Mirrors/overte-HifiExperiments
3
0
Fork 0
mirror of https://github.com/HifiExperiments/overte.git synced 2025-06-16 03:48:46 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #6 from kasenvr/feature/whitelist-qml-cpp-ui

Browse source 
Fixes Entity Script Whitelist
This commit is contained in:
Marcus Llewellyn 2019-12-09 17:18:29 -06:00 committed by GitHub
commit 6f2d6ba714
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
libraries/script-engine/src/ScriptEngine.cpp
View file

@ -2363,31 +2363,31 @@ void ScriptEngine::entityScriptContentAvailable(const EntityItemID& entityID, co
} }
} }
else { else {
// IF YOU FUCK UP, DELETE FROM HERE TO... // ENTITY SCRIPT WHITELIST STARTS HERE
QList<QString> safeURLS = { "https://FAKEURL.t43wt4g4g44FAKE" }; QString whitelistPrefix = "[WHITELIST ENTITY SCRIPTS]";
safeURLS += qEnvironmentVariable("EXTRA_WHITELIST").split(QRegExp("\\s*,\\s*"), QString::SkipEmptyParts); QList<QString> safeURLS = { "" };
safeURLS += qEnvironmentVariable("EXTRA_WHITELIST").trimmed().split(QRegExp("\\s*,\\s*"), QString::SkipEmptyParts);
// PULL SAFEURLS FROM INTERFACE.JSON Settings // PULL SAFEURLS FROM INTERFACE.JSON Settings
QVariant raw = Setting::Handle<QVariant>("private/settingsSafeURLS").get(); QVariant raw = Setting::Handle<QVariant>("private/settingsSafeURLS").get();
QStringList settingsSafeURLS = raw.toString().split(QRegExp("\\s*[,\r\n]+\\s*")); QStringList settingsSafeURLS = raw.toString().trimmed().split(QRegExp("\\s*[,\r\n]+\\s*"), QString::SkipEmptyParts);
safeURLS += settingsSafeURLS; safeURLS += settingsSafeURLS;
// END PULL SAFEURLS FROM INTERFACE.JSON Settings // END PULL SAFEURLS FROM INTERFACE.JSON Settings
bool isInWhitelist = false; // assume unsafe bool isInWhitelist = false; // assume unsafe
for (const auto& str : safeURLS) { for (const auto& str : safeURLS) {
// qDebug() << "CHECKING" << entityID.toString() << scriptOrURL << "AGAINST" << str; qCDebug(scriptengine) << whitelistPrefix << "Script URL: " << scriptOrURL << "TESTING AGAINST" << str << "RESULTS IN"
qCDebug(scriptengine) << "Script URL: " << scriptOrURL << "TESTING AGAINST" << str << "RESULTS IN"
<< scriptOrURL.startsWith(str); << scriptOrURL.startsWith(str);
if (scriptOrURL.startsWith(str)) { if (!str.isEmpty() && scriptOrURL.startsWith(str)) {
isInWhitelist = true; isInWhitelist = true;
qCDebug(scriptengine) << "Script approved."; qCDebug(scriptengine) << whitelistPrefix << "Script approved.";
break; // bail early since we found a match break; // bail early since we found a match
} }
} }
if (!isInWhitelist) { if (!isInWhitelist) {
qCDebug(scriptengine) << "(disabled entity script)" << entityID.toString() << scriptOrURL; qCDebug(scriptengine) << whitelistPrefix << "(disabled entity script)" << entityID.toString() << scriptOrURL;
exception = makeError("UNSAFE_ENTITY_SCRIPTS == 0"); exception = makeError("UNSAFE_ENTITY_SCRIPTS == 0");
} else { } else {
QTimer timeout; QTimer timeout;
@ -2410,7 +2410,7 @@ void ScriptEngine::entityScriptContentAvailable(const EntityItemID& entityID, co
exception = testConstructor; exception = testConstructor;
} }
} }
// DELETE UP TO HERE, THEN UNCOMMENT BELOW. // ENTITY SCRIPT WHITELIST ENDS HERE, uncomment below for original full disabling.
// qDebug() << "(disabled entity script)" << entityID.toString() << scriptOrURL; // qDebug() << "(disabled entity script)" << entityID.toString() << scriptOrURL;
// exception = makeError("UNSAFE_ENTITY_SCRIPTS == 0"); // exception = makeError("UNSAFE_ENTITY_SCRIPTS == 0");