A godot C# plugin which attempts to safely load external resources, mitigating bad actors from arbitrary code execution at runtime.
This attempts to scan for code signatures in any external resource loaded by Godot. If a code signature is detected, it will return an empty resource object. Otherwise, it will load the resource as intended.
The plugin registers a custom high-priority ResourceFormatLoader which only overloads resource loading when attempting to load an external resource or scene. From there, it scans external resource data for any embedded code within the resource or scene. If it finds a code signature, it will return an empty resource instance rather than the resource.
Import the add-on, and build the project. Once you build the project, enable the plugin within the project settings.
Yep! When the project runs, it will load the ExternalResourceLoader, which automatically overloads ResourceLoader::Load() internally. Whether the resource is loaded at runtime, or from a static reference, as long as it's an external resource, it will scan for embedded code.
Yes! Hook the signal ExternalPluginManager.Instance.ExternalResourceLoaded(string path, bool success) in order to receive a signal callback whenever an external resource fails to load. For example:
public override void _Ready()
{
ExternalResourceManager.Instance.ExternalResourceLoaded += (path, success) => {
GD.Print($"External resource {(success ? "failed to load" : "loaded")}: {path}");
};
}- Set up Github Actions for validating PRs and tag releases
- Add configurable addon settings
- Different modes for when a bad resource is detected
- Configurable blocklist for certain resource types
- Add the possibility for configurable directory exemptions
- Validate Godot 4.2.x+