 13:40:40 +02:00
PJB3005	263ffbdd8f	Validate that content assemblies have a limited list of names. Also, only read assemblies once from disk (cherry picked from commit 443a8dfca65be7d60c4bd46181b4c749b4756114)	2025-09-26 13:40:40 +02:00