diff --git a/CMakeLists.txt b/CMakeLists.txt index a46f1963ef..5d566d5da2 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -148,22 +148,22 @@ endif() # OVERTE_WARNINGS # -# Here we add the ability to whitelist warnings we've determined we can't fix, or are safe to +# Here we add the ability to allowlist warnings we've determined we can't fix, or are safe to # ignore for one reason or another. The way of doing so is compiler-specific, so we deal with # the detection of that in cmake, and just pass it down to the code from here. # -# We can also treat warnings as errors. Without the whitelist this will almost certainly lead +# We can also treat warnings as errors. Without the allowlist this will almost certainly lead # to a build failure. -if(NOT DEFINED OVERTE_WARNINGS_WHITELIST) - set(OVERTE_WARNINGS_WHITELIST true CACHE BOOL "Whitelist some warnings we can't currently fix") +if(NOT DEFINED OVERTE_WARNINGS_ALLOWLIST) + set(OVERTE_WARNINGS_ALLOWLIST true CACHE BOOL "Allowlist some warnings we can't currently fix") endif() if(NOT DEFINED OVERTE_WARNINGS_AS_ERRORS) set(OVERTE_WARNINGS_AS_ERRORS false CACHE BOOL "Count warnings as errors") endif() -if(OVERTE_WARNINGS_WHITELIST) +if(OVERTE_WARNINGS_ALLOWLIST) if (NOT WIN32) set(CMAKE_PLATFORM_INFO_DIR "${CMAKE_CURRENT_BINARY_DIR}") include(CMakeDetermineCXXCompiler) @@ -171,15 +171,15 @@ if(OVERTE_WARNINGS_WHITELIST) if (CMAKE_CXX_COMPILER_ID MATCHES "GNU") message("GCC compiler detected, suppressing some unsolvable warnings.") - add_compile_definitions(OVERTE_WARNINGS_WHITELIST_GCC) + add_compile_definitions(OVERTE_WARNINGS_ALLOWLIST_GCC) elseif(CMAKE_CXX_COMPILER_ID MATCHES "Clang") message("Clang compiler detected, suppressing some unsolvable warnings.") - add_compile_definitions(OVERTE_WARNINGS_WHITELIST_CLANG) + add_compile_definitions(OVERTE_WARNINGS_ALLOWLIST_CLANG) elseif(CMAKE_CXX_COMPILER_ID MATCHES "MSVC" OR (CMAKE_CXX_COMPILER_ID MATCHES "" AND WIN32)) message("Microsoft Visual Studio compiler detected, suppressing some unsolvable warnings.") - add_compile_definitions(OVERTE_WARNINGS_WHITELIST_MSVC) + add_compile_definitions(OVERTE_WARNINGS_ALLOWLIST_MSVC) else() - message("We don't know yet how to whitelist warnings for ${CMAKE_CXX_COMPILER_ID}") + message("We don't know yet how to allowlist warnings for ${CMAKE_CXX_COMPILER_ID}") endif() endif() diff --git a/assignment-client/src/avatars/AvatarMixer.cpp b/assignment-client/src/avatars/AvatarMixer.cpp index 5b43d8d1d7..80c3e1ae95 100644 --- a/assignment-client/src/avatars/AvatarMixer.cpp +++ b/assignment-client/src/avatars/AvatarMixer.cpp @@ -1058,23 +1058,23 @@ void AvatarMixer::parseDomainServerSettings(const QJsonObject& domainSettings) { qCDebug(avatars) << "This domain requires a minimum avatar height of" << _domainMinimumHeight << "and a maximum avatar height of" << _domainMaximumHeight; - static const QString AVATAR_WHITELIST_OPTION = "avatar_whitelist"; - _workerSharedData.skeletonURLWhitelist = avatarMixerGroupObject[AVATAR_WHITELIST_OPTION] + static const QString AVATAR_ALLOWLIST_OPTION = "avatar_allowlist"; + _workerSharedData.skeletonURLAllowlist = avatarMixerGroupObject[AVATAR_ALLOWLIST_OPTION] .toString().split(',', Qt::KeepEmptyParts); static const QString REPLACEMENT_AVATAR_OPTION = "replacement_avatar"; _workerSharedData.skeletonReplacementURL = avatarMixerGroupObject[REPLACEMENT_AVATAR_OPTION] .toString(); - if (_workerSharedData.skeletonURLWhitelist.count() == 1 && _workerSharedData.skeletonURLWhitelist[0].isEmpty()) { + if (_workerSharedData.skeletonURLAllowlist.count() == 1 && _workerSharedData.skeletonURLAllowlist[0].isEmpty()) { // KeepEmptyParts above will parse "," as ["", ""] (which is ok), but "" as [""] (which is not ok). - _workerSharedData.skeletonURLWhitelist.clear(); + _workerSharedData.skeletonURLAllowlist.clear(); } - if (_workerSharedData.skeletonURLWhitelist.isEmpty()) { + if (_workerSharedData.skeletonURLAllowlist.isEmpty()) { qCDebug(avatars) << "All avatars are allowed."; } else { - qCDebug(avatars) << "Avatars other than" << _workerSharedData.skeletonURLWhitelist << "will be replaced by" << (_workerSharedData.skeletonReplacementURL.isEmpty() ? "default" : _workerSharedData.skeletonReplacementURL.toString()); + qCDebug(avatars) << "Avatars other than" << _workerSharedData.skeletonURLAllowlist << "will be replaced by" << (_workerSharedData.skeletonReplacementURL.isEmpty() ? "default" : _workerSharedData.skeletonReplacementURL.toString()); } } diff --git a/assignment-client/src/avatars/AvatarMixerClientData.cpp b/assignment-client/src/avatars/AvatarMixerClientData.cpp index fcd059549a..1e9046a2af 100644 --- a/assignment-client/src/avatars/AvatarMixerClientData.cpp +++ b/assignment-client/src/avatars/AvatarMixerClientData.cpp @@ -221,8 +221,8 @@ void AvatarMixerClientData::processSetTraitsMessage(ReceivedMessage& message, _avatar->processTrait(traitType, message.read(traitSize)); _lastReceivedTraitVersions[traitType] = packetTraitVersion; if (traitType == AvatarTraits::SkeletonModelURL) { - // special handling for skeleton model URL, since we need to make sure it is in the whitelist - checkSkeletonURLAgainstWhitelist(workerSharedData, sendingNode, packetTraitVersion); + // special handling for skeleton model URL, since we need to make sure it is in the allowlist + checkSkeletonURLAgainstAllowlist(workerSharedData, sendingNode, packetTraitVersion); } anyTraitsChanged = true; @@ -366,30 +366,30 @@ void AvatarMixerClientData::processBulkAvatarTraitsAckMessage(ReceivedMessage& m } } -void AvatarMixerClientData::checkSkeletonURLAgainstWhitelist(const WorkerSharedData& workerSharedData, +void AvatarMixerClientData::checkSkeletonURLAgainstAllowlist(const WorkerSharedData& workerSharedData, Node& sendingNode, AvatarTraits::TraitVersion traitVersion) { - const auto& whitelist = workerSharedData.skeletonURLWhitelist; + const auto& allowlist = workerSharedData.skeletonURLAllowlist; - if (!whitelist.isEmpty()) { - bool inWhitelist = false; + if (!allowlist.isEmpty()) { + bool inAllowlist = false; auto avatarURL = _avatar->getSkeletonModelURL(); - // The avatar is in the whitelist if: - // 1. The avatar's URL's host matches one of the hosts of the URLs in the whitelist AND - // 2. The avatar's URL's path starts with the path of that same URL in the whitelist - for (const auto& whiteListedPrefix : whitelist) { - auto whiteListURL = QUrl::fromUserInput(whiteListedPrefix); - // check if this script URL matches the whitelist domain and, optionally, is beneath the path - if (avatarURL.host().compare(whiteListURL.host(), Qt::CaseInsensitive) == 0 && - avatarURL.path().startsWith(whiteListURL.path(), Qt::CaseInsensitive)) { - inWhitelist = true; + // The avatar is in the allowlist if: + // 1. The avatar's URL's host matches one of the hosts of the URLs in the allowlist AND + // 2. The avatar's URL's path starts with the path of that same URL in the allowlist + for (const auto& allowListedPrefix : allowlist) { + auto allowListURL = QUrl::fromUserInput(allowListedPrefix); + // check if this script URL matches the allowlist domain and, optionally, is beneath the path + if (avatarURL.host().compare(allowListURL.host(), Qt::CaseInsensitive) == 0 && + avatarURL.path().startsWith(allowListURL.path(), Qt::CaseInsensitive)) { + inAllowlist = true; break; } } - if (!inWhitelist) { + if (!inAllowlist) { // make sure we're not unecessarily overriding the default avatar with the default avatar if (_avatar->getWireSafeSkeletonModelURL() != workerSharedData.skeletonReplacementURL) { // we need to change this avatar's skeleton URL, and send them a traits packet informing them of the change diff --git a/assignment-client/src/avatars/AvatarMixerClientData.h b/assignment-client/src/avatars/AvatarMixerClientData.h index d0aa52a53e..ece5882590 100644 --- a/assignment-client/src/avatars/AvatarMixerClientData.h +++ b/assignment-client/src/avatars/AvatarMixerClientData.h @@ -135,7 +135,7 @@ public: void processSetTraitsMessage(ReceivedMessage& message, const WorkerSharedData& workerSharedData, Node& sendingNode); void emulateDeleteEntitiesTraitsMessage(const QList& avatarEntityIDs); void processBulkAvatarTraitsAckMessage(ReceivedMessage& message); - void checkSkeletonURLAgainstWhitelist(const WorkerSharedData& workerSharedData, Node& sendingNode, + void checkSkeletonURLAgainstAllowlist(const WorkerSharedData& workerSharedData, Node& sendingNode, AvatarTraits::TraitVersion traitVersion); using TraitsCheckTimestamp = std::chrono::steady_clock::time_point; diff --git a/assignment-client/src/avatars/AvatarMixerWorker.h b/assignment-client/src/avatars/AvatarMixerWorker.h index 089e3f6d88..fe1877c078 100644 --- a/assignment-client/src/avatars/AvatarMixerWorker.h +++ b/assignment-client/src/avatars/AvatarMixerWorker.h @@ -97,7 +97,7 @@ class EntityTree; using EntityTreePointer = std::shared_ptr; struct WorkerSharedData { - QStringList skeletonURLWhitelist; + QStringList skeletonURLAllowlist; QUrl skeletonReplacementURL; EntityTreePointer entityTree; }; diff --git a/assignment-client/src/entities/EntityServer.cpp b/assignment-client/src/entities/EntityServer.cpp index d27a69ff7c..ea3ebd07f6 100644 --- a/assignment-client/src/entities/EntityServer.cpp +++ b/assignment-client/src/entities/EntityServer.cpp @@ -320,11 +320,11 @@ void EntityServer::readAdditionalConfiguration(const QJsonObject& settingsSectio tree->setWantEditLogging(wantEditLogging); tree->setWantTerseEditLogging(wantTerseEditLogging); - QString entityScriptSourceWhitelist; - if (readOptionString("entityScriptSourceWhitelist", settingsSectionObject, entityScriptSourceWhitelist)) { - tree->setEntityScriptSourceWhitelist(entityScriptSourceWhitelist); + QString entityScriptSourceAllowlist; + if (readOptionString("entityScriptSourceAllowlist", settingsSectionObject, entityScriptSourceAllowlist)) { + tree->setEntityScriptSourceAllowlist(entityScriptSourceAllowlist); } else { - tree->setEntityScriptSourceWhitelist(""); + tree->setEntityScriptSourceAllowlist(""); } auto entityEditFilters = DependencyManager::get(); diff --git a/cmake/macros/SetPackagingParameters.cmake b/cmake/macros/SetPackagingParameters.cmake index 4d2cac7b3e..4320522784 100644 --- a/cmake/macros/SetPackagingParameters.cmake +++ b/cmake/macros/SetPackagingParameters.cmake @@ -26,7 +26,7 @@ macro(SET_PACKAGING_PARAMETERS) set_from_env(STABLE_BUILD STABLE_BUILD 0) set_from_env(PRELOADED_STARTUP_LOCATION PRELOADED_STARTUP_LOCATION "") - set_from_env(PRELOADED_SCRIPT_WHITELIST PRELOADED_SCRIPT_WHITELIST "") + set_from_env(PRELOADED_SCRIPT_ALLOWLIST PRELOADED_SCRIPT_ALLOWLIST "") set_from_env(BYPASS_SIGNING BYPASS_SIGNING 0) diff --git a/cmake/templates/BuildInfo.h.in b/cmake/templates/BuildInfo.h.in index 25541efb17..132664c99a 100644 --- a/cmake/templates/BuildInfo.h.in +++ b/cmake/templates/BuildInfo.h.in @@ -29,7 +29,7 @@ namespace BuildInfo { const QString BUILD_GLOBAL_SERVICES = "@BUILD_GLOBAL_SERVICES@"; const QString BUILD_TIME = "@BUILD_TIME@"; const QString PRELOADED_STARTUP_LOCATION = "@PRELOADED_STARTUP_LOCATION@"; - const QString PRELOADED_SCRIPT_WHITELIST = "@PRELOADED_SCRIPT_WHITELIST@"; + const QString PRELOADED_SCRIPT_ALLOWLIST = "@PRELOADED_SCRIPT_ALLOWLIST@"; enum BuildType { Dev, diff --git a/domain-server/src/DomainServer.cpp b/domain-server/src/DomainServer.cpp index 7d9456f059..5db7bb7f74 100644 --- a/domain-server/src/DomainServer.cpp +++ b/domain-server/src/DomainServer.cpp @@ -341,17 +341,17 @@ DomainServer::DomainServer(int argc, char* argv[]) : connect(&_settingsManager, &DomainServerSettingsManager::updateNodePermissions, [this] { _metadata->securityChanged(true); }); qDebug() << "domain-server is running"; - static const QString AC_SUBNET_WHITELIST_SETTING_PATH = "security.ac_subnet_whitelist"; + static const QString AC_SUBNET_ALLOWLIST_SETTING_PATH = "security.ac_subnet_allowlist"; static const Subnet LOCALHOST { QHostAddress("127.0.0.1"), 32 }; - _acSubnetWhitelist = { LOCALHOST }; + _acSubnetAllowlist = { LOCALHOST }; - auto whitelist = _settingsManager.valueOrDefaultValueForKeyPath(AC_SUBNET_WHITELIST_SETTING_PATH).toStringList(); - for (auto& subnet : whitelist) { + auto allowlist = _settingsManager.valueOrDefaultValueForKeyPath(AC_SUBNET_ALLOWLIST_SETTING_PATH).toStringList(); + for (auto& subnet : allowlist) { auto netmaskParts = subnet.trimmed().split("/"); if (netmaskParts.size() > 2) { - qDebug() << "Ignoring subnet in whitelist, malformed: " << subnet; + qDebug() << "Ignoring subnet in allowlist, malformed: " << subnet; continue; } @@ -363,7 +363,7 @@ DomainServer::DomainServer(int argc, char* argv[]) : bool ok; netmask = netmaskParts[1].toInt(&ok); if (!ok) { - qDebug() << "Ignoring subnet in whitelist, bad netmask: " << subnet; + qDebug() << "Ignoring subnet in allowlist, bad netmask: " << subnet; continue; } } @@ -371,10 +371,10 @@ DomainServer::DomainServer(int argc, char* argv[]) : auto ip = QHostAddress(netmaskParts[0]); if (!ip.isNull()) { - qDebug() << "Adding AC whitelist subnet: " << subnet << " -> " << (ip.toString() + "/" + QString::number(netmask)); - _acSubnetWhitelist.push_back({ ip , netmask }); + qDebug() << "Adding AC allowlist subnet: " << subnet << " -> " << (ip.toString() + "/" + QString::number(netmask)); + _acSubnetAllowlist.push_back({ ip , netmask }); } else { - qDebug() << "Ignoring subnet in whitelist, invalid ip portion: " << subnet; + qDebug() << "Ignoring subnet in allowlist, invalid ip portion: " << subnet; } } @@ -1502,8 +1502,8 @@ void DomainServer::processRequestAssignmentPacket(QSharedPointer _replicatedUsernames; diff --git a/domain-server/src/DomainServerSettingsManager.cpp b/domain-server/src/DomainServerSettingsManager.cpp index bcea7f0e01..10ab5f1df1 100644 --- a/domain-server/src/DomainServerSettingsManager.cpp +++ b/domain-server/src/DomainServerSettingsManager.cpp @@ -1743,7 +1743,7 @@ bool DomainServerSettingsManager::recurseJSONObjectAndOverwriteSettings(const QJ QJsonObject postedObject(postedSettingsObject); static const QString SECURITY_ROOT_KEY = "security"; - static const QString AC_SUBNET_WHITELIST_KEY = "ac_subnet_whitelist"; + static const QString AC_SUBNET_ALLOWLIST_KEY = "ac_subnet_allowlist"; static const QString BROADCASTING_KEY = "broadcasting"; static const QString WIZARD_KEY = "wizard"; static const QString DESCRIPTION_ROOT_KEY = "descriptors"; @@ -1863,7 +1863,7 @@ bool DomainServerSettingsManager::recurseJSONObjectAndOverwriteSettings(const QJ if ((rootKey != SECURITY_ROOT_KEY && rootKey != BROADCASTING_KEY && rootKey != DESCRIPTION_ROOT_KEY && rootKey != WIZARD_KEY) || - settingKey == AC_SUBNET_WHITELIST_KEY) { + settingKey == AC_SUBNET_ALLOWLIST_KEY) { needRestart = true; } } else { diff --git a/interface/resources/qml/hifi/dialogs/security/EntityScriptQMLWhitelist.qml b/interface/resources/qml/hifi/dialogs/security/EntityScriptQMLAllowlist.qml similarity index 77% rename from interface/resources/qml/hifi/dialogs/security/EntityScriptQMLWhitelist.qml rename to interface/resources/qml/hifi/dialogs/security/EntityScriptQMLAllowlist.qml index 8180475527..c23233d617 100644 --- a/interface/resources/qml/hifi/dialogs/security/EntityScriptQMLWhitelist.qml +++ b/interface/resources/qml/hifi/dialogs/security/EntityScriptQMLAllowlist.qml @@ -1,5 +1,5 @@ // -// EntityScriptQMLWhitelist.qml +// EntityScriptQMLAllowlist.qml // interface/resources/qml/hifi/dialogs/security // // Created by Kalila L. on 2019.12.05 | realities.dev | somnilibertas@gmail.com @@ -8,7 +8,7 @@ // Distributed under the Apache License, Version 2.0. // See the accompanying file LICENSE or http://www.apache.org/licenses/LICENSE-2.0.html // -// Security Settings for the Entity Script QML Whitelist +// Security Settings for the Entity Script QML Allowlist import Hifi 1.0 as Hifi import QtQuick 2.8 @@ -23,25 +23,25 @@ import "../../../windows" Rectangle { id: parentBody; - function getWhitelistAsText() { - var whitelist = Settings.getValue("private/settingsSafeURLS"); - var arrayWhitelist = whitelist.split(",").join("\n"); - return arrayWhitelist; + function getAllowlistAsText() { + var allowlist = Settings.getValue("private/settingsSafeURLS"); + var arrayAllowlist = allowlist.split(",").join("\n"); + return arrayAllowlist; } - function setWhitelistAsText(whitelistText) { - Settings.setValue("private/settingsSafeURLS", whitelistText.text); + function setAllowlistAsText(allowlistText) { + Settings.setValue("private/settingsSafeURLS", allowlistText.text); - var originalSetString = whitelistText.text; + var originalSetString = allowlistText.text; var originalSet = originalSetString.split(' ').join(''); var check = Settings.getValue("private/settingsSafeURLS"); var arrayCheck = check.split(",").join("\n"); - setWhitelistSuccess(arrayCheck === originalSet); + setAllowlistSuccess(arrayCheck === originalSet); } - function setWhitelistSuccess(success) { + function setAllowlistSuccess(success) { if (success) { notificationText.text = "Successfully saved settings."; } else { @@ -49,20 +49,20 @@ Rectangle { } } - function toggleWhitelist(enabled) { - Settings.setValue("private/whitelistEnabled", enabled); - console.info("Toggling Whitelist to:", enabled); + function toggleAllowlist(enabled) { + Settings.setValue("private/allowlistEnabled", enabled); + console.info("Toggling Allowlist to:", enabled); } function initCheckbox() { - var check = Settings.getValue("private/whitelistEnabled", false); + var check = Settings.getValue("private/allowlistEnabled", false); if (check) { - whitelistEnabled.toggle(); + allowlistEnabled.toggle(); } } - - + + anchors.fill: parent width: parent.width; height: 120; @@ -70,7 +70,7 @@ Rectangle { HifiStylesUit.RalewayRegular { id: titleText; - text: "Entity Script / QML Whitelist" + text: "Entity Script / QML Allowlist" // Text size size: 24; // Style @@ -89,13 +89,13 @@ Rectangle { initCheckbox(); } - id: whitelistEnabled; + id: allowlistEnabled; anchors.right: parent.right; anchors.top: parent.top; anchors.topMargin: 10; onToggled: { - toggleWhitelist(whitelistEnabled.checked) + toggleAllowlist(allowlistEnabled.checked) } Label { @@ -115,7 +115,7 @@ Rectangle { width: parent.width; height: 250; anchors.top: titleText.bottom; - + ScrollView { id: textAreaScrollView anchors.fill: parent; @@ -126,8 +126,8 @@ Rectangle { clip: false; TextArea { - id: whitelistTextArea - text: getWhitelistAsText(); + id: allowlistTextArea + text: getAllowlistAsText(); onTextChanged: notificationText.text = ""; width: parent.width; height: parent.height; @@ -136,7 +136,7 @@ Rectangle { color: "white"; } } - + Button { id: saveChanges anchors.topMargin: 5; @@ -155,8 +155,8 @@ Rectangle { elide: Text.ElideRight } text: "Save Changes" - onClicked: setWhitelistAsText(whitelistTextArea) - + onClicked: setAllowlistAsText(allowlistTextArea) + HifiStylesUit.RalewayRegular { id: notificationText; text: "" @@ -170,15 +170,15 @@ Rectangle { anchors.rightMargin: 10; } } - + HifiStylesUit.RalewayRegular { id: descriptionText; - text: - "The whitelist checks scripts and QML as they are loaded.
