Feature/improvesecuritypipeline#1883
Merged
Merged
Conversation
- Addressed CS0108 compiler warnings in `ResidueTemplate.cs` and `MappingTemplate.cs` by removing duplicate field declarations that inadvertently hid inherited base class fields. This also fixes the underlying bug where the base fields were left uninitialized. - Upgraded CodeQL Actions in the `CodeAndSecurityValidation.yml` workflow from v3 to v4 to resolve the upcoming deprecation warning. - Added an `on.push` hook to the workflow to satisfy GitHub's Code Scanning requirements for the default branch. - Explicitly set `build-mode: manual` in the CodeQL initialization step to fix the "undefined build-mode" warning, correctly reflecting that the C# libraries are built manually via MSBuild.
- Added the `new` keyword to all public fields in `Line1024X27Class1` and `Line1024X27Class2` to explicitly hide inherited members from the `IStaticCodeBook` base class. - This resolves the "hides inherited member" compiler warnings caught during the Code and Security Validation pipeline and brings these files in line with the rest of the auto-generated static code book classes.
…ession DLL - Fixed a path traversal / Zip Slip vulnerability in `AssetsManager.cs` where malicious `.split` zip entry names could escape the target directory. Validation against `zipBasePath` is now correctly applied to all zip entries before processing. - Fixed a bug where `.split` files were being resolved relative to `Environment.CurrentDirectory` instead of the original zip file's directory. - Removed the dead `LoadZipFile` method and its commented-out call from `AssetsManager.cs` to eliminate false positives in static analysis scanners. - Cleaned up the unused `System.IO.Compression` import in `AssetsManager.cs`. - Deleted `System.IO.Compression.dll` and its `.meta` file from `Assets/Plugins`. Unity 2019.4 natively includes this assembly, and having a duplicate in the plugins folder caused "Loading assembly failed" conflicts in Unity Explorer.
Component GUI Layer in Camera for Scene Assets/Scenes/Game.unity is no longer available. It will be removed after you edit this GameObject and save the Scene. UnityEditor.EditorApplication:Internal_CallUpdateFunctions () Component at index 3 could not be loaded when loading game object 'Camera'. Removing it! UnityEditor.EditorApplication:Internal_CallUpdateFunctions ()
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR addresses several security vulnerabilities, compiler warnings, and outdated editor references to improve the overall pipeline health and security of the project.
Security / CodeQL Fixes
AssetsManager.cs):.splitzip entry names could potentially escape the target extraction directory. All zip entries are now correctly validated against the base extraction directory (zipBasePath) before processing..splitfiles were incorrectly being resolved relative toEnvironment.CurrentDirectoryinstead of the original zip file's directory.LoadZipFilemethod and its commented-out call fromAssetsManager.csto permanently eliminate false positives in static analysis scanners.C# Compiler Warnings
OggEncoderfloor book templates (e.g.,Line1024X27Class1.cs,Line1024X27Class2.cs,MappingTemplate.cs,ResidueTemplate.cs). Thenewkeyword was properly applied to intentionally hidden properties, yielding cleaner builds without ambiguous hiding warnings.Unity Editor & Environment Cleanup
System.IO.Compression.dll(and its.metafile) fromAssets/Plugins. Unity 2019.4+ natively includes this assembly; keeping the duplicate DLL caused "Loading assembly failed" conflicts in the Unity Explorer.Assets/Scenes/Game.unityand saved the scene to permanently strip out the deprecatedGUILayercomponent reference. This fixes the persistent warning that appeared every time the scene was loaded in the Unity Editor.