From 3ed98d0f3e3a4529e7f779b368888682f6580ea2 Mon Sep 17 00:00:00 2001
From: Kalila L <somnilibertas@gmail.com>
Date: Mon, 8 Mar 2021 02:00:34 -0500
Subject: [PATCH] Add "ScriptGatekeeper" class and "PRELOADED_SCRIPT_WHITELIST"
 variable.

---
 BUILD.md                                      |  3 ++
 cmake/macros/SetPackagingParameters.cmake     |  3 ++
 cmake/templates/BuildInfo.h.in                |  1 +
 libraries/networking/src/AddressManager.cpp   |  1 +
 libraries/script-engine/src/ScriptEngine.h    |  1 -
 libraries/script-engine/src/ScriptEngines.cpp |  2 +
 libraries/script-engine/src/ScriptEngines.h   |  3 ++
 .../script-engine/src/ScriptGatekeeper.cpp    | 41 +++++++++++++++++++
 .../script-engine/src/ScriptGatekeeper.h      | 29 +++++++++++++
 9 files changed, 83 insertions(+), 1 deletion(-)
 create mode 100644 libraries/script-engine/src/ScriptGatekeeper.cpp
 create mode 100644 libraries/script-engine/src/ScriptGatekeeper.h

diff --git a/BUILD.md b/BUILD.md
index 0e1a54f406..f1b93556dc 100644
--- a/BUILD.md
+++ b/BUILD.md
@@ -86,6 +86,9 @@ Where `/path/to/directory` is the path to a directory where you wish the build f
     
     // The Interface will have a custom default home and startup location.
     INITIAL_STARTUP_LOCATION=Location/IP/URL
+    // The Interface will have a custom default script whitelist, comma separated, no spaces.
+    // This will also activate the whitelist on Interface's first run.
+    PRELOADED_SCRIPT_WHITELIST=ListOfEntries
     
     // Code-signing environment variables must be set during runtime of CMake AND globally when the signing takes place.
     HF_PFX_FILE=Path to certificate
diff --git a/cmake/macros/SetPackagingParameters.cmