Mirrors/overte-HifiExperiments
3
0
Fork 0
mirror of https://github.com/HifiExperiments/overte.git synced 2025-04-05 10:05:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

whitelist -> allowlist

Browse source
This commit is contained in:
HifiExperiments 2024-08-13 17:29:53 -07:00
parent 2876a4d4ea
commit f2d8fa2fe4
28 changed files with 199 additions and 199 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
CMakeLists.txt
View file

@ -148,22 +148,22 @@ endif()
# OVERTE_WARNINGS
#
# Here we add the ability to whitelist warnings we've determined we can't fix, or are safe to
# Here we add the ability to allowlist warnings we've determined we can't fix, or are safe to
# ignore for one reason or another. The way of doing so is compiler-specific, so we deal with
# the detection of that in cmake, and just pass it down to the code from here.
#
# We can also treat warnings as errors. Without the whitelist this will almost certainly lead
# We can also treat warnings as errors. Without the allowlist this will almost certainly lead
# to a build failure.
if(NOT DEFINED OVERTE_WARNINGS_WHITELIST)
set(OVERTE_WARNINGS_WHITELIST true CACHE BOOL "Whitelist some warnings we can't currently fix")
if(NOT DEFINED OVERTE_WARNINGS_ALLOWLIST)
set(OVERTE_WARNINGS_ALLOWLIST true CACHE BOOL "Allowlist some warnings we can't currently fix")
endif()
if(NOT DEFINED OVERTE_WARNINGS_AS_ERRORS)
set(OVERTE_WARNINGS_AS_ERRORS false CACHE BOOL "Count warnings as errors")
endif()
if(OVERTE_WARNINGS_WHITELIST)
if(OVERTE_WARNINGS_ALLOWLIST)
if (NOT WIN32)
set(CMAKE_PLATFORM_INFO_DIR "${CMAKE_CURRENT_BINARY_DIR}")
include(CMakeDetermineCXXCompiler)
@ -171,15 +171,15 @@ if(OVERTE_WARNINGS_WHITELIST)
if (CMAKE_CXX_COMPILER_ID MATCHES "GNU")
message("GCC compiler detected, suppressing some unsolvable warnings.")
add_compile_definitions(OVERTE_WARNINGS_WHITELIST_GCC)
add_compile_definitions(OVERTE_WARNINGS_ALLOWLIST_GCC)
elseif(CMAKE_CXX_COMPILER_ID MATCHES "Clang")
message("Clang compiler detected, suppressing some unsolvable warnings.")
add_compile_definitions(OVERTE_WARNINGS_WHITELIST_CLANG)
add_compile_definitions(OVERTE_WARNINGS_ALLOWLIST_CLANG)
elseif(CMAKE_CXX_COMPILER_ID MATCHES "MSVC" OR (CMAKE_CXX_COMPILER_ID MATCHES "" AND WIN32))
message("Microsoft Visual Studio compiler detected, suppressing some unsolvable warnings.")
add_compile_definitions(OVERTE_WARNINGS_WHITELIST_MSVC)
add_compile_definitions(OVERTE_WARNINGS_ALLOWLIST_MSVC)
else()
message("We don't know yet how to whitelist warnings for ${CMAKE_CXX_COMPILER_ID}")
message("We don't know yet how to allowlist warnings for ${CMAKE_CXX_COMPILER_ID}")
endif()
endif()

12
assignment-client/src/avatars/AvatarMixer.cpp
View file

@ -1058,23 +1058,23 @@ void AvatarMixer::parseDomainServerSettings(const QJsonObject& domainSettings) {
qCDebug(avatars) << "This domain requires a minimum avatar height of" << _domainMinimumHeight
<< "and a maximum avatar height of" << _domainMaximumHeight;
static const QString AVATAR_WHITELIST_OPTION = "avatar_whitelist";
_workerSharedData.skeletonURLWhitelist = avatarMixerGroupObject[AVATAR_WHITELIST_OPTION]
static const QString AVATAR_ALLOWLIST_OPTION = "avatar_allowlist";
_workerSharedData.skeletonURLAllowlist = avatarMixerGroupObject[AVATAR_ALLOWLIST_OPTION]
.toString().split(',', Qt::KeepEmptyParts);
static const QString REPLACEMENT_AVATAR_OPTION = "replacement_avatar";
_workerSharedData.skeletonReplacementURL = avatarMixerGroupObject[REPLACEMENT_AVATAR_OPTION]
.toString();
if (_workerSharedData.skeletonURLWhitelist.count() == 1 && _workerSharedData.skeletonURLWhitelist[0].isEmpty()) {
if (_workerSharedData.skeletonURLAllowlist.count() == 1 && _workerSharedData.skeletonURLAllowlist[0].isEmpty()) {
// KeepEmptyParts above will parse "," as ["", ""] (which is ok), but "" as [""] (which is not ok).
_workerSharedData.skeletonURLWhitelist.clear();
_workerSharedData.skeletonURLAllowlist.clear();
}
if (_workerSharedData.skeletonURLWhitelist.isEmpty()) {
if (_workerSharedData.skeletonURLAllowlist.isEmpty()) {
qCDebug(avatars) << "All avatars are allowed.";
} else {
qCDebug(avatars) << "Avatars other than" << _workerSharedData.skeletonURLWhitelist << "will be replaced by" << (_workerSharedData.skeletonReplacementURL.isEmpty() ? "default" : _workerSharedData.skeletonReplacementURL.toString());
qCDebug(avatars) << "Avatars other than" << _workerSharedData.skeletonURLAllowlist << "will be replaced by" << (_workerSharedData.skeletonReplacementURL.isEmpty() ? "default" : _workerSharedData.skeletonReplacementURL.toString());
}
}

32
assignment-client/src/avatars/AvatarMixerClientData.cpp
View file

@ -221,8 +221,8 @@ void AvatarMixerClientData::processSetTraitsMessage(ReceivedMessage& message,
_avatar->processTrait(traitType, message.read(traitSize));
_lastReceivedTraitVersions[traitType] = packetTraitVersion;
if (traitType == AvatarTraits::SkeletonModelURL) {
// special handling for skeleton model URL, since we need to make sure it is in the whitelist
checkSkeletonURLAgainstWhitelist(workerSharedData, sendingNode, packetTraitVersion);
// special handling for skeleton model URL, since we need to make sure it is in the allowlist
checkSkeletonURLAgainstAllowlist(workerSharedData, sendingNode, packetTraitVersion);
}
anyTraitsChanged = true;
@ -366,30 +366,30 @@ void AvatarMixerClientData::processBulkAvatarTraitsAckMessage(ReceivedMessage& m
}
}
void AvatarMixerClientData::checkSkeletonURLAgainstWhitelist(const WorkerSharedData& workerSharedData,
void AvatarMixerClientData::checkSkeletonURLAgainstAllowlist(const WorkerSharedData& workerSharedData,
Node& sendingNode,
AvatarTraits::TraitVersion traitVersion) {
const auto& whitelist = workerSharedData.skeletonURLWhitelist;
const auto& allowlist = workerSharedData.skeletonURLAllowlist;
if (!whitelist.isEmpty()) {
bool inWhitelist = false;
if (!allowlist.isEmpty()) {
bool inAllowlist = false;
auto avatarURL = _avatar->getSkeletonModelURL();
// The avatar is in the whitelist if:
// 1. The avatar's URL's host matches one of the hosts of the URLs in the whitelist AND
// 2. The avatar's URL's path starts with the path of that same URL in the whitelist
for (const auto& whiteListedPrefix : whitelist) {
auto whiteListURL = QUrl::fromUserInput(whiteListedPrefix);
// check if this script URL matches the whitelist domain and, optionally, is beneath the path
if (avatarURL.host().compare(whiteListURL.host(), Qt::CaseInsensitive) == 0 &&
avatarURL.path().startsWith(whiteListURL.path(), Qt::CaseInsensitive)) {
inWhitelist = true;
// The avatar is in the allowlist if:
// 1. The avatar's URL's host matches one of the hosts of the URLs in the allowlist AND
// 2. The avatar's URL's path starts with the path of that same URL in the allowlist
for (const auto& allowListedPrefix : allowlist) {
auto allowListURL = QUrl::fromUserInput(allowListedPrefix);
// check if this script URL matches the allowlist domain and, optionally, is beneath the path
if (avatarURL.host().compare(allowListURL.host(), Qt::CaseInsensitive) == 0 &&
avatarURL.path().startsWith(allowListURL.path(), Qt::CaseInsensitive)) {
inAllowlist = true;
break;
}
}
if (!inWhitelist) {
if (!inAllowlist) {
// make sure we're not unecessarily overriding the default avatar with the default avatar
if (_avatar->getWireSafeSkeletonModelURL() != workerSharedData.skeletonReplacementURL) {
// we need to change this avatar's skeleton URL, and send them a traits packet informing them of the change

2
assignment-client/src/avatars/AvatarMixerClientData.h
View file

@ -135,7 +135,7 @@ public:
void processSetTraitsMessage(ReceivedMessage& message, const WorkerSharedData& workerSharedData, Node& sendingNode);
void emulateDeleteEntitiesTraitsMessage(const QList<QUuid>& avatarEntityIDs);
void processBulkAvatarTraitsAckMessage(ReceivedMessage& message);
void checkSkeletonURLAgainstWhitelist(const WorkerSharedData& workerSharedData, Node& sendingNode,
void checkSkeletonURLAgainstAllowlist(const WorkerSharedData& workerSharedData, Node& sendingNode,
AvatarTraits::TraitVersion traitVersion);
using TraitsCheckTimestamp = std::chrono::steady_clock::time_point;

2
assignment-client/src/avatars/AvatarMixerWorker.h
View file

@ -97,7 +97,7 @@ class EntityTree;
using EntityTreePointer = std::shared_ptr<EntityTree>;
struct WorkerSharedData {
QStringList skeletonURLWhitelist;
QStringList skeletonURLAllowlist;
QUrl skeletonReplacementURL;
EntityTreePointer entityTree;
};

8
assignment-client/src/entities/EntityServer.cpp
View file

@ -320,11 +320,11 @@ void EntityServer::readAdditionalConfiguration(const QJsonObject& settingsSectio
tree->setWantEditLogging(wantEditLogging);
tree->setWantTerseEditLogging(wantTerseEditLogging);
QString entityScriptSourceWhitelist;
if (readOptionString("entityScriptSourceWhitelist", settingsSectionObject, entityScriptSourceWhitelist)) {
tree->setEntityScriptSourceWhitelist(entityScriptSourceWhitelist);
QString entityScriptSourceAllowlist;
if (readOptionString("entityScriptSourceAllowlist", settingsSectionObject, entityScriptSourceAllowlist)) {
tree->setEntityScriptSourceAllowlist(entityScriptSourceAllowlist);
} else {
tree->setEntityScriptSourceWhitelist("");
tree->setEntityScriptSourceAllowlist("");
}
auto entityEditFilters = DependencyManager::get<EntityEditFilters>();

2
cmake/macros/SetPackagingParameters.cmake
View file

@ -26,7 +26,7 @@ macro(SET_PACKAGING_PARAMETERS)
set_from_env(STABLE_BUILD STABLE_BUILD 0)
set_from_env(PRELOADED_STARTUP_LOCATION PRELOADED_STARTUP_LOCATION "")
set_from_env(PRELOADED_SCRIPT_WHITELIST PRELOADED_SCRIPT_WHITELIST "")
set_from_env(PRELOADED_SCRIPT_ALLOWLIST PRELOADED_SCRIPT_ALLOWLIST "")
set_from_env(BYPASS_SIGNING BYPASS_SIGNING 0)

2
cmake/templates/BuildInfo.h.in
View file

@ -29,7 +29,7 @@ namespace BuildInfo {
const QString BUILD_GLOBAL_SERVICES = "@BUILD_GLOBAL_SERVICES@";
const QString BUILD_TIME = "@BUILD_TIME@";
const QString PRELOADED_STARTUP_LOCATION = "@PRELOADED_STARTUP_LOCATION@";
const QString PRELOADED_SCRIPT_WHITELIST = "@PRELOADED_SCRIPT_WHITELIST@";
const QString PRELOADED_SCRIPT_ALLOWLIST = "@PRELOADED_SCRIPT_ALLOWLIST@";
enum BuildType {
Dev,

22
domain-server/src/DomainServer.cpp
View file

@ -341,17 +341,17 @@ DomainServer::DomainServer(int argc, char* argv[]) :
connect(&_settingsManager, &DomainServerSettingsManager::updateNodePermissions, [this] { _metadata->securityChanged(true); });
qDebug() << "domain-server is running";
static const QString AC_SUBNET_WHITELIST_SETTING_PATH = "security.ac_subnet_whitelist";
static const QString AC_SUBNET_ALLOWLIST_SETTING_PATH = "security.ac_subnet_allowlist";
static const Subnet LOCALHOST { QHostAddress("127.0.0.1"), 32 };
_acSubnetWhitelist = { LOCALHOST };
_acSubnetAllowlist = { LOCALHOST };
auto whitelist = _settingsManager.valueOrDefaultValueForKeyPath(AC_SUBNET_WHITELIST_SETTING_PATH).toStringList();
for (auto& subnet : whitelist) {
auto allowlist = _settingsManager.valueOrDefaultValueForKeyPath(AC_SUBNET_ALLOWLIST_SETTING_PATH).toStringList();
for (auto& subnet : allowlist) {
auto netmaskParts = subnet.trimmed().split("/");
if (netmaskParts.size() > 2) {
qDebug() << "Ignoring subnet in whitelist, malformed: " << subnet;
qDebug() << "Ignoring subnet in allowlist, malformed: " << subnet;
continue;
}
@ -363,7 +363,7 @@ DomainServer::DomainServer(int argc, char* argv[]) :
bool ok;
netmask = netmaskParts[1].toInt(&ok);
if (!ok) {
qDebug() << "Ignoring subnet in whitelist, bad netmask: " << subnet;
qDebug() << "Ignoring subnet in allowlist, bad netmask: " << subnet;
continue;
}
}
@ -371,10 +371,10 @@ DomainServer::DomainServer(int argc, char* argv[]) :
auto ip = QHostAddress(netmaskParts[0]);
if (!ip.isNull()) {
qDebug() << "Adding AC whitelist subnet: " << subnet << " -> " << (ip.toString() + "/" + QString::number(netmask));
_acSubnetWhitelist.push_back({ ip , netmask });
qDebug() << "Adding AC allowlist subnet: " << subnet << " -> " << (ip.toString() + "/" + QString::number(netmask));
_acSubnetAllowlist.push_back({ ip , netmask });
} else {
qDebug() << "Ignoring subnet in whitelist, invalid ip portion: " << subnet;
qDebug() << "Ignoring subnet in allowlist, invalid ip portion: " << subnet;
}
}
@ -1502,8 +1502,8 @@ void DomainServer::processRequestAssignmentPacket(QSharedPointer<ReceivedMessage
return senderAddr.isInSubnet(mask);
};
auto it = find_if(_acSubnetWhitelist.begin(), _acSubnetWhitelist.end(), isHostAddressInSubnet);
if (it == _acSubnetWhitelist.end()) {
auto it = find_if(_acSubnetAllowlist.begin(), _acSubnetAllowlist.end(), isHostAddressInSubnet);
if (it == _acSubnetAllowlist.end()) {
HIFI_FDEBUG("Received an assignment connect request from a disallowed ip address:"
<< senderAddr.toString());
return;

2
domain-server/src/DomainServer.h
View file

@ -251,7 +251,7 @@ private:
QString operationToString(const QNetworkAccessManager::Operation &op);
SubnetList _acSubnetWhitelist;
SubnetList _acSubnetAllowlist;
std::vector<QString> _replicatedUsernames;

4
domain-server/src/DomainServerSettingsManager.cpp
View file

@ -1743,7 +1743,7 @@ bool DomainServerSettingsManager::recurseJSONObjectAndOverwriteSettings(const QJ
QJsonObject postedObject(postedSettingsObject);
static const QString SECURITY_ROOT_KEY = "security";
static const QString AC_SUBNET_WHITELIST_KEY = "ac_subnet_whitelist";
static const QString AC_SUBNET_ALLOWLIST_KEY = "ac_subnet_allowlist";
static const QString BROADCASTING_KEY = "broadcasting";
static const QString WIZARD_KEY = "wizard";
static const QString DESCRIPTION_ROOT_KEY = "descriptors";
@ -1863,7 +1863,7 @@ bool DomainServerSettingsManager::recurseJSONObjectAndOverwriteSettings(const QJ
if ((rootKey != SECURITY_ROOT_KEY && rootKey != BROADCASTING_KEY &&
rootKey != DESCRIPTION_ROOT_KEY && rootKey != WIZARD_KEY) ||
settingKey == AC_SUBNET_WHITELIST_KEY) {
settingKey == AC_SUBNET_ALLOWLIST_KEY) {
needRestart = true;
}
} else {

66
interface/resources/qml/hifi/dialogs/security/EntityScriptQMLWhitelist.qml → interface/resources/qml/hifi/dialogs/security/EntityScriptQMLAllowlist.qml
View file

@ -1,5 +1,5 @@
//
// EntityScriptQMLWhitelist.qml
// EntityScriptQMLAllowlist.qml
// interface/resources/qml/hifi/dialogs/security
//
// Created by Kalila L. on 2019.12.05 | realities.dev | somnilibertas@gmail.com
@ -8,7 +8,7 @@
// Distributed under the Apache License, Version 2.0.
// See the accompanying file LICENSE or http://www.apache.org/licenses/LICENSE-2.0.html
//
// Security Settings for the Entity Script QML Whitelist
// Security Settings for the Entity Script QML Allowlist
import Hifi 1.0 as Hifi
import QtQuick 2.8
@ -23,25 +23,25 @@ import "../../../windows"
Rectangle {
id: parentBody;
function getWhitelistAsText() {
var whitelist = Settings.getValue("private/settingsSafeURLS");
var arrayWhitelist = whitelist.split(",").join("\n");
return arrayWhitelist;
function getAllowlistAsText() {
var allowlist = Settings.getValue("private/settingsSafeURLS");
var arrayAllowlist = allowlist.split(",").join("\n");
return arrayAllowlist;
}
function setWhitelistAsText(whitelistText) {
Settings.setValue("private/settingsSafeURLS", whitelistText.text);
function setAllowlistAsText(allowlistText) {
Settings.setValue("private/settingsSafeURLS", allowlistText.text);
var originalSetString = whitelistText.text;
var originalSetString = allowlistText.text;
var originalSet = originalSetString.split(' ').join('');
var check = Settings.getValue("private/settingsSafeURLS");
var arrayCheck = check.split(",").join("\n");
setWhitelistSuccess(arrayCheck === originalSet);
setAllowlistSuccess(arrayCheck === originalSet);
}
function setWhitelistSuccess(success) {
function setAllowlistSuccess(success) {
if (success) {
notificationText.text = "Successfully saved settings.";
} else {
@ -49,20 +49,20 @@ Rectangle {
}
}
function toggleWhitelist(enabled) {
Settings.setValue("private/whitelistEnabled", enabled);
console.info("Toggling Whitelist to:", enabled);
function toggleAllowlist(enabled) {
Settings.setValue("private/allowlistEnabled", enabled);
console.info("Toggling Allowlist to:", enabled);
}
function initCheckbox() {
var check = Settings.getValue("private/whitelistEnabled", false);
var check = Settings.getValue("private/allowlistEnabled", false);
if (check) {
whitelistEnabled.toggle();
allowlistEnabled.toggle();
}
}
anchors.fill: parent
width: parent.width;
height: 120;
@ -70,7 +70,7 @@ Rectangle {
HifiStylesUit.RalewayRegular {
id: titleText;
text: "Entity Script / QML Whitelist"
text: "Entity Script / QML Allowlist"
// Text size
size: 24;
// Style
@ -89,13 +89,13 @@ Rectangle {
initCheckbox();
}
id: whitelistEnabled;
id: allowlistEnabled;
anchors.right: parent.right;
anchors.top: parent.top;
anchors.topMargin: 10;
onToggled: {
toggleWhitelist(whitelistEnabled.checked)
toggleAllowlist(allowlistEnabled.checked)
}
Label {
@ -115,7 +115,7 @@ Rectangle {
width: parent.width;
height: 250;
anchors.top: titleText.bottom;
ScrollView {
id: textAreaScrollView
anchors.fill: parent;
@ -126,8 +126,8 @@ Rectangle {
clip: false;
TextArea {
id: whitelistTextArea
text: getWhitelistAsText();
id: allowlistTextArea
text: getAllowlistAsText();
onTextChanged: notificationText.text = "";
width: parent.width;
height: parent.height;
@ -136,7 +136,7 @@ Rectangle {
color: "white";
}
}
Button {
id: saveChanges
anchors.topMargin: 5;
@ -155,8 +155,8 @@ Rectangle {
elide: Text.ElideRight
}
text: "Save Changes"
onClicked: setWhitelistAsText(whitelistTextArea)
onClicked: setAllowlistAsText(allowlistTextArea)
HifiStylesUit.RalewayRegular {
id: notificationText;
text: ""
@ -170,15 +170,15 @@ Rectangle {
anchors.rightMargin: 10;
}
}
HifiStylesUit.RalewayRegular {
id: descriptionText;
text:
"The whitelist checks scripts and QML as they are loaded.<br/>
text:
"The allowlist checks scripts and QML as they are loaded.<br/>
Therefore, if a script is cached or has no reason to load again,<br/>
removing it from the whitelist will have no effect until<br/>
removing it from the allowlist will have no effect until<br/>
it is reloaded.<br/>
Separate your whitelisted domains by line, not commas. e.g.
Separate your allowlisted domains by line, not commas. e.g.
<blockquote>
<b>https://google.com/</b><br/>
<b>hifi://the-spot/</b><br/>
@ -186,7 +186,7 @@ Rectangle {
<b>https://mydomain.here/</b>
</blockquote>
Ensure there are no spaces or whitespace.<br/><br/>
For QML files, you can only whitelist each file individually<br/>
For QML files, you can only allowlist each file individually<br/>
ending with '.qml'."
// Text size
size: 16;

26
interface/resources/qml/hifi/dialogs/security/ScriptSecurity.qml
View file

@ -5,7 +5,7 @@
// Created by dr Karol Suprynowicz on 2024/03/24.
// Copyright 2024 Overte e.V.
//
// Based on EntityScriptQMLWhitelist.qml
// Based on EntityScriptQMLAllowlist.qml
// Created by Kalila L. on 2019.12.05 | realities.dev | somnilibertas@gmail.com
// Copyright 2019 Kalila L.
//
@ -27,15 +27,15 @@ import "../../../windows"
Rectangle {
id: parentBody;
function getWhitelistAsText() {
var whitelist = Settings.getValue("private/scriptPermissionGetAvatarURLSafeURLs");
var arrayWhitelist = whitelist.replace(",", "\n");
return arrayWhitelist;
function getAllowlistAsText() {
var allowlist = Settings.getValue("private/scriptPermissionGetAvatarURLSafeURLs");
var arrayAllowlist = allowlist.replace(",", "\n");
return arrayAllowlist;
}
function setWhitelistAsText(whitelistText) {
Settings.setValue("private/scriptPermissionGetAvatarURLSafeURLs", whitelistText.text);
notificationText.text = "Whitelist saved.";
function setAllowlistAsText(allowlistText) {
Settings.setValue("private/scriptPermissionGetAvatarURLSafeURLs", allowlistText.text);
notificationText.text = "Allowlist saved.";
}
function setAvatarProtection(enabled) {
@ -65,7 +65,7 @@ Rectangle {
height: 60;
CheckBox {
id: whitelistEnabled;
id: allowlistEnabled;
checked: Settings.getValue("private/scriptPermissionGetAvatarURLEnable", true);
@ -73,7 +73,7 @@ Rectangle {
anchors.top: parent.top;
anchors.topMargin: 10;
onToggled: {
setAvatarProtection(whitelistEnabled.checked)
setAvatarProtection(allowlistEnabled.checked)
}
Label {
@ -104,8 +104,8 @@ Rectangle {
clip: false;
TextArea {
id: whitelistTextArea
text: getWhitelistAsText();
id: allowlistTextArea
text: getAllowlistAsText();
onTextChanged: notificationText.text = "";
width: parent.width;
height: parent.height;
@ -133,7 +133,7 @@ Rectangle {
elide: Text.ElideRight
}
text: "Save Changes"
onClicked: setWhitelistAsText(whitelistTextArea)
onClicked: setAllowlistAsText(allowlistTextArea)
HifiStylesUit.RalewayRegular {
id: notificationText;

8
interface/src/Application.cpp
View file

@ -3293,9 +3293,9 @@ void Application::initializeUi() {
{
auto defaultUrlValidator = OffscreenQmlSurface::getUrlValidator();
auto newValidator = [=](const QUrl& url) -> bool {
QString whitelistPrefix = "[WHITELIST ENTITY SCRIPTS]";
QString allowlistPrefix = "[ALLOWLIST ENTITY SCRIPTS]";
QList<QString> safeURLS = { "" };
safeURLS += qEnvironmentVariable("EXTRA_WHITELIST").trimmed().split(QRegExp("\\s*,\\s*"), Qt::SkipEmptyParts);
safeURLS += qEnvironmentVariable("EXTRA_ALLOWLIST").trimmed().split(QRegExp("\\s*,\\s*"), Qt::SkipEmptyParts);
// PULL SAFEURLS FROM INTERFACE.JSON Settings
@ -3332,7 +3332,7 @@ void Application::initializeUi() {
QmlContextCallback platformInfoCallback = [](QQmlContext* context) {
context->setContextProperty("PlatformInfo", new PlatformInfoScriptingInterface());
};
OffscreenQmlSurface::addWhitelistContextHandler({
OffscreenQmlSurface::addAllowlistContextHandler({
QUrl{ "hifi/tablet/TabletAddressDialog.qml" },
QUrl{ "hifi/Card.qml" },
QUrl{ "hifi/Pal.qml" },
@ -3342,7 +3342,7 @@ void Application::initializeUi() {
QmlContextCallback ttsCallback = [](QQmlContext* context) {
context->setContextProperty("TextToSpeech", DependencyManager::get<TTSScriptingInterface>().data());
};
OffscreenQmlSurface::addWhitelistContextHandler({
OffscreenQmlSurface::addAllowlistContextHandler({
QUrl{ "hifi/tts/TTS.qml" }
}, ttsCallback);
qmlRegisterType<ResourceImageItem>("Hifi", 1, 0, "ResourceImageItem");

6
interface/src/Menu.cpp
View file

@ -310,13 +310,13 @@ Menu::Menu() {
}
});
// Settings > Entity Script / QML Whitelist
action = addActionToQMenuAndActionHash(settingsMenu, "Entity Script / QML Whitelist");
// Settings > Entity Script / QML Allowlist
action = addActionToQMenuAndActionHash(settingsMenu, "Entity Script / QML Allowlist");
connect(action, &QAction::triggered, [] {
auto tablet = DependencyManager::get<TabletScriptingInterface>()->getTablet("com.highfidelity.interface.tablet.system");
auto hmd = DependencyManager::get<HMDScriptingInterface>();
tablet->pushOntoStack("hifi/dialogs/security/EntityScriptQMLWhitelist.qml");
tablet->pushOntoStack("hifi/dialogs/security/EntityScriptQMLAllowlist.qml");
if (!hmd->getShouldShowTablet()) {
hmd->toggleShouldShowTablet();

2
interface/src/Menu.h
View file

@ -189,7 +189,7 @@ namespace MenuOption {
const QString RunningScripts = "Running Scripts...";
const QString RunTimingTests = "Run Timing Tests";
const QString ScriptedMotorControl = "Enable Scripted Motor Control";
const QString EntityScriptQMLWhitelist = "Entity Script / QML Whitelist";
const QString EntityScriptQMLAllowlist = "Entity Script / QML Allowlist";
const QString ScriptSecurity = "Script Security";
const QString ShowTrackedObjects = "Show Tracked Objects";
const QString SelfieCamera = "Selfie";

6
interface/src/raypick/CollisionPick.cpp
View file

@ -408,9 +408,9 @@ CollisionRegion CollisionPick::getMathematicalPick() const {
void CollisionPick::filterIntersections(std::vector<ContactTestResult>& intersections) const {
const QVector<QUuid>& ignoreItems = getIgnoreItems();
const QVector<QUuid>& includeItems = getIncludeItems();
bool isWhitelist = !includeItems.empty();
bool isAllowlist = !includeItems.empty();
if (!isWhitelist && ignoreItems.empty()) {
if (!isAllowlist && ignoreItems.empty()) {
return;
}
@ -420,7 +420,7 @@ void CollisionPick::filterIntersections(std::vector<ContactTestResult>& intersec
for (int i = 0; i < n; i++) {
auto& intersection = intersections[i];
const QUuid& id = intersection.foundID;
if (!ignoreItems.contains(id) && (!isWhitelist || includeItems.contains(id))) {
if (!ignoreItems.contains(id) && (!isAllowlist || includeItems.contains(id))) {
filteredIntersections.push_back(intersection);
}
}

4
interface/src/ui/InteractiveWindow.cpp
View file

@ -221,8 +221,8 @@ InteractiveWindow::InteractiveWindow(const QString& sourceUrl, const QVariantMap
Application::setupQmlSurface(quickView->rootContext(), true);
//add any whitelisted callbacks
OffscreenUi::applyWhiteList(sourceUrl, quickView->rootContext());
//add any allowlisted callbacks
OffscreenUi::applyAllowList(sourceUrl, quickView->rootContext());
/*@jsdoc
* Configures how a <code>NATIVE</code> window is displayed.

36
libraries/entities/src/EntityTree.cpp
View file

@ -65,8 +65,8 @@ EntityTree::~EntityTree() {
//eraseAllOctreeElements(false); // KEEP THIS
}
void EntityTree::setEntityScriptSourceWhitelist(const QString& entityScriptSourceWhitelist) {
_entityScriptSourceWhitelist = entityScriptSourceWhitelist.split(',', Qt::SkipEmptyParts);
void EntityTree::setEntityScriptSourceAllowlist(const QString& entityScriptSourceAllowlist) {
_entityScriptSourceAllowlist = entityScriptSourceAllowlist.split(',', Qt::SkipEmptyParts);
}
@ -1411,17 +1411,17 @@ void EntityTree::bumpTimestamp(EntityItemProperties& properties) { //fixme put c
properties.setLastEdited(properties.getLastEdited() + LAST_EDITED_SERVERSIDE_BUMP);
}
bool EntityTree::isScriptInWhitelist(const QString& scriptProperty) {
bool EntityTree::isScriptInAllowlist(const QString& scriptProperty) {
// grab a URL representation of the entity script so we can check the host for this script
auto entityScriptURL = QUrl::fromUserInput(scriptProperty);
for (const auto& whiteListedPrefix : _entityScriptSourceWhitelist) {
auto whiteListURL = QUrl::fromUserInput(whiteListedPrefix);
for (const auto& allowListedPrefix : _entityScriptSourceAllowlist) {
auto allowListURL = QUrl::fromUserInput(allowListedPrefix);
// check if this script URL matches the whitelist domain and, optionally, is beneath the path
if (entityScriptURL.host().compare(whiteListURL.host(), Qt::CaseInsensitive) == 0 &&
entityScriptURL.path().startsWith(whiteListURL.path(), Qt::CaseInsensitive)) {
// check if this script URL matches the allowlist domain and, optionally, is beneath the path
if (entityScriptURL.host().compare(allowListURL.host(), Qt::CaseInsensitive) == 0 &&
entityScriptURL.path().startsWith(allowListURL.path(), Qt::CaseInsensitive)) {
return true;
}
}
@ -1504,18 +1504,18 @@ int EntityTree::processEditPacketData(ReceivedMessage& message, const unsigned c
}
}
if (validEditPacket && !_entityScriptSourceWhitelist.isEmpty()) {
if (validEditPacket && !_entityScriptSourceAllowlist.isEmpty()) {
bool wasDeletedBecauseOfClientScript = false;
// check the client entity script to make sure its URL is in the whitelist
// check the client entity script to make sure its URL is in the allowlist
if (!properties.getScript().isEmpty()) {
bool clientScriptPassedWhitelist = isScriptInWhitelist(properties.getScript());
bool clientScriptPassedAllowlist = isScriptInAllowlist(properties.getScript());
if (!clientScriptPassedWhitelist) {
if (!clientScriptPassedAllowlist) {
if (wantEditLogging()) {
qCDebug(entities) << "User [" << senderNode->getUUID()
<< "] attempting to set entity script not on whitelist, edit rejected";
<< "] attempting to set entity script not on allowlist, edit rejected";
}
// If this was an add, we also want to tell the client that sent this edit that the entity was not added.
@ -1530,20 +1530,20 @@ int EntityTree::processEditPacketData(ReceivedMessage& message, const unsigned c
}
}
// check all server entity scripts to make sure their URLs are in the whitelist
// check all server entity scripts to make sure their URLs are in the allowlist
if (!properties.getServerScripts().isEmpty()) {
bool serverScriptPassedWhitelist = isScriptInWhitelist(properties.getServerScripts());
bool serverScriptPassedAllowlist = isScriptInAllowlist(properties.getServerScripts());
if (!serverScriptPassedWhitelist) {
if (!serverScriptPassedAllowlist) {
if (wantEditLogging()) {
qCDebug(entities) << "User [" << senderNode->getUUID()
<< "] attempting to set server entity script not on whitelist, edit rejected";
<< "] attempting to set server entity script not on allowlist, edit rejected";
}
// If this was an add, we also want to tell the client that sent this edit that the entity was not added.
if (isAdd) {
// Make sure we didn't already need to send back a delete because the client script failed
// the whitelist check
// the allowlist check
if (!wasDeletedBecauseOfClientScript) {
QWriteLocker locker(&_recentlyDeletedEntitiesLock);
_recentlyDeletedEntityItemIDs.insert(usecTimestampNow(), entityItemID);

6
libraries/entities/src/EntityTree.h
View file

@ -63,7 +63,7 @@ public:
void setEntityMaxTmpLifetime(float maxTmpEntityLifetime) { _maxTmpEntityLifetime = maxTmpEntityLifetime; }
void setEntityScriptSourceWhitelist(const QString& entityScriptSourceWhitelist);
void setEntityScriptSourceAllowlist(const QString& entityScriptSourceAllowlist);
/// Implements our type specific root element factory
virtual OctreeElementPointer createNewElement(unsigned char* octalCode = NULL) override;
@ -300,7 +300,7 @@ protected:
void notifyNewlyCreatedEntity(const EntityItem& newEntity, const SharedNodePointer& senderNode);
bool isScriptInWhitelist(const QString& scriptURL);
bool isScriptInAllowlist(const QString& scriptURL);
QReadWriteLock _newlyCreatedHooksLock;
QVector<NewlyCreatedEntityHook*> _newlyCreatedHooks;
@ -363,7 +363,7 @@ protected:
bool filterProperties(const EntityItemPointer& existingEntity, EntityItemProperties& propertiesIn, EntityItemProperties& propertiesOut, bool& wasChanged, FilterType filterType) const;
bool _hasEntityEditFilter{ false };
QStringList _entityScriptSourceWhitelist;
QStringList _entityScriptSourceAllowlist;
MovingEntitiesOperator _entityMover;
QHash<EntityItemID, EntityItemPointer> _entitiesToAdd;

16
libraries/script-engine/src/ScriptGatekeeper.cpp
View file

@ -19,21 +19,21 @@ void ScriptGatekeeper::initialize() {
return;
}
QVariant rawCurrentWhitelistValues = Setting::Handle<QVariant>(SCRIPT_WHITELIST_ENTRIES_KEY).get();
QString settingsSafeValues = rawCurrentWhitelistValues.toString();
QVariant rawCurrentAllowlistValues = Setting::Handle<QVariant>(SCRIPT_ALLOWLIST_ENTRIES_KEY).get();
QString settingsSafeValues = rawCurrentAllowlistValues.toString();
Setting::Handle<bool> whitelistEnabled { SCRIPT_WHITELIST_ENABLED_KEY, false };
Setting::Handle<bool> allowlistEnabled { SCRIPT_ALLOWLIST_ENABLED_KEY, false };
Setting::Handle<bool> isFirstRun { Settings::firstRun, true };
QString preloadedVal = BuildInfo::PRELOADED_SCRIPT_WHITELIST;
QString preloadedVal = BuildInfo::PRELOADED_SCRIPT_ALLOWLIST;
if (settingsSafeValues.isEmpty() && !preloadedVal.isEmpty() && isFirstRun.get()) {
// We assume that the whitelist should be enabled if a preloaded whitelist is attached, so we activate it if it's not already active.
if (!whitelistEnabled.get()) {
whitelistEnabled.set(true);
// We assume that the allowlist should be enabled if a preloaded allowlist is attached, so we activate it if it's not already active.
if (!allowlistEnabled.get()) {
allowlistEnabled.set(true);
}
Setting::Handle<QVariant>(SCRIPT_WHITELIST_ENTRIES_KEY).set(preloadedVal);
Setting::Handle<QVariant>(SCRIPT_ALLOWLIST_ENTRIES_KEY).set(preloadedVal);
}
_initialized = true;

6
libraries/script-engine/src/ScriptGatekeeper.h
View file

@ -17,14 +17,14 @@
#include <QtCore/QObject>
/// Manages script whitelisting in a domain
/// Manages script allowlisting in a domain
class ScriptGatekeeper : public QObject {
Q_OBJECT
public:
void initialize();
QString SCRIPT_WHITELIST_ENABLED_KEY{ "private/whitelistEnabled" };
QString SCRIPT_WHITELIST_ENTRIES_KEY{ "private/settingsSafeURLS" };
QString SCRIPT_ALLOWLIST_ENABLED_KEY{ "private/allowlistEnabled" };
QString SCRIPT_ALLOWLIST_ENTRIES_KEY{ "private/settingsSafeURLS" };
private:
bool _initialized { false };

68
libraries/script-engine/src/ScriptManager.cpp
View file

@ -2192,17 +2192,17 @@ void ScriptManager::entityScriptContentAvailable(const EntityItemID& entityID, c
exception = testConstructor;
}
} else {
// ENTITY SCRIPT WHITELIST STARTS HERE
// ENTITY SCRIPT ALLOWLIST STARTS HERE
auto nodeList = DependencyManager::get<NodeList>();
bool passList = false; // assume unsafe
QString whitelistPrefix = "[WHITELIST ENTITY SCRIPTS]";
QString allowlistPrefix = "[ALLOWLIST ENTITY SCRIPTS]";
QList<QString> safeURLPrefixes = { "file:///", "atp:", "cache:" };
safeURLPrefixes += qEnvironmentVariable("EXTRA_WHITELIST").trimmed().split(QRegExp("\\s*,\\s*"), Qt::SkipEmptyParts);
safeURLPrefixes += qEnvironmentVariable("EXTRA_ALLOWLIST").trimmed().split(QRegExp("\\s*,\\s*"), Qt::SkipEmptyParts);
// Entity Script Whitelist toggle check.
Setting::Handle<bool> whitelistEnabled {"private/whitelistEnabled", false };
// Entity Script Allowlist toggle check.
Setting::Handle<bool> allowlistEnabled {"private/allowlistEnabled", false };
if (!whitelistEnabled.get()) {
if (!allowlistEnabled.get()) {
passList = true;
}
@ -2212,39 +2212,39 @@ void ScriptManager::entityScriptContentAvailable(const EntityItemID& entityID, c
safeURLPrefixes += settingsSafeURLS;
// END Pull SAFEURLS from the Interface.JSON settings.
// Get current domain whitelist bypass, in case an entire domain is whitelisted.
// Get current domain allowlist bypass, in case an entire domain is allowlisted.
QString currentDomain = DependencyManager::get<AddressManager>()->getDomainURL().host();
QString domainSafeIP = nodeList->getDomainHandler().getHostname();
QString domainSafeURL = URL_SCHEME_OVERTE + "://" + currentDomain;
for (const auto& str : safeURLPrefixes) {
if (domainSafeURL.startsWith(str) || domainSafeIP.startsWith(str)) {
qCDebug(scriptengine) << whitelistPrefix << "Whitelist Bypassed, entire domain is whitelisted. Current Domain Host: "
qCDebug(scriptengine) << allowlistPrefix << "Allowlist Bypassed, entire domain is allowlisted. Current Domain Host: "
<< nodeList->getDomainHandler().getHostname()
<< "Current Domain: " << currentDomain;
passList = true;
}
}
// END bypass whitelist based on current domain.
// END bypass allowlist based on current domain.
// Start processing scripts through the whitelist.
if (ScriptManager::getContext() == "entity_server") { // If running on the server, do not engage whitelist.
// Start processing scripts through the allowlist.
if (ScriptManager::getContext() == "entity_server") { // If running on the server, do not engage allowlist.
passList = true;
} else if (!passList) { // If waved through, do not engage whitelist.
} else if (!passList) { // If waved through, do not engage allowlist.
for (const auto& str : safeURLPrefixes) {
qCDebug(scriptengine) << whitelistPrefix << "Script URL: " << scriptOrURL << "TESTING AGAINST" << str << "RESULTS IN"
qCDebug(scriptengine) << allowlistPrefix << "Script URL: " << scriptOrURL << "TESTING AGAINST" << str << "RESULTS IN"
<< scriptOrURL.startsWith(str);
if (!str.isEmpty() && scriptOrURL.startsWith(str)) {
passList = true;
qCDebug(scriptengine) << whitelistPrefix << "Script approved.";
qCDebug(scriptengine) << allowlistPrefix << "Script approved.";
break; // Bail early since we found a match.
}
}
}
// END processing of scripts through the whitelist.
// END processing of scripts through the allowlist.
if (!passList) { // If the entity failed to pass for any reason, it's blocked and an error is thrown.
qCDebug(scriptengine) << whitelistPrefix << "(disabled entity script)" << entityID.toString() << scriptOrURL;
qCDebug(scriptengine) << allowlistPrefix << "(disabled entity script)" << entityID.toString() << scriptOrURL;
exception = _engine->makeError(_engine->newValue("UNSAFE_ENTITY_SCRIPTS == 0"));
} else {
QTimer timeout;
@ -2267,7 +2267,7 @@ void ScriptManager::entityScriptContentAvailable(const EntityItemID& entityID, c
exception = testConstructor;
}
}
// ENTITY SCRIPT WHITELIST ENDS HERE, uncomment below for original full disabling.
// ENTITY SCRIPT ALLOWLIST ENDS HERE, uncomment below for original full disabling.
// qCDebug(scriptengine) << "(disabled entity script)" << entityID.toString() << scriptOrURL;
// exception = makeError("UNSAFE_ENTITY_SCRIPTS == 0");
@ -2303,17 +2303,17 @@ void ScriptManager::entityScriptContentAvailable(const EntityItemID& entityID, c
return; // done processing script
}*/
// ENTITY SCRIPT WHITELIST STARTS HERE
// ENTITY SCRIPT ALLOWLIST STARTS HERE
auto nodeList = DependencyManager::get<NodeList>();
bool passList = false; // assume unsafe
QString whitelistPrefix = "[WHITELIST ENTITY SCRIPTS]";
QString allowlistPrefix = "[ALLOWLIST ENTITY SCRIPTS]";
QList<QString> safeURLPrefixes = { "file:///", "atp:", "cache:" };
safeURLPrefixes += qEnvironmentVariable("EXTRA_WHITELIST").trimmed().split(QRegExp("\\s*,\\s*"), Qt::SkipEmptyParts);
safeURLPrefixes += qEnvironmentVariable("EXTRA_ALLOWLIST").trimmed().split(QRegExp("\\s*,\\s*"), Qt::SkipEmptyParts);
// Entity Script Whitelist toggle check.
Setting::Handle<bool> whitelistEnabled {"private/whitelistEnabled", false };
// Entity Script Allowlist toggle check.
Setting::Handle<bool> allowlistEnabled {"private/allowlistEnabled", false };
if (!whitelistEnabled.get()) {
if (!allowlistEnabled.get()) {
passList = true;
}
@ -2323,40 +2323,40 @@ void ScriptManager::entityScriptContentAvailable(const EntityItemID& entityID, c
safeURLPrefixes += settingsSafeURLS;
// END Pull SAFEURLS from the Interface.JSON settings.
// Get current domain whitelist bypass, in case an entire domain is whitelisted.
// Get current domain allowlist bypass, in case an entire domain is allowlisted.
QString currentDomain = DependencyManager::get<AddressManager>()->getDomainURL().host();
QString domainSafeIP = nodeList->getDomainHandler().getHostname();
QString domainSafeURL = URL_SCHEME_OVERTE + "://" + currentDomain;
for (const auto& str : safeURLPrefixes) {
if (domainSafeURL.startsWith(str) || domainSafeIP.startsWith(str)) {
qCDebug(scriptengine) << whitelistPrefix << "Whitelist Bypassed, entire domain is whitelisted. Current Domain Host: "
qCDebug(scriptengine) << allowlistPrefix << "Allowlist Bypassed, entire domain is allowlisted. Current Domain Host: "
<< nodeList->getDomainHandler().getHostname()
<< "Current Domain: " << currentDomain;
passList = true;
}
}
// END bypass whitelist based on current domain.
// END bypass allowlist based on current domain.
// Start processing scripts through the whitelist.
if (ScriptManager::getContext() == "entity_server") { // If running on the server, do not engage whitelist.
// Start processing scripts through the allowlist.
if (ScriptManager::getContext() == "entity_server") { // If running on the server, do not engage allowlist.
passList = true;
} else if (!passList) { // If waved through, do not engage whitelist.
} else if (!passList) { // If waved through, do not engage allowlist.
for (const auto& str : safeURLPrefixes) {
qCDebug(scriptengine) << whitelistPrefix << "Script URL: " << scriptOrURL << "TESTING AGAINST" << str << "RESULTS IN"
qCDebug(scriptengine) << allowlistPrefix << "Script URL: " << scriptOrURL << "TESTING AGAINST" << str << "RESULTS IN"
<< scriptOrURL.startsWith(str);
if (!str.isEmpty() && scriptOrURL.startsWith(str)) {
passList = true;
qCDebug(scriptengine) << whitelistPrefix << "Script approved.";
qCDebug(scriptengine) << allowlistPrefix << "Script approved.";
break; // Bail early since we found a match.
}
}
}
// END processing of scripts through the whitelist.
// END processing of scripts through the allowlist.
ScriptValue exception;
if (!passList) { // If the entity failed to pass for any reason, it's blocked and an error is thrown.
qCDebug(scriptengine) << whitelistPrefix << "(disabled entity script)" << entityID.toString() << scriptOrURL;
qCDebug(scriptengine) << allowlistPrefix << "(disabled entity script)" << entityID.toString() << scriptOrURL;
exception = _engine->makeError(_engine->newValue("UNSAFE_ENTITY_SCRIPTS == 0"));
}
@ -2369,7 +2369,7 @@ void ScriptManager::entityScriptContentAvailable(const EntityItemID& entityID, c
emit unhandledException(scriptRuntimeException);
return;
}
// ENTITY SCRIPT WHITELIST ENDS HERE, uncomment below for original full disabling.
// ENTITY SCRIPT ALLOWLIST ENDS HERE, uncomment below for original full disabling.
// qCDebug(scriptengine) << "(disabled entity script)" << entityID.toString() << scriptOrURL;
// exception = makeError("UNSAFE_ENTITY_SCRIPTS == 0");

4
libraries/shared/src/SharedUtil.cpp
View file

@ -854,11 +854,11 @@ void printSystemInformation() {
qCDebug(shared) << "Environment Variables";
// List of env variables to include in the log. For privacy reasons we don't send all env variables.
const QStringList envWhitelist = {
const QStringList envAllowlist = {
"QTWEBENGINE_REMOTE_DEBUGGING"
};
auto envVariables = QProcessEnvironment::systemEnvironment();
for (auto& env : envWhitelist)
for (auto& env : envAllowlist)
{
qCDebug(shared).noquote().nospace() << "\t" <<
(envVariables.contains(env) ? " = " + envVariables.value(env) : " NOT FOUND");

6
libraries/shared/src/WarningsSuppression.h
View file

@ -19,7 +19,7 @@
*/
#ifdef OVERTE_WARNINGS_WHITELIST_GCC
#ifdef OVERTE_WARNINGS_ALLOWLIST_GCC
#define OVERTE_IGNORE_DEPRECATED_BEGIN \
_Pragma("GCC diagnostic push") \
@ -27,7 +27,7 @@
#define OVERTE_IGNORE_DEPRECATED_END _Pragma("GCC diagnostic pop")
#elif OVERTE_WARNINGS_WHITELIST_CLANG
#elif OVERTE_WARNINGS_ALLOWLIST_CLANG
#define OVERTE_IGNORE_DEPRECATED_BEGIN \
_Pragma("clang diagnostic push") \
@ -35,7 +35,7 @@
#define OVERTE_IGNORE_DEPRECATED_END _Pragma("clang diagnostic pop")
#elif OVERTE_WARNINGS_WHITELIST_MSVC
#elif OVERTE_WARNINGS_ALLOWLIST_MSVC
#define OVERTE_IGNORE_DEPRECATED_BEGIN \
_Pragma("warning(push)") \

24
libraries/ui/src/ui/OffscreenQmlSurface.cpp
View file

@ -63,11 +63,11 @@
namespace hifi { namespace qml { namespace offscreen {
class OffscreenQmlWhitelist : public Dependency, private ReadWriteLockable {
class OffscreenQmlAllowlist : public Dependency, private ReadWriteLockable {
SINGLETON_DEPENDENCY
public:
void addWhitelistContextHandler(const std::initializer_list<QUrl>& urls, const QmlContextCallback& callback) {
void addAllowlistContextHandler(const std::initializer_list<QUrl>& urls, const QmlContextCallback& callback) {
withWriteLock([&] {
for (auto url : urls) {
if (url.isRelative()) {
@ -93,11 +93,11 @@ private:
QHash<QUrl, QList<QmlContextCallback>> _callbacks;
};
QSharedPointer<OffscreenQmlWhitelist> getQmlWhitelist() {
QSharedPointer<OffscreenQmlAllowlist> getQmlAllowlist() {
static std::once_flag once;
std::call_once(once, [&] { DependencyManager::set<OffscreenQmlWhitelist>(); });
std::call_once(once, [&] { DependencyManager::set<OffscreenQmlAllowlist>(); });
return DependencyManager::get<OffscreenQmlWhitelist>();
return DependencyManager::get<OffscreenQmlAllowlist>();
}
// Class to handle changing QML audio output device using another thread
@ -292,9 +292,9 @@ void OffscreenQmlSurface::initializeEngine(QQmlEngine* engine) {
engine->setObjectOwnership(tablet, QQmlEngine::CppOwnership);
}
void OffscreenQmlSurface::addWhitelistContextHandler(const std::initializer_list<QUrl>& urls,
void OffscreenQmlSurface::addAllowlistContextHandler(const std::initializer_list<QUrl>& urls,
const QmlContextCallback& callback) {
getQmlWhitelist()->addWhitelistContextHandler(urls, callback);
getQmlAllowlist()->addAllowlistContextHandler(urls, callback);
}
void OffscreenQmlSurface::onRootContextCreated(QQmlContext* qmlContext) {
@ -319,17 +319,17 @@ void OffscreenQmlSurface::onRootContextCreated(QQmlContext* qmlContext) {
#endif
}
void OffscreenQmlSurface::applyWhiteList(const QUrl& url, QQmlContext* context) {
QList<QmlContextCallback> callbacks = getQmlWhitelist()->getCallbacksForUrl(url);
void OffscreenQmlSurface::applyAllowList(const QUrl& url, QQmlContext* context) {
QList<QmlContextCallback> callbacks = getQmlAllowlist()->getCallbacksForUrl(url);
for(const auto& callback : callbacks){
callback(context);
}
}
QQmlContext* OffscreenQmlSurface::contextForUrl(const QUrl& qmlSource, QQuickItem* parent, bool forceNewContext) {
// Get any whitelist functionality
QList<QmlContextCallback> callbacks = getQmlWhitelist()->getCallbacksForUrl(qmlSource);
// If we have whitelisted content, we must load a new context
// Get any allowlist functionality
QList<QmlContextCallback> callbacks = getQmlAllowlist()->getCallbacksForUrl(qmlSource);
// If we have allowlisted content, we must load a new context
forceNewContext |= !callbacks.empty();
QQmlContext* targetContext = Parent::contextForUrl(qmlSource, parent, forceNewContext);

6
libraries/ui/src/ui/OffscreenQmlSurface.h
View file

@ -28,9 +28,9 @@ class OffscreenQmlSurface : public hifi::qml::OffscreenSurface {
public:
~OffscreenQmlSurface();
static void addWhitelistContextHandler(const std::initializer_list<QUrl>& urls, const QmlContextCallback& callback);
static void addWhitelistContextHandler(const QUrl& url, const QmlContextCallback& callback) { addWhitelistContextHandler({ { url } }, callback); };
static void applyWhiteList(const QUrl& url,QQmlContext* context);
static void addAllowlistContextHandler(const std::initializer_list<QUrl>& urls, const QmlContextCallback& callback);
static void addAllowlistContextHandler(const QUrl& url, const QmlContextCallback& callback) { addAllowlistContextHandler({ { url } }, callback); };
static void applyAllowList(const QUrl& url,QQmlContext* context);
bool isFocusText() const { return _focusText; }
bool getCleaned() { return _isCleaned; }

2
libraries/ui/src/ui/types/RequestFilters.cpp
View file

@ -54,7 +54,7 @@ namespace {
return false;
}
// We can potentially add whitelisting logic or development environment variables that
// We can potentially add allowlisting logic or development environment variables that
// will allow people to override this setting on a per-client basis here.
QString targetFilePath = QFileInfo(requestUrl.toLocalFile()).canonicalFilePath();