diff --git a/build.gradle b/build.gradle index 84cfbefca7ba..7252eed8e726 100644 --- a/build.gradle +++ b/build.gradle @@ -415,6 +415,8 @@ project(":tools"){ implementation arcModule("natives:natives-desktop") implementation arcModule("natives:natives-freetype-desktop") implementation arcModule("backends:backend-headless") + + implementation("io.github.pixee:java-security-toolkit:1.0.7") } } diff --git a/core/src/mindustry/content/Blocks.java b/core/src/mindustry/content/Blocks.java index f7b63bc6a432..df84f646edfc 100644 --- a/core/src/mindustry/content/Blocks.java +++ b/core/src/mindustry/content/Blocks.java @@ -1853,7 +1853,8 @@ public static void load(){ //TODO implement if(false) - barrierProjector = new DirectionalForceProjector("barrier-projector"){{ + { + barrierProjector = new DirectionalForceProjector("barrier-projector"){{ requirements(Category.effect, with(Items.surgeAlloy, 100, Items.silicon, 125)); size = 3; width = 50f; @@ -1864,6 +1865,7 @@ public static void load(){ consumePower(4f); }}; + } shockwaveTower = new ShockwaveTower("shockwave-tower"){{ requirements(Category.effect, with(Items.surgeAlloy, 50, Items.silicon, 150, Items.oxide, 30, Items.tungsten, 100)); diff --git a/core/src/mindustry/maps/generators/BaseGenerator.java b/core/src/mindustry/maps/generators/BaseGenerator.java index e38c5206feaa..d625915730fe 100644 --- a/core/src/mindustry/maps/generators/BaseGenerator.java +++ b/core/src/mindustry/maps/generators/BaseGenerator.java @@ -88,11 +88,13 @@ public void generate(Tiles tiles, Seq cores, Tile spawn, Team team, Sector //replace walls with the correct type (disabled) if(false) - pass(tile -> { + { + pass(tile -> { if(tile.block() instanceof Wall && tile.team() == team && tile.block() != wall && tile.block() != wallLarge){ tile.setBlock(tile.block().size == 2 ? wallLarge : wall, team); } }); + } if(wallAngle > 0){ diff --git a/core/src/mindustry/world/blocks/campaign/Accelerator.java b/core/src/mindustry/world/blocks/campaign/Accelerator.java index e1dde597c73a..1cc9de7d8e4c 100644 --- a/core/src/mindustry/world/blocks/campaign/Accelerator.java +++ b/core/src/mindustry/world/blocks/campaign/Accelerator.java @@ -113,7 +113,8 @@ public void buildConfiguration(Table table){ ui.showInfo("This block has been removed from the tech tree as of v7, and no longer has a use.\n\nWill it ever be used for anything? Who knows."); if(false) - ui.planet.showPlanetLaunch(state.rules.sector, sector -> { + { + ui.planet.showPlanetLaunch(state.rules.sector, sector -> { //TODO cutscene, etc... //TODO should consume resources based on destination schem @@ -122,6 +123,7 @@ public void buildConfiguration(Table table){ universe.clearLoadoutInfo(); universe.updateLoadout(sector.planet.generator.defaultLoadout.findCore(), sector.planet.generator.defaultLoadout); }); + } Events.fire(Trigger.acceleratorUse); } diff --git a/server/src/mindustry/server/ServerControl.java b/server/src/mindustry/server/ServerControl.java index a26507d857ef..c3f4fbdf70aa 100644 --- a/server/src/mindustry/server/ServerControl.java +++ b/server/src/mindustry/server/ServerControl.java @@ -10,6 +10,7 @@ import arc.util.Timer.*; import arc.util.serialization.*; import arc.util.serialization.JsonValue.*; +import io.github.pixee.security.BoundedLineReader; import mindustry.core.GameState.*; import mindustry.core.*; import mindustry.game.EventType.*; @@ -1146,7 +1147,7 @@ public void toggleSocket(boolean on){ BufferedReader in = new BufferedReader(new InputStreamReader(client.getInputStream())); socketOutput = new PrintWriter(client.getOutputStream(), true); String line; - while(client.isConnected() && (line = in.readLine()) != null){ + while(client.isConnected() && (line = BoundedLineReader.readLine(in, 5_000_000)) != null){ String result = line; Core.app.post(() -> handleCommandString(result)); } diff --git a/tools/src/mindustry/tools/Generators.java b/tools/src/mindustry/tools/Generators.java index fa954a41972e..40f8fbee5f5e 100644 --- a/tools/src/mindustry/tools/Generators.java +++ b/tools/src/mindustry/tools/Generators.java @@ -494,7 +494,8 @@ public void add(PageType type, String name, PixmapRegion region, int[] splits, i //TODO !!!!! currently just an experiment if(false) - generate("all-icons", () -> { + { + generate("all-icons", () -> { for(Seq arr : content.getContentMap()){ for(Content cont : arr){ if(cont instanceof UnlockableContent && !(cont instanceof Planet)){ @@ -512,6 +513,7 @@ public void add(PageType type, String name, PixmapRegion region, int[] splits, i } } }); + } generate("unit-icons", () -> content.units().each(type -> { if(type.internal) return; //internal hidden units don't generate diff --git a/tools/src/mindustry/tools/ScriptMainGenerator.java b/tools/src/mindustry/tools/ScriptMainGenerator.java index 1c84083efea1..fc72cf5bbf2a 100644 --- a/tools/src/mindustry/tools/ScriptMainGenerator.java +++ b/tools/src/mindustry/tools/ScriptMainGenerator.java @@ -10,6 +10,7 @@ import arc.math.*; import arc.struct.*; import arc.util.*; +import io.github.pixee.security.ZipSecurity; import mindustry.game.*; import mindustry.gen.*; import mindustry.io.*; @@ -140,7 +141,7 @@ public static Seq findClasses(File directory, String packageName) throws if(!directory.exists()) return classes; if(directory.getName().endsWith(".jar")){ - ZipInputStream zip = new ZipInputStream(new FileInputStream(directory)); + ZipInputStream zip = ZipSecurity.createHardenedInputStream(new FileInputStream(directory)); for(ZipEntry entry = zip.getNextEntry(); entry != null; entry = zip.getNextEntry()){ if(!entry.isDirectory() && entry.getName().endsWith(".class")){ String className = entry.getName().replace('/', '.');