unity openurl
The Unity Security team focuses on helping Unity creators build more trustworthy games and applications. Tune in to this blog series for tips, techniques, and recommendations for creating more secure games and apps with Unity.
Unity安全团队致力于帮助Unity创作者构建更值得信赖的游戏和应用程序。 收看该博客系列,以获取有关使用Unity创建更安全的游戏和应用程序的提示,技巧和建议。
Today we are launching an ongoing blog series about developing securely with Unity. This series will provide content that Unity developers can apply directly in their games and applications. We hope to cover a variety of topics ranging from basic to advanced knowledge, focused on best practices within using Unity products and services. If there’s a subject you’d like to read about, let us know. We look forward to your feedback. The primary focus of this blog is an overview of URL handlers.
今天,我们将发布一个有关使用Unity安全开发的持续博客系列。 本系列内容将提供Unity开发人员可以直接在其游戏和应用程序中应用的内容。 我们希望涵盖从基础知识到高级知识的各种主题,重点是使用Unity产品和服务的最佳实践。 如果您想阅读一门学科,请告诉我们。 我们期待您的反馈。 本博客的主要重点是URL处理程序的概述。
如何在Unity应用中安全使用URL处理程序和OpenURL (How to use URL handlers and OpenURL safely in your Unity app)
URL and file handlers associate file types with the installed program that can open the specified file, but they come with risks. For example, when you’re on your local machine and double-click to open a PDF file from your local drive, your operating system refers to its list of file handlers and selects the program assigned for that file type, so your PDF is opened by a program that can display it correctly. File handlers commonly use the file extension (e.g., .pdf – the suffix at the end of the filename) to decide how to handle the file.
URL和文件处理程序将文件类型与可以打开指定文件的已安装程序相关联,但是存在风险。 例如,当您在本地计算机上并双击以从本地驱动器打开PDF文件时,操作系统将参考其文件处理程序列表并选择为该文件类型分配的程序,因此将打开PDF通过可以正确显示它的程序。 文件处理程序通常使用文件扩展名(例如.pdf-文件名末尾的后缀)来决定如何处理文件。
A similar mechanism, the URL handler, decides how to open URLs based on the path prefix. An example of this would be the ubiquitous http:// protocol, which opens your default browser. Another example of a common URL scheme would be file://c:/windows/system32/drivers/gmreadme.txt; entering this URL in the Run dialog will cause Windows to open this license file in Notepad.
URL处理程序是一种类似的机制,它根据路径前缀决定如何打开URL。 例如http://协议,它会打开您的默认浏览器。 常见URL方案的另一个示例是file:// c:/windows/system32/drivers/gmreadme.txt; 在“运行”对话框中输入此URL将导致Windows在记事本中打开此许可证文件。
URL handlers are a useful feature of your operating system that save users time when launching applications. However, this convenient mechanism may occasionally be unsafe.
URL处理程序是操作系统的一项有用功能,可在启动应用程序时节省用户时间。 但是,这种方便的机制有时可能不安全。
为什么URL处理程序对Unity游戏很重要? (Why do URL handlers matter for Unity games?)
The Unity Editor and Unity Runtime support programmatic use of URL handlers, both through their use of the .NET Framework, but also through a specific Unity scripting API, namely Application.OpenURL. Game developers often use OpenUrl so that when a player clicks a link in the game, it launches the local system’s web browser. However, if the game developer does not properly sanitize what is passed into Application.OpenURL, their player could be at risk.
Unity Editor和Unity Runtime通过使用.NET Framework以及通过特定的Unity脚本API(即Application.OpenURL)来支持URL处理程序的编程使用。 游戏开发人员经常使用OpenUrl,以便当玩家单击游戏中的链接时,它将启动本地系统的Web浏览器。 但是,如果游戏开发人员没有正确清理传递给Application.OpenURL的内容,则其播放器可能会面临危险。
This scripting API is not inherently unsafe, but in any case where untrusted input is used as part of the URL that’s passed in, you need to take care.
该脚本API并非天生就不安全,但是在任何情况下,如果将不可信的输入用作传入URL的一部分,则需要注意。
注意:不受信任的输入 (Note: Untrusted input)
Untrusted input/data is any data that does not come from a trusted source. So then, what is a trusted source? Within the context of this article, only your endpoints with strict HTTPS enabled should be considered trusted.
不受信任的输入/数据是任何不是来自受信任源的数据。 那么,什么是可信来源? 在本文的上下文中,只有 启用 了 严格HTTPS 的端点才 应视为受信任的 端点 。
There are many examples of untrusted input. If you are designing an anti-cheat system, the player’s local file system should be considered untrusted. If you are developing a multiplayer game, all the players should be considered untrusted.
