Managed to make CPU give up on me EDIT: for multiple people
-
I executed this in the screeps console. In a brilliant display of my high level JS skills, I referenced console.log rather than this.log.
Object.getPrototypeOf(console).warn = function() {
var args = [...arguments];
args.unshift("Warning:");
console.log.apply(undefined, args);
}Now I'm getting this every tick:
-
Seems like others have been getting the same error. I'm officially a hacker and a jerk.
-
Same here. The error just appeared. I didn't change anything.
-
All was well. The world of Screeps was busy with creeps extracting energy and minerals from seemingly infinite sources. Terminals busied themselves, running scheduled loops to replenish stocks for the good of their empire. Creeps roamed, resupplying the STRUCTURE_EXTENSIONs, the first step in reproducing their next generation. Power banks buzzed against flurrys of XUH2O-boosted ATTACK parts. Portals flickered.
Suddenly, time stood still. The mechanical life-force within each Creep, each tower, each link, suddenly ceased as they failed to receive commands from the server. The creeps were helpless. A miner shook its WORK in the air, trying to say() for help but with no success. Nothing worked.
Across the world of Screeps, creeps began to die of old age. Dropped energy was slowly evaporating into the atmosphere, just as commands had evaporated from the universe. It was a fate scarier than a STRUCTURE_NUKER. It was the console EMP.
-
Yeah, this one basically destroyed every creep I have due to renewCreep not being possible to process. Would hope that they will refund energy used to respawn basically everything from scratch.
-
This issue has been resolved, thank you for reporting.
-
Ooooh, this is how you killed my script. It wasn't the node.js upgrade, it was you!
I relied on overriding "console.log" with an improved log function. It seems you turned off the ability to do that as this bug fix and completely killed my code all morning.
Could we perhaps get some notice and have the code pushed to PTR instead of "fixing in production" going forward?
-
It was a major security hotfix. There was a vulnerability that allowed to modify the outer scope
Object
prototype in the way mentioned above in the first post. These modifications leaked to all player scripts on the same runtime node. It is a critical vulnerability, so it had to be fixed ASAP without notice. Sorry for the inconvenience.Can you show a snippet of code of how you override your log function? Simple
console.log = newFunction
approach should not be affected.
-
Here's the error, including a code snippet-
console.log = function (message, severity, group) {
^
TypeError: Cannot assign to read only property 'log' of object '[object Object]'
at sos_console:72:13
at new sosKernel (sos_kernel:16:3)
at Object.wrap (lib_profiler:272:12)
at Object.module.exports.loop (main:108:12)
at __mainLoop:1:52
-
Ah, yes, it’s not
writable
, but it’sconfigurable
, so you could do something like this instead:Object.defineProperty(console, 'log', { value: function(message, severity, group) { ... } });
Anyway, we’ve just made it
writable
as well, so go for that approach you like more.
-
I've already fixed it in code. The problem is that this game becomes significantly more stressful if I have to deal with breaking changes and no notice. I understand that security updates do come up, but I think in cases where you offer literally no chance for us to test things there should be a mechanism in place on your end where you should pick up on people's scripts breaking and attempt to mitigate.
I get you can't go over everyones code when things break, but there should be some sort of monitoring that at least lets you know and alerts you when you push out a change. The error I faced could have been resolved by making console.log writable again (as you did).
For context, if this had happened a few weeks ago while I was at burning man (with no cell phone or computer access) I would have come back to a complete dead empire and probably have rage quit due to the error being completely not my fault.
-
I don't think there will be many security cases like this. It was really a bad one, potentially very harmful vulnerability, there has not been even a single thing like this from the game launch 2 years ago. It's hard to predict all the consequences of how such changes could affect someone with undocumented stuff in player code like overriding the built-in console.log method (personally I think you should really implement your own console layer on top of it rather than modifying built-in game objects). I admit it is very frustrating, and we do our best to publish all important changes to the PTR first, but bad things can happen unfortunately.