你如何禁止用户在Groovy脚本中做坏事? [英] How do you forbid users from doing evil things in Groovy Scripts?
问题描述
我打算将Groovy脚本引擎整合到我的游戏中,这样游戏就会具有很好的可修饰性,但是如何防止玩家编写恶意脚本,如删除C:盘上的所有文件?
$ b 默认情况下,Groovy包含类似于 java.io.File
的库,因此一旦他们决定编写这样的脚本。
我想我不能阻止用户编写像之类的东西,而(1 == 1){}
但无论如何至少不允许它们允许删除/修改文件或危险的PC?
Cedric Champeau博客,第二部分展示了如何使用 SecureASTCustomizer
和 CompilerConfiguration
来限制脚本可以执行的操作(然后定义自己的AST检查的例子 System.exit
等...
I'm planning to integrate Groovy Script Engine to my game so it will give the game nice moddability but how do you prevent players from writing evil scripts like deleting all files on C: drive?
Groovy includes library like java.io.File
by default so it will be pretty easy to do once they decided to write such scripts.
I guess I can't prevent users from writing something like while(1==1){}
but is there anyway to at least not let them allow to delete/modify files or something dangerous for PCs?
There's a blog post by Cedric Champeau on customising the Groovy Compilation process, the second part of it shows how to use SecureASTCustomizer
and CompilerConfiguration
to limit what Scripts can do (and then has examples of defining your own AST checks for System.exit
, etc...
这篇关于你如何禁止用户在Groovy脚本中做坏事?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!