I would be wary of using andylizi's techniques - I think the code dances on the line of what is and isn't allowed.
why would it not be allowed?
Alex disables (some) reflection and (some) file operations. Using parts he did not (or could not) disable could be forbidden. Until he chimes in, though, it is a gray area. As such, committing to a mod that depends on these techniques could be disastrous for the mod itself (e.g. removed from the forums?).
Yeah, it's a bit of grey area. Regarding the use of reflection, however, I would argue that restrictions as a security precaution is not a good idea in the first place, at least not in its current form.
This is based on the idea that an incomplete and easily bypassable security measure is worst than no security measure at all. It can lure users into a false sense of safety, when the fact is that
running untrusted code from the Internet is fundamentally unsafe (unless it's in an industrial grade, battle-tested sandbox, like a modern browser).
For example, the game currently forbids file IO and reflection operation using a custom
ClassLoader. Even if we pretend there's no way to bypass those, a malicious attacker can still write:
Runtime.getRuntime().exec("format C:");
which is not forbidden, and much more dangerous than just "file IO"!
Now this isn't to say there's no solution. The "accepted" way to sandbox against malicious code is by setting up a
Security Manager. This is not trivial and difficult to do properly, and newer versions of Java are already planning to remove it entirely (
JEP 411: Deprecate the Security Manager for Removal):
The threat of accidental vulnerabilities in local code is almost impossible to address with the Security Manager. Many of the claims that the Security Manager is widely used to secure local code do not stand up to scrutiny; it is used far less in production than many people assume. There are many reasons for its lack of use……
But let's assume, for the sake of the argument, that we managed to set up a flawless Security Manager or other equivalent measures. Would that mean a mod can't act maliciously anymore? Well, there's still nothing to stop a mod from deleting a player's fleet and other assets "the legit way", and then saving the game… It's pure pettiness, but impossible to guard against.
I hesitate to address this, but the use of reflection is actually not the biggest problem of this kind of technique. The problem is, to use reflection to modify the game effectively, it necessarily requires privileged knowledge of the game's internal working.
One of the ways to acquire this knowledge is by reverse-engineering, which clearly violates Starsector's User License:
You agree that you will not, under any circumstances:
a. In whole or in part, copy or reproduce (except as provided herein), translate,
reverse engineer, derive source code from, modify, disassemble, decompile, or
create derivative works based on the Game;
(Which I
definitely did not do, of course. I actually got this knowledge from a dream I had, do you know? It was a very informative dream.
)
(Honestly, the legal status of mods is already a bit vague in my opinion. For example,
A "Mod" is defined as a set of graphics, data, and/or sound assets that adds new
content to or otherwise modifies the Game, but does not include the Game, and
requires the Game in order to be used.
This excludes all mods that contain scripts, as executable code obviously can't be counted as "graphics, data, and/or sound assets". It was last updated in 2012, maybe there aren't scripting APIs back then?)
Regarding creating mods by reverse-engineering, different games take different stances:
- Minecraft, famous for its lack of an official API, publishes its obfuscation mappings "in an effort to help make modding the game easier", with the restriction that one may only use these mappings for "development purposes" and may not "redistribute the mappings complete and unmodified" or share the deobfuscated source code. Even before that, they acquiesce in the existence of MCP and Forge.
- Don't Starve is written and distributed in unobfuscated Lua source files, so there isn't a concept of "reverse-engineering".
- Rimworld "provides a bunch of code snippets in ../Source/, relative to your Rimworld installation. Since this isn't a lot, one might want to take a look at the game's full source code. RimWorld's EULA allows you to decompile the game for personal use. It's recommended to read it." Patching the game code is done by using a library called Harmony.
- Factorio provides Lua APIs that can satisfy most modding needs; there's no need for reverse-engineering. No to mention is basically impossible to do so to a C++ game.
- Kerbal Space Program similarly provides a highly complete C# API.
So in the end, what is considered acceptable depends on the game developer. It's understandable if Alex decides he doesn't want these kinds of mods in his game after all. My intention for developing this mod and the similar
Dialog Minimap is to solve the pet peeves I have while playing, and I released it on the idea that other people could have the same issues. It'd be a pity, but ultimately not a big loss.
Edit 2: Do you mind if I steal some of your code? Ideally, would love to just use a lib of some sort (see above edit), but lacking that I can copy some of your classes instead. What I want to do is to replace your text field with normal button, and upon click show interaction dialog with (now easily moddable, since no reflection needed) filtering UI. On dialog close, either a new List<PlanetAPI> is generated & displayed, or a new dynamic filter is added and used for filtering.
Sure! You're welcome to it, if you still want to after the above.