Add oxide.disable-sandbox handling

diametric · lukespragg · commit 45cb427913ed · 2020-06-01T12:36:33.000-04:00
Can now disable the sandbox with a special file in the extension folder named oxide.disable-sandbox. Allows PInvoke and any blacklisted namespaces when that file is present. Requires restart to take effect.
diff --git a/src/CSharpExtension.cs b/src/CSharpExtension.cs
@@ -1,4 +1,4 @@
-﻿using Oxide.Core;
+using Oxide.Core;
 using Oxide.Core.Extensions;
 using Oxide.Core.Plugins.Watchers;
 using System;
@@ -43,6 +43,9 @@ public class CSharpExtension : Extension
         // The .cs plugin loader
         private CSharpPluginLoader loader;
 
+        // Is the sandbox enabled? (always default to true)
+        public static bool SandboxEnabled { get; private set; } = true;
+
         /// <summary>
         /// Initializes a new instance of the CSharpExtension class
         /// </summary>
@@ -72,6 +75,12 @@ public override void Load()
 
             // Register engine frame callback
             Interface.Oxide.OnFrame(OnFrame);
+
+            if (File.Exists(Path.Combine(Interface.Oxide.ExtensionDirectory, "oxide.disable-sandbox")))
+            {
+                Interface.Oxide.LogWarning($"{Path.Combine(Interface.Oxide.ExtensionDirectory, "oxide.disable-sandbox")} found, disabling security sandbox. Potentially dangerous APIs and methods are now allowed inside plugins.");
+                CSharpExtension.SandboxEnabled = false;
+            }
         }
 
         /// <summary>
diff --git a/src/CompiledAssembly.cs b/src/CompiledAssembly.cs
@@ -131,7 +131,7 @@ private void PatchAssembly(Action<byte[]> callback)
 
                             if (method.Body == null)
                             {
-                                if (method.HasPInvokeInfo)
+                                if (method.HasPInvokeInfo && CSharpExtension.SandboxEnabled)
                                 {
                                     method.Attributes &= ~MethodAttributes.PInvokeImpl;
                                     MethodBody body = new MethodBody(method);
@@ -340,6 +340,11 @@ private void PatchAssembly(Action<byte[]> callback)
 
         private static bool IsNamespaceBlacklisted(string fullNamespace)
         {
+            if (!CSharpExtension.SandboxEnabled)
+            {
+                return false;
+            }
+
             foreach (string namespaceName in BlacklistedNamespaces)
             {
                 if (!fullNamespace.StartsWith(namespaceName))

Original file line number	Diff line number	Diff line change
`@@ -131,7 +131,7 @@ private void PatchAssembly(Action<byte[]> callback)`
`131`	`131`
`132`	`132`	`if (method.Body == null)`
`133`	`133`	`{`
`134`		`- if (method.HasPInvokeInfo)`
	`134`	`+ if (method.HasPInvokeInfo && CSharpExtension.SandboxEnabled)`
`135`	`135`	`{`
`136`	`136`	`method.Attributes &= ~MethodAttributes.PInvokeImpl;`
`137`	`137`	`MethodBody body = new MethodBody(method);`
`@@ -340,6 +340,11 @@ private void PatchAssembly(Action<byte[]> callback)`
`340`	`340`
`341`	`341`	`private static bool IsNamespaceBlacklisted(string fullNamespace)`
`342`	`342`	`{`
	`343`	`+ if (!CSharpExtension.SandboxEnabled)`
	`344`	`+ {`
	`345`	`+ return false;`
	`346`	`+ }`
	`347`	`+`
`343`	`348`	`foreach (string namespaceName in BlacklistedNamespaces)`
`344`	`349`	`{`
`345`	`350`	`if (!fullNamespace.StartsWith(namespaceName))`