First, I fixed some detection issues with hidden code. That should work fine now.
After a ton of fiddling, children should actually be properly resolved (again) regardless of external layer.
The web interface is kinda coming along, you can input asset ids into it now. It’s not pretty, I just want to say I suck at front-end development so this is a challenge. UX is not my thing. Anyways I’ll lay it out here:
Click on the gray area inside of that block to close it.
And that’s really it. The UX is terrible, I’ll admit. But it works for now and I’m fine with that.
This works with assets that have a top level lua source container. This means it probably wont work with plugins or models yet. That is a planned feature though so stay tuned!
The website will now support any asset id and search for scripts anywhere in the model’s hierarchy! This means you can now look through any model or plugin!
I should’ve mentioned that, yeah. All of the source code for the website is available here: GitHub - steven4547466/Rovird-Website (specifically here). This includes the detection api. There’s links to this in the original post, but I should put it here as well. The javascript is so the front end can make requests to the back end api.
Also, the website tracks nothing other than rate limiting information. And it has no persistent storage of anything. Once you click submit the job is deleted off the machine so if you refresh while looking at the results, they will disappear.
You can now upload rbxm’s and rbxmx’s directly to https://rovird.xyz if you want to. Uploaded files are deleted as soon as they are read and processed (assuming no errors occur). I’m not sure if there is actually a use for this, but in case anyone wants it, that option is available.
I just pushed a small update to the API that should fix an issue with some assets causing an error and returning malformed data. That should no longer happen. Though some assets can’t be downloaded, these will be flagged as such.
I was thinking of making a chrome/firefox extension that would be able to scan assets directly from the library. If this is something you’d be interested in, let me know as it’s a bit of a time commitment. Just know with things like extensions it is extremely important you get them from reputable sources. Meaning if/when I do make it, you should only ever go to the link from this post. If you don’t it can possibly be a clone. And as the other things on this project, it will be open source and you will be able to load it from its unpacked state.
Roblox is finally catching on, though I don’t think they scan it for you for malicious code, this still is a big step to protecting your games built right into the engine and studio:
As an aside and follow up to my last comment, I do have a rudimentary extension done, but honestly I don’t know if it’s worth releasing because of the potential negatives extensions come with, but it looks like this right now:
I decided to just put the extension on a github. I don’t really want to pay the fee to put something on the chrome store regardless, so if you want to use this, you’ll have to load it as an unpacked extension.
All it does is add that extra button to the end of the more options tab that was shown in the video in the above comment, and you can inspect the source code.
To download it, click the green Code button and download it as a zip, then extract it. Once you extract it head over to chrome://extensions (if on chrome) click on Load Unpacked and select the folder. Once you do that it should be working.
The button just opens the website in a new tab and automatically searches for it in the library. Perhaps in the future I will make it not directly take you to the website, but for now this should be fine as a quick way to use Rovird directly from the Roblox Library.
Edit (so it doesn’t bump):
I’m aware of a false-positive that happens when you call a function inside of a require. I’m working on good ways to fix this and still detect unwanted requires that may be harmful.
I’ve added a secondary json encoder if the primary json encoder doesn’t work. This means there shouldn’t be issues if roblox’s json encode is encoding things incorrectly. However it is a little slower than roblox’s json encode, which is why it’s only used when it’s needed.