有许多不可信输入的示例。 如果要设计反作弊系统,则应将播放器的本地文件系统视为不可信的。 如果您正在开发多人游戏,则应将所有玩家视为不受信任的人。
There are other ways to protect data/input by leveraging things like public-private key encryption, but those are beyond the scope of this article. (Leave a comment if you’re interested in learning more about this.)
还有其他一些方法可以利用公共/私有密钥加密之类的东西来保护数据/输入,但这不在本文讨论范围之内。 (如果您有兴趣了解更多关于此的信息,请发表评论。)
利用URL处理和不安全使用 (Exploiting URL handling and unsafe usage)
While these handlers provide great convenience to users, they carry inherent risks. Here’s an example of unsafe use of Application.OpenURL:
尽管这些处理程序为用户提供了极大的便利,但它们具有固有的风险。 这是不安全使用Application.OpenURL的示例:
|
1
2
3
4
5
6
7
8
9
|
using UnityEngine;
using System.Collections;
public class VulnerableBrowserClass: MonoBehaviour {
// Pass in URL from link a player clicked on from our game forums
void OpenBrowser(string url_from_chat) {
Application.OpenURL(url_from_chat); // ←- Badness here; value isn’t sanitized
}
}
|
|
1
2
3
4
5
6
7
8
9
|
using UnityEngine ;
using System . Collections ;
public class VulnerableBrowserClass : MonoBehaviour {
// Pass in URL from link a player clicked on from our game forums
void OpenBrowser ( string url_from_chat ) {
Application . OpenURL ( url_from_chat ) ; // ←- Badness here; value isn’t sanitized
}
}
|
Figure 1. Example of unsafe use of Application.OpenURL
图1.不安全使用Application.OpenURL的示例
In this example, the in-game commenting system allows users to share links; when a user clicks a link, the VulnerableBrowserClass.OpenBrowser function is called.
在此示例中,游戏中评论系统允许用户共享链接。 当用户单击链接时,将调用VulnerableBrowserClass.OpenBrowser函数。
Figure 2. Sample scenario with a potentially dangerous link
图2.带有潜在危险链接的示例场景
You can see how easy it is to send an unsuspecting user a link to a potentially dangerous application (Figure 2). If that URL is passed directly to Application.OpenURL, as shown in Figure 1, the victim’s machine will immediately run the application at that link, potentially allowing an attacker to take control of the victim’s system.
您可以看到向毫无戒心的用户发送指向潜在危险应用程序的链接有多么容易(图2)。 如果将该URL直接传递给 Application.OpenURL ,如图1所示,受害人的计算机将立即在该链接上运行该应用程序,从而可能使攻击者控制受害人的系统。
In the image above, the attacker could format the link above to show up as https://SuperLeetCheats.com/VulnTheGame in the chat window, but have the actual link go to their malware at: file://leethaxorz.net/super_malware.exe. The problem here isn’t that users can send each other links; the problem lies in taking the links sent by a user (potentially the attacker) and passing them directly to Application.OpenURL without any validation or sanitization, as seen in the code sample above (Figure 1). Without that sanitization, clicking the link above would cause the Unity Editor to hand the file directly to the target player’s OS, likely resulting in execution of the attacker’s malware.
在上图中,攻击者可以格式化上面的链接,以 在聊天窗口中 显示为 https://SuperLeetCheats.com/VulnTheGame ,但实际的链接指向其恶意软件, 网址 为: file://leethaxorz.net/super_malware .exe 。 这里的问题不是用户可以互相发送链接; 问题出在获取用户(可能是攻击者)发送的链接并将它们直接传递给 Application.OpenURL 而不进行任何验证或清理,如上面的代码示例所示(图1)。 如果不进行这种清理,则单击上面的链接将导致Unity Editor将文件直接移交给目标播放器的OS,这可能导致攻击者的恶意软件被执行。
如何降低风险? (How do I mitigate the risk?)
The safest way to use Application.OpenURL is to never use it with any untrusted data. Use it only to open URLs that come from your developers or servers, and over a trusted transport (i.e., HTTPS).
使用 Application.OpenURL 的最安全方法 是永远不要将其与任何 不受信任的 数据一起使用。 仅使用它打开来自开发人员或服务器的URL,并通过受信任的传输(即HTTPS)打开URL。
If you use remote configurations (e.g., you host a list of content URLs for new updates), then ensure this data is retrieved only via HTTPS, with strict enforcement. Always retrieve remote content in this manner.
如果使用远程配置(例如,托管用于新更新的内容URL列表),请确保仅通过HTTPS 严格执行 才能检索此数据 。 始终以这种方式检索远程内容。
Note: HTTPS won’t fix any vulnerabilities in your app due to untrusted/unsanitized input as described in the attack above. It will, however, ensure the data you send to your player hasn’t been tampered with during transport.
注意:由于上述攻击中所述的不可信/不正确输入,HTTPS无法修复您应用中的任何漏洞。 但是,它将确保在传输过程中您发送给播放器的数据没有被篡改。
If you’ve decided that you absolutely need to use OpenUrl with data from untrusted sources, then you must do your best to sanitize the input you receive from the untrusted source. There are a few ways to do this, such as with regex pattern matching, building URLs via .Net libraries, or leveraging external sanitization libraries. However, none of these mitigations will work 100% of the time, and no matter what solution you choose, some potential risk is assumed if Application.OpenUrl (and similar functions) is used with untrusted data.
如果您确定绝对需要对 不受信任来源的数据 使用 OpenUrl ,则必须尽力 清除 从不受信任来源获得的输入。 有几种方法可以做到这一点,例如使用正则表达式模式匹配,通过.Net库构建URL或利用外部清理库。 但是,这些缓解措施均不能100%地起作用,并且无论您选择哪种解决方案,如果将 Application.OpenUrl (和类似功能)用于不受信任的数据, 都将承担一些潜在的风险 。
Further, as shown in Figure 2 above, there’s no way for users to know what URL is behind that link. At a minimum, give users a prompt with the full URL they’re about to visit. But you should not consider this a robust solution, as users are known to click through any prompt put in front of them blindly.
此外,如上面的图2所示,用户无法知道该链接后面的URL。 至少给用户一个提示,提示他们要访问的完整URL。 但是,您不应认为这是一个可靠的解决方案,因为众所周知,用户会盲目点击显示在其前面的任何提示。
为什么要打扰OpenURL和文件处理程序? (Why bother with OpenURL and file handlers?)
Using OpenURL and file handlers is very common for developers, particularly with rich media applications and social media-like features, such as in-game chat, reviews, and comments, where users typically want to share content that resides outside the game on the internet. Further, there are common productivity scenarios, such as editing a config file, where you may want to pass a link to the OS, opening the user’s preferred code editing application as a convenience to the user. Application.OpenURL is a platform-independent API to support file handlers, saving Unity developers from having to write their own handlers for every platform.
对于开发人员来说,使用OpenURL和文件处理程序非常普遍,尤其是在富媒体应用程序和类似社交媒体的功能(例如游戏中聊天,评论和评论)时,用户通常希望在Internet上共享游戏之外的内容。 此外,还有一些常见的生产力方案,例如编辑配置文件,您可能希望将链接传递到OS,为方便用户而打开用户首选的代码编辑应用程序。 Application.OpenURL是独立于平台的API,用于支持文件处理程序,从而使Unity开发人员不必为每个平台编写自己的处理程序。
这是Unity编辑器和运行时所独有的吗? (Is this unique to the Unity Editor and Runtime?)
No. As described above, this is a common functionality in most operating systems and is supported by many languages and frameworks. Be mindful of the use of the Windows API Windows.System.LauchURIAsync (for Universal Windows Platform [UWP] apps), or the dreaded System.Diagnostics.Process.Start; both of these native .Net libraries provide the same functionality as Application.OpenURL. LaunchURIAsync allows for launching applications from within Windows’ secure application sandbox, and Process.Start can be used to launch any executable on the local system. Further, some native OS calls provide the same functionality, such as Apple’s open(_:options:completionHandler:). All of these types of APIs can be easily abused if untrusted, unsanitized inputs are passed into these APIs.
否。如上所述,这是大多数操作系统中的常用功能,并且受许多语言和框架支持。 注意使用Windows API Windows.System.LauchURIAsync (适用于Universal Windows Platform [UWP]应用程序)或可怕的 System.Diagnostics.Process.Start ; 这两个本机.Net库都提供与 Application.OpenURL 相同的功能 。 LaunchURIAsync 允许从Windows的安全应用程序沙箱中启动应用程序,而 Process.Start 可用于启动本地系统上的任何可执行文件。 此外,某些本机OS调用提供了相同的功能,例如Apple的 open(_:options:completionHandler :) 。 如果将不可信的,未经处理的输入传递到这些API中,那么所有这些类型的API都很容易被滥用。
下一步是什么? (What’s next?)
We will be posting articles here periodically on topics critical to practicing and maintaining security best practices when developing with Unity. Upcoming topics include secure transport for game data and democratizing the secure software development lifecycle (SSDLC). We’re also working to open source some of our internal guidance and security tooling.
我们将在这里定期发布有关在使用Unity开发时对于实践和维护安全最佳实践至关重要的主题的文章。 即将到来的主题包括游戏数据的安全传输和使安全软件开发生命周期(SSDLC)民主化。 我们还致力于开源一些内部指导和安全工具。
Is there a security topic you’d like to know more about in a future article? Drop us a line!
您是否希望在以后的文章中进一步了解安全主题? 给我们留言!
Find out more about Unity Security, including security advisories.
查找有关 Unity Security的 更多信息 ,包括安全公告。
翻译自: https://blogs.unity3d.com/2019/11/06/how-to-use-url-handlers-and-openurl-safely-in-your-unity-app/
unity openurl
6385
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