+ text: + "The allowlist checks scripts and QML as they are loaded.
Therefore, if a script is cached or has no reason to load again,
- removing it from the whitelist will have no effect until
+ removing it from the allowlist will have no effect until
it is reloaded.
- Separate your whitelisted domains by line, not commas. e.g. + Separate your allowlisted domains by line, not commas. e.g.
https://google.com/
hifi://the-spot/
@@ -186,7 +186,7 @@ Rectangle { https://mydomain.here/
Ensure there are no spaces or whitespace.

- For QML files, you can only whitelist each file individually
+ For QML files, you can only allowlist each file individually
ending with '.qml'." // Text size size: 16; diff --git a/interface/resources/qml/hifi/dialogs/security/ScriptSecurity.qml b/interface/resources/qml/hifi/dialogs/security/ScriptSecurity.qml index de7304b6fb..2cd8d5cabf 100644 --- a/interface/resources/qml/hifi/dialogs/security/ScriptSecurity.qml +++ b/interface/resources/qml/hifi/dialogs/security/ScriptSecurity.qml @@ -5,7 +5,7 @@ // Created by dr Karol Suprynowicz on 2024/03/24. // Copyright 2024 Overte e.V. // -// Based on EntityScriptQMLWhitelist.qml +// Based on EntityScriptQMLAllowlist.qml // Created by Kalila L. on 2019.12.05 | realities.dev | somnilibertas@gmail.com // Copyright 2019 Kalila L. // @@ -27,15 +27,15 @@ import "../../../windows" Rectangle { id: parentBody; - function getWhitelistAsText() { - var whitelist = Settings.getValue("private/scriptPermissionGetAvatarURLSafeURLs"); - var arrayWhitelist = whitelist.replace(",", "\n"); - return arrayWhitelist; + function getAllowlistAsText() { + var allowlist = Settings.getValue("private/scriptPermissionGetAvatarURLSafeURLs"); + var arrayAllowlist = allowlist.replace(",", "\n"); + return arrayAllowlist; } - function setWhitelistAsText(whitelistText) { - Settings.setValue("private/scriptPermissionGetAvatarURLSafeURLs", whitelistText.text); - notificationText.text = "Whitelist saved."; + function setAllowlistAsText(allowlistText) { + Settings.setValue("private/scriptPermissionGetAvatarURLSafeURLs", allowlistText.text); + notificationText.text = "Allowlist saved."; } function setAvatarProtection(enabled) { @@ -65,7 +65,7 @@ Rectangle { height: 60; CheckBox { - id: whitelistEnabled; + id: allowlistEnabled; checked: Settings.getValue("private/scriptPermissionGetAvatarURLEnable", true); @@ -73,7 +73,7 @@ Rectangle { anchors.top: parent.top; anchors.topMargin: 10; onToggled: { - setAvatarProtection(whitelistEnabled.checked) + setAvatarProtection(allowlistEnabled.checked) } Label { @@ -104,8 +104,8 @@ Rectangle { clip: false; TextArea { - id: whitelistTextArea - text: getWhitelistAsText(); + id: allowlistTextArea + text: getAllowlistAsText(); onTextChanged: notificationText.text = ""; width: parent.width; height: parent.height; @@ -133,7 +133,7 @@ Rectangle { elide: Text.ElideRight } text: "Save Changes" - onClicked: setWhitelistAsText(whitelistTextArea) + onClicked: setAllowlistAsText(allowlistTextArea) HifiStylesUit.RalewayRegular { id: notificationText; diff --git a/interface/src/Application.cpp b/interface/src/Application.cpp index 6c09bf32e0..f630bea863 100644 --- a/interface/src/Application.cpp +++ b/interface/src/Application.cpp @@ -3293,9 +3293,9 @@ void Application::initializeUi() { { auto defaultUrlValidator = OffscreenQmlSurface::getUrlValidator(); auto newValidator = [=](const QUrl& url) -> bool { - QString whitelistPrefix = "[WHITELIST ENTITY SCRIPTS]"; + QString allowlistPrefix = "[ALLOWLIST ENTITY SCRIPTS]"; QList safeURLS = { "" }; - safeURLS += qEnvironmentVariable("EXTRA_WHITELIST").trimmed().split(QRegExp("\\s*,\\s*"), Qt::SkipEmptyParts); + safeURLS += qEnvironmentVariable("EXTRA_ALLOWLIST").trimmed().split(QRegExp("\\s*,\\s*"), Qt::SkipEmptyParts); // PULL SAFEURLS FROM INTERFACE.JSON Settings @@ -3332,7 +3332,7 @@ void Application::initializeUi() { QmlContextCallback platformInfoCallback = [](QQmlContext* context) { context->setContextProperty("PlatformInfo", new PlatformInfoScriptingInterface()); }; - OffscreenQmlSurface::addWhitelistContextHandler({ + OffscreenQmlSurface::addAllowlistContextHandler({ QUrl{ "hifi/tablet/TabletAddressDialog.qml" }, QUrl{ "hifi/Card.qml" }, QUrl{ "hifi/Pal.qml" }, @@ -3342,7 +3342,7 @@ void Application::initializeUi() { QmlContextCallback ttsCallback = [](QQmlContext* context) { context->setContextProperty("TextToSpeech", DependencyManager::get().data()); }; - OffscreenQmlSurface::addWhitelistContextHandler({ + OffscreenQmlSurface::addAllowlistContextHandler({ QUrl{ "hifi/tts/TTS.qml" } }, ttsCallback); qmlRegisterType("Hifi", 1, 0, "ResourceImageItem"); diff --git a/interface/src/Menu.cpp b/interface/src/Menu.cpp index c1d7c05f79..1df4a1e9a6 100644 --- a/interface/src/Menu.cpp +++ b/interface/src/Menu.cpp @@ -310,13 +310,13 @@ Menu::Menu() { } }); - // Settings > Entity Script / QML Whitelist - action = addActionToQMenuAndActionHash(settingsMenu, "Entity Script / QML Whitelist"); + // Settings > Entity Script / QML Allowlist + action = addActionToQMenuAndActionHash(settingsMenu, "Entity Script / QML Allowlist"); connect(action, &QAction::triggered, [] { auto tablet = DependencyManager::get()->getTablet("com.highfidelity.interface.tablet.system"); auto hmd = DependencyManager::get(); - tablet->pushOntoStack("hifi/dialogs/security/EntityScriptQMLWhitelist.qml"); + tablet->pushOntoStack("hifi/dialogs/security/EntityScriptQMLAllowlist.qml"); if (!hmd->getShouldShowTablet()) { hmd->toggleShouldShowTablet(); diff --git a/interface/src/Menu.h b/interface/src/Menu.h index e0cdfdf4fd..4eb985cf8c 100644 --- a/interface/src/Menu.h +++ b/interface/src/Menu.h @@ -189,7 +189,7 @@ namespace MenuOption { const QString RunningScripts = "Running Scripts..."; const QString RunTimingTests = "Run Timing Tests"; const QString ScriptedMotorControl = "Enable Scripted Motor Control"; - const QString EntityScriptQMLWhitelist = "Entity Script / QML Whitelist"; + const QString EntityScriptQMLAllowlist = "Entity Script / QML Allowlist"; const QString ScriptSecurity = "Script Security"; const QString ShowTrackedObjects = "Show Tracked Objects"; const QString SelfieCamera = "Selfie"; diff --git a/interface/src/raypick/CollisionPick.cpp b/interface/src/raypick/CollisionPick.cpp index 842de9f48a..f652639d20 100644 --- a/interface/src/raypick/CollisionPick.cpp +++ b/interface/src/raypick/CollisionPick.cpp @@ -408,9 +408,9 @@ CollisionRegion CollisionPick::getMathematicalPick() const { void CollisionPick::filterIntersections(std::vector& intersections) const { const QVector& ignoreItems = getIgnoreItems(); const QVector& includeItems = getIncludeItems(); - bool isWhitelist = !includeItems.empty(); + bool isAllowlist = !includeItems.empty(); - if (!isWhitelist && ignoreItems.empty()) { + if (!isAllowlist && ignoreItems.empty()) { return; } @@ -420,7 +420,7 @@ void CollisionPick::filterIntersections(std::vector& intersec for (int i = 0; i < n; i++) { auto& intersection = intersections[i]; const QUuid& id = intersection.foundID; - if (!ignoreItems.contains(id) && (!isWhitelist || includeItems.contains(id))) { + if (!ignoreItems.contains(id) && (!isAllowlist || includeItems.contains(id))) { filteredIntersections.push_back(intersection); } } diff --git a/interface/src/ui/InteractiveWindow.cpp b/interface/src/ui/InteractiveWindow.cpp index 258ba6784b..2761b1c9f0 100644 --- a/interface/src/ui/InteractiveWindow.cpp +++ b/interface/src/ui/InteractiveWindow.cpp @@ -221,8 +221,8 @@ InteractiveWindow::InteractiveWindow(const QString& sourceUrl, const QVariantMap Application::setupQmlSurface(quickView->rootContext(), true); - //add any whitelisted callbacks - OffscreenUi::applyWhiteList(sourceUrl, quickView->rootContext()); + //add any allowlisted callbacks + OffscreenUi::applyAllowList(sourceUrl, quickView->rootContext()); /*@jsdoc * Configures how a NATIVE window is displayed. diff --git a/libraries/entities/src/EntityTree.cpp b/libraries/entities/src/EntityTree.cpp index a28cf0b790..f252561501 100644 --- a/libraries/entities/src/EntityTree.cpp +++ b/libraries/entities/src/EntityTree.cpp @@ -65,8 +65,8 @@ EntityTree::~EntityTree() { //eraseAllOctreeElements(false); // KEEP THIS } -void EntityTree::setEntityScriptSourceWhitelist(const QString& entityScriptSourceWhitelist) { - _entityScriptSourceWhitelist = entityScriptSourceWhitelist.split(',', Qt::SkipEmptyParts); +void EntityTree::setEntityScriptSourceAllowlist(const QString& entityScriptSourceAllowlist) { + _entityScriptSourceAllowlist = entityScriptSourceAllowlist.split(',', Qt::SkipEmptyParts); } @@ -1411,17 +1411,17 @@ void EntityTree::bumpTimestamp(EntityItemProperties& properties) { //fixme put c properties.setLastEdited(properties.getLastEdited() + LAST_EDITED_SERVERSIDE_BUMP); } -bool EntityTree::isScriptInWhitelist(const QString& scriptProperty) { +bool EntityTree::isScriptInAllowlist(const QString& scriptProperty) { // grab a URL representation of the entity script so we can check the host for this script auto entityScriptURL = QUrl::fromUserInput(scriptProperty); - for (const auto& whiteListedPrefix : _entityScriptSourceWhitelist) { - auto whiteListURL = QUrl::fromUserInput(whiteListedPrefix); + for (const auto& allowListedPrefix : _entityScriptSourceAllowlist) { + auto allowListURL = QUrl::fromUserInput(allowListedPrefix); - // check if this script URL matches the whitelist domain and, optionally, is beneath the path - if (entityScriptURL.host().compare(whiteListURL.host(), Qt::CaseInsensitive) == 0 && - entityScriptURL.path().startsWith(whiteListURL.path(), Qt::CaseInsensitive)) { + // check if this script URL matches the allowlist domain and, optionally, is beneath the path + if (entityScriptURL.host().compare(allowListURL.host(), Qt::CaseInsensitive) == 0 && + entityScriptURL.path().startsWith(allowListURL.path(), Qt::CaseInsensitive)) { return true; } } @@ -1504,18 +1504,18 @@ int EntityTree::processEditPacketData(ReceivedMessage& message, const unsigned c } } - if (validEditPacket && !_entityScriptSourceWhitelist.isEmpty()) { + if (validEditPacket && !_entityScriptSourceAllowlist.isEmpty()) { bool wasDeletedBecauseOfClientScript = false; - // check the client entity script to make sure its URL is in the whitelist + // check the client entity script to make sure its URL is in the allowlist if (!properties.getScript().isEmpty()) { - bool clientScriptPassedWhitelist = isScriptInWhitelist(properties.getScript()); + bool clientScriptPassedAllowlist = isScriptInAllowlist(properties.getScript()); - if (!clientScriptPassedWhitelist) { + if (!clientScriptPassedAllowlist) { if (wantEditLogging()) { qCDebug(entities) << "User [" << senderNode->getUUID() - << "] attempting to set entity script not on whitelist, edit rejected"; + << "] attempting to set entity script not on allowlist, edit rejected"; } // If this was an add, we also want to tell the client that sent this edit that the entity was not added. @@ -1530,20 +1530,20 @@ int EntityTree::processEditPacketData(ReceivedMessage& message, const unsigned c } } - // check all server entity scripts to make sure their URLs are in the whitelist + // check all server entity scripts to make sure their URLs are in the allowlist if (!properties.getServerScripts().isEmpty()) { - bool serverScriptPassedWhitelist = isScriptInWhitelist(properties.getServerScripts()); + bool serverScriptPassedAllowlist = isScriptInAllowlist(properties.getServerScripts()); - if (!serverScriptPassedWhitelist) { + if (!serverScriptPassedAllowlist) { if (wantEditLogging()) { qCDebug(entities) << "User [" << senderNode->getUUID() - << "] attempting to set server entity script not on whitelist, edit rejected"; + << "] attempting to set server entity script not on allowlist, edit rejected"; } // If this was an add, we also want to tell the client that sent this edit that the entity was not added. if (isAdd) { // Make sure we didn't already need to send back a delete because the client script failed - // the whitelist check + // the allowlist check if (!wasDeletedBecauseOfClientScript) { QWriteLocker locker(&_recentlyDeletedEntitiesLock); _recentlyDeletedEntityItemIDs.insert(usecTimestampNow(), entityItemID); diff --git a/libraries/entities/src/EntityTree.h b/libraries/entities/src/EntityTree.h index c93a3b1527..ec209b37ad 100644 --- a/libraries/entities/src/EntityTree.h +++ b/libraries/entities/src/EntityTree.h @@ -63,7 +63,7 @@ public: void setEntityMaxTmpLifetime(float maxTmpEntityLifetime) { _maxTmpEntityLifetime = maxTmpEntityLifetime; } - void setEntityScriptSourceWhitelist(const QString& entityScriptSourceWhitelist); + void setEntityScriptSourceAllowlist(const QString& entityScriptSourceAllowlist); /// Implements our type specific root element factory virtual OctreeElementPointer createNewElement(unsigned char* octalCode = NULL) override; @@ -300,7 +300,7 @@ protected: void notifyNewlyCreatedEntity(const EntityItem& newEntity, const SharedNodePointer& senderNode); - bool isScriptInWhitelist(const QString& scriptURL); + bool isScriptInAllowlist(const QString& scriptURL); QReadWriteLock _newlyCreatedHooksLock; QVector _newlyCreatedHooks; @@ -363,7 +363,7 @@ protected: bool filterProperties(const EntityItemPointer& existingEntity, EntityItemProperties& propertiesIn, EntityItemProperties& propertiesOut, bool& wasChanged, FilterType filterType) const; bool _hasEntityEditFilter{ false }; - QStringList _entityScriptSourceWhitelist; + QStringList _entityScriptSourceAllowlist; MovingEntitiesOperator _entityMover; QHash _entitiesToAdd; diff --git a/libraries/script-engine/src/ScriptGatekeeper.cpp b/libraries/script-engine/src/ScriptGatekeeper.cpp index c223197a8c..43d9bbc0e2 100644 --- a/libraries/script-engine/src/ScriptGatekeeper.cpp +++ b/libraries/script-engine/src/ScriptGatekeeper.cpp @@ -19,21 +19,21 @@ void ScriptGatekeeper::initialize() { return; } - QVariant rawCurrentWhitelistValues = Setting::Handle(SCRIPT_WHITELIST_ENTRIES_KEY).get(); - QString settingsSafeValues = rawCurrentWhitelistValues.toString(); + QVariant rawCurrentAllowlistValues = Setting::Handle(SCRIPT_ALLOWLIST_ENTRIES_KEY).get(); + QString settingsSafeValues = rawCurrentAllowlistValues.toString(); - Setting::Handle whitelistEnabled { SCRIPT_WHITELIST_ENABLED_KEY, false }; + Setting::Handle allowlistEnabled { SCRIPT_ALLOWLIST_ENABLED_KEY, false }; Setting::Handle isFirstRun { Settings::firstRun, true }; - QString preloadedVal = BuildInfo::PRELOADED_SCRIPT_WHITELIST; + QString preloadedVal = BuildInfo::PRELOADED_SCRIPT_ALLOWLIST; if (settingsSafeValues.isEmpty() && !preloadedVal.isEmpty() && isFirstRun.get()) { - // We assume that the whitelist should be enabled if a preloaded whitelist is attached, so we activate it if it's not already active. - if (!whitelistEnabled.get()) { - whitelistEnabled.set(true); + // We assume that the allowlist should be enabled if a preloaded allowlist is attached, so we activate it if it's not already active. + if (!allowlistEnabled.get()) { + allowlistEnabled.set(true); } - Setting::Handle(SCRIPT_WHITELIST_ENTRIES_KEY).set(preloadedVal); + Setting::Handle(SCRIPT_ALLOWLIST_ENTRIES_KEY).set(preloadedVal); } _initialized = true; diff --git a/libraries/script-engine/src/ScriptGatekeeper.h b/libraries/script-engine/src/ScriptGatekeeper.h index 9f70900c9e..ed6b1ea2b6 100644 --- a/libraries/script-engine/src/ScriptGatekeeper.h +++ b/libraries/script-engine/src/ScriptGatekeeper.h @@ -17,14 +17,14 @@ #include -/// Manages script whitelisting in a domain +/// Manages script allowlisting in a domain class ScriptGatekeeper : public QObject { Q_OBJECT public: void initialize(); - QString SCRIPT_WHITELIST_ENABLED_KEY{ "private/whitelistEnabled" }; - QString SCRIPT_WHITELIST_ENTRIES_KEY{ "private/settingsSafeURLS" }; + QString SCRIPT_ALLOWLIST_ENABLED_KEY{ "private/allowlistEnabled" }; + QString SCRIPT_ALLOWLIST_ENTRIES_KEY{ "private/settingsSafeURLS" }; private: bool _initialized { false }; diff --git a/libraries/script-engine/src/ScriptManager.cpp b/libraries/script-engine/src/ScriptManager.cpp index db61d7144b..23122cc302 100644 --- a/libraries/script-engine/src/ScriptManager.cpp +++ b/libraries/script-engine/src/ScriptManager.cpp @@ -2192,17 +2192,17 @@ void ScriptManager::entityScriptContentAvailable(const EntityItemID& entityID, c exception = testConstructor; } } else { - // ENTITY SCRIPT WHITELIST STARTS HERE + // ENTITY SCRIPT ALLOWLIST STARTS HERE auto nodeList = DependencyManager::get(); bool passList = false; // assume unsafe - QString whitelistPrefix = "[WHITELIST ENTITY SCRIPTS]"; + QString allowlistPrefix = "[ALLOWLIST ENTITY SCRIPTS]"; QList safeURLPrefixes = { "file:///", "atp:", "cache:" }; - safeURLPrefixes += qEnvironmentVariable("EXTRA_WHITELIST").trimmed().split(QRegExp("\\s*,\\s*"), Qt::SkipEmptyParts); + safeURLPrefixes += qEnvironmentVariable("EXTRA_ALLOWLIST").trimmed().split(QRegExp("\\s*,\\s*"), Qt::SkipEmptyParts); - // Entity Script Whitelist toggle check. - Setting::Handle whitelistEnabled {"private/whitelistEnabled", false }; + // Entity Script Allowlist toggle check. + Setting::Handle allowlistEnabled {"private/allowlistEnabled", false }; - if (!whitelistEnabled.get()) { + if (!allowlistEnabled.get()) { passList = true; } @@ -2212,39 +2212,39 @@ void ScriptManager::entityScriptContentAvailable(const EntityItemID& entityID, c safeURLPrefixes += settingsSafeURLS; // END Pull SAFEURLS from the Interface.JSON settings. - // Get current domain whitelist bypass, in case an entire domain is whitelisted. + // Get current domain allowlist bypass, in case an entire domain is allowlisted. QString currentDomain = DependencyManager::get()->getDomainURL().host(); QString domainSafeIP = nodeList->getDomainHandler().getHostname(); QString domainSafeURL = URL_SCHEME_OVERTE + "://" + currentDomain; for (const auto& str : safeURLPrefixes) { if (domainSafeURL.startsWith(str) || domainSafeIP.startsWith(str)) { - qCDebug(scriptengine) << whitelistPrefix << "Whitelist Bypassed, entire domain is whitelisted. Current Domain Host: " + qCDebug(scriptengine) << allowlistPrefix << "Allowlist Bypassed, entire domain is allowlisted. Current Domain Host: " << nodeList->getDomainHandler().getHostname() << "Current Domain: " << currentDomain; passList = true; } } - // END bypass whitelist based on current domain. + // END bypass allowlist based on current domain. - // Start processing scripts through the whitelist. - if (ScriptManager::getContext() == "entity_server") { // If running on the server, do not engage whitelist. + // Start processing scripts through the allowlist. + if (ScriptManager::getContext() == "entity_server") { // If running on the server, do not engage allowlist. passList = true; - } else if (!passList) { // If waved through, do not engage whitelist. + } else if (!passList) { // If waved through, do not engage allowlist. for (const auto& str : safeURLPrefixes) { - qCDebug(scriptengine) << whitelistPrefix << "Script URL: " << scriptOrURL << "TESTING AGAINST" << str << "RESULTS IN" + qCDebug(scriptengine) << allowlistPrefix << "Script URL: " << scriptOrURL << "TESTING AGAINST" << str << "RESULTS IN" << scriptOrURL.startsWith(str); if (!str.isEmpty() && scriptOrURL.startsWith(str)) { passList = true; - qCDebug(scriptengine) << whitelistPrefix << "Script approved."; + qCDebug(scriptengine) << allowlistPrefix << "Script approved."; break; // Bail early since we found a match. } } } - // END processing of scripts through the whitelist. + // END processing of scripts through the allowlist. if (!passList) { // If the entity failed to pass for any reason, it's blocked and an error is thrown. - qCDebug(scriptengine) << whitelistPrefix << "(disabled entity script)" << entityID.toString() << scriptOrURL; + qCDebug(scriptengine) << allowlistPrefix << "(disabled entity script)" << entityID.toString() << scriptOrURL; exception = _engine->makeError(_engine->newValue("UNSAFE_ENTITY_SCRIPTS == 0")); } else { QTimer timeout; @@ -2267,7 +2267,7 @@ void ScriptManager::entityScriptContentAvailable(const EntityItemID& entityID, c exception = testConstructor; } } - // ENTITY SCRIPT WHITELIST ENDS HERE, uncomment below for original full disabling. + // ENTITY SCRIPT ALLOWLIST ENDS HERE, uncomment below for original full disabling. // qCDebug(scriptengine) << "(disabled entity script)" << entityID.toString() << scriptOrURL; // exception = makeError("UNSAFE_ENTITY_SCRIPTS == 0"); @@ -2303,17 +2303,17 @@ void ScriptManager::entityScriptContentAvailable(const EntityItemID& entityID, c return; // done processing script }*/ - // ENTITY SCRIPT WHITELIST STARTS HERE + // ENTITY SCRIPT ALLOWLIST STARTS HERE auto nodeList = DependencyManager::get(); bool passList = false; // assume unsafe - QString whitelistPrefix = "[WHITELIST ENTITY SCRIPTS]"; + QString allowlistPrefix = "[ALLOWLIST ENTITY SCRIPTS]"; QList safeURLPrefixes = { "file:///", "atp:", "cache:" }; - safeURLPrefixes += qEnvironmentVariable("EXTRA_WHITELIST").trimmed().split(QRegExp("\\s*,\\s*"), Qt::SkipEmptyParts); + safeURLPrefixes += qEnvironmentVariable("EXTRA_ALLOWLIST").trimmed().split(QRegExp("\\s*,\\s*"), Qt::SkipEmptyParts); - // Entity Script Whitelist toggle check. - Setting::Handle whitelistEnabled {"private/whitelistEnabled", false }; + // Entity Script Allowlist toggle check. + Setting::Handle allowlistEnabled {"private/allowlistEnabled", false }; - if (!whitelistEnabled.get()) { + if (!allowlistEnabled.get()) { passList = true; } @@ -2323,40 +2323,40 @@ void ScriptManager::entityScriptContentAvailable(const EntityItemID& entityID, c safeURLPrefixes += settingsSafeURLS; // END Pull SAFEURLS from the Interface.JSON settings. - // Get current domain whitelist bypass, in case an entire domain is whitelisted. + // Get current domain allowlist bypass, in case an entire domain is allowlisted. QString currentDomain = DependencyManager::get()->getDomainURL().host(); QString domainSafeIP = nodeList->getDomainHandler().getHostname(); QString domainSafeURL = URL_SCHEME_OVERTE + "://" + currentDomain; for (const auto& str : safeURLPrefixes) { if (domainSafeURL.startsWith(str) || domainSafeIP.startsWith(str)) { - qCDebug(scriptengine) << whitelistPrefix << "Whitelist Bypassed, entire domain is whitelisted. Current Domain Host: " + qCDebug(scriptengine) << allowlistPrefix << "Allowlist Bypassed, entire domain is allowlisted. Current Domain Host: " << nodeList->getDomainHandler().getHostname() << "Current Domain: " << currentDomain; passList = true; } } - // END bypass whitelist based on current domain. + // END bypass allowlist based on current domain. - // Start processing scripts through the whitelist. - if (ScriptManager::getContext() == "entity_server") { // If running on the server, do not engage whitelist. + // Start processing scripts through the allowlist. + if (ScriptManager::getContext() == "entity_server") { // If running on the server, do not engage allowlist. passList = true; - } else if (!passList) { // If waved through, do not engage whitelist. + } else if (!passList) { // If waved through, do not engage allowlist. for (const auto& str : safeURLPrefixes) { - qCDebug(scriptengine) << whitelistPrefix << "Script URL: " << scriptOrURL << "TESTING AGAINST" << str << "RESULTS IN" + qCDebug(scriptengine) << allowlistPrefix << "Script URL: " << scriptOrURL << "TESTING AGAINST" << str << "RESULTS IN" << scriptOrURL.startsWith(str); if (!str.isEmpty() && scriptOrURL.startsWith(str)) { passList = true; - qCDebug(scriptengine) << whitelistPrefix << "Script approved."; + qCDebug(scriptengine) << allowlistPrefix << "Script approved."; break; // Bail early since we found a match. } } } - // END processing of scripts through the whitelist. + // END processing of scripts through the allowlist. ScriptValue exception; if (!passList) { // If the entity failed to pass for any reason, it's blocked and an error is thrown. - qCDebug(scriptengine) << whitelistPrefix << "(disabled entity script)" << entityID.toString() << scriptOrURL; + qCDebug(scriptengine) << allowlistPrefix << "(disabled entity script)" << entityID.toString() << scriptOrURL; exception = _engine->makeError(_engine->newValue("UNSAFE_ENTITY_SCRIPTS == 0")); } @@ -2369,7 +2369,7 @@ void ScriptManager::entityScriptContentAvailable(const EntityItemID& entityID, c emit unhandledException(scriptRuntimeException); return; } - // ENTITY SCRIPT WHITELIST ENDS HERE, uncomment below for original full disabling. + // ENTITY SCRIPT ALLOWLIST ENDS HERE, uncomment below for original full disabling. // qCDebug(scriptengine) << "(disabled entity script)" << entityID.toString() << scriptOrURL; // exception = makeError("UNSAFE_ENTITY_SCRIPTS == 0"); diff --git a/libraries/shared/src/SharedUtil.cpp b/libraries/shared/src/SharedUtil.cpp index de350cd8ce..045f0a68c8 100644 --- a/libraries/shared/src/SharedUtil.cpp +++ b/libraries/shared/src/SharedUtil.cpp @@ -854,11 +854,11 @@ void printSystemInformation() { qCDebug(shared) << "Environment Variables"; // List of env variables to include in the log. For privacy reasons we don't send all env variables. - const QStringList envWhitelist = { + const QStringList envAllowlist = { "QTWEBENGINE_REMOTE_DEBUGGING" }; auto envVariables = QProcessEnvironment::systemEnvironment(); - for (auto& env : envWhitelist) + for (auto& env : envAllowlist) { qCDebug(shared).noquote().nospace() << "\t" << (envVariables.contains(env) ? " = " + envVariables.value(env) : " NOT FOUND"); diff --git a/libraries/shared/src/WarningsSuppression.h b/libraries/shared/src/WarningsSuppression.h index a8459ac2e6..e2435055a4 100644 --- a/libraries/shared/src/WarningsSuppression.h +++ b/libraries/shared/src/WarningsSuppression.h @@ -19,7 +19,7 @@ */ -#ifdef OVERTE_WARNINGS_WHITELIST_GCC +#ifdef OVERTE_WARNINGS_ALLOWLIST_GCC #define OVERTE_IGNORE_DEPRECATED_BEGIN \ _Pragma("GCC diagnostic push") \ @@ -27,7 +27,7 @@ #define OVERTE_IGNORE_DEPRECATED_END _Pragma("GCC diagnostic pop") -#elif OVERTE_WARNINGS_WHITELIST_CLANG +#elif OVERTE_WARNINGS_ALLOWLIST_CLANG #define OVERTE_IGNORE_DEPRECATED_BEGIN \ _Pragma("clang diagnostic push") \ @@ -35,7 +35,7 @@ #define OVERTE_IGNORE_DEPRECATED_END _Pragma("clang diagnostic pop") -#elif OVERTE_WARNINGS_WHITELIST_MSVC +#elif OVERTE_WARNINGS_ALLOWLIST_MSVC #define OVERTE_IGNORE_DEPRECATED_BEGIN \ _Pragma("warning(push)") \ diff --git a/libraries/ui/src/ui/OffscreenQmlSurface.cpp b/libraries/ui/src/ui/OffscreenQmlSurface.cpp index 88c7329a4f..8afcb80c45 100644 --- a/libraries/ui/src/ui/OffscreenQmlSurface.cpp +++ b/libraries/ui/src/ui/OffscreenQmlSurface.cpp @@ -63,11 +63,11 @@ namespace hifi { namespace qml { namespace offscreen { -class OffscreenQmlWhitelist : public Dependency, private ReadWriteLockable { +class OffscreenQmlAllowlist : public Dependency, private ReadWriteLockable { SINGLETON_DEPENDENCY public: - void addWhitelistContextHandler(const std::initializer_list& urls, const QmlContextCallback& callback) { + void addAllowlistContextHandler(const std::initializer_list& urls, const QmlContextCallback& callback) { withWriteLock([&] { for (auto url : urls) { if (url.isRelative()) { @@ -93,11 +93,11 @@ private: QHash> _callbacks; }; -QSharedPointer getQmlWhitelist() { +QSharedPointer getQmlAllowlist() { static std::once_flag once; - std::call_once(once, [&] { DependencyManager::set(); }); + std::call_once(once, [&] { DependencyManager::set(); }); - return DependencyManager::get(); + return DependencyManager::get(); } // Class to handle changing QML audio output device using another thread @@ -292,9 +292,9 @@ void OffscreenQmlSurface::initializeEngine(QQmlEngine* engine) { engine->setObjectOwnership(tablet, QQmlEngine::CppOwnership); } -void OffscreenQmlSurface::addWhitelistContextHandler(const std::initializer_list& urls, +void OffscreenQmlSurface::addAllowlistContextHandler(const std::initializer_list& urls, const QmlContextCallback& callback) { - getQmlWhitelist()->addWhitelistContextHandler(urls, callback); + getQmlAllowlist()->addAllowlistContextHandler(urls, callback); } void OffscreenQmlSurface::onRootContextCreated(QQmlContext* qmlContext) { @@ -319,17 +319,17 @@ void OffscreenQmlSurface::onRootContextCreated(QQmlContext* qmlContext) { #endif } -void OffscreenQmlSurface::applyWhiteList(const QUrl& url, QQmlContext* context) { - QList callbacks = getQmlWhitelist()->getCallbacksForUrl(url); +void OffscreenQmlSurface::applyAllowList(const QUrl& url, QQmlContext* context) { + QList callbacks = getQmlAllowlist()->getCallbacksForUrl(url); for(const auto& callback : callbacks){ callback(context); } } QQmlContext* OffscreenQmlSurface::contextForUrl(const QUrl& qmlSource, QQuickItem* parent, bool forceNewContext) { - // Get any whitelist functionality - QList callbacks = getQmlWhitelist()->getCallbacksForUrl(qmlSource); - // If we have whitelisted content, we must load a new context + // Get any allowlist functionality + QList callbacks = getQmlAllowlist()->getCallbacksForUrl(qmlSource); + // If we have allowlisted content, we must load a new context forceNewContext |= !callbacks.empty(); QQmlContext* targetContext = Parent::contextForUrl(qmlSource, parent, forceNewContext); diff --git a/libraries/ui/src/ui/OffscreenQmlSurface.h b/libraries/ui/src/ui/OffscreenQmlSurface.h index 6b0971bb8a..07358dcf38 100644 --- a/libraries/ui/src/ui/OffscreenQmlSurface.h +++ b/libraries/ui/src/ui/OffscreenQmlSurface.h @@ -28,9 +28,9 @@ class OffscreenQmlSurface : public hifi::qml::OffscreenSurface { public: ~OffscreenQmlSurface(); - static void addWhitelistContextHandler(const std::initializer_list& urls, const QmlContextCallback& callback); - static void addWhitelistContextHandler(const QUrl& url, const QmlContextCallback& callback) { addWhitelistContextHandler({ { url } }, callback); }; - static void applyWhiteList(const QUrl& url,QQmlContext* context); + static void addAllowlistContextHandler(const std::initializer_list& urls, const QmlContextCallback& callback); + static void addAllowlistContextHandler(const QUrl& url, const QmlContextCallback& callback) { addAllowlistContextHandler({ { url } }, callback); }; + static void applyAllowList(const QUrl& url,QQmlContext* context); bool isFocusText() const { return _focusText; } bool getCleaned() { return _isCleaned; } diff --git a/libraries/ui/src/ui/types/RequestFilters.cpp b/libraries/ui/src/ui/types/RequestFilters.cpp index ceac3d00e8..601cf56d6c 100644 --- a/libraries/ui/src/ui/types/RequestFilters.cpp +++ b/libraries/ui/src/ui/types/RequestFilters.cpp @@ -54,7 +54,7 @@ namespace { return false; } - // We can potentially add whitelisting logic or development environment variables that + // We can potentially add allowlisting logic or development environment variables that // will allow people to override this setting on a per-client basis here. QString targetFilePath = QFileInfo(requestUrl.toLocalFile()).canonicalFilePath();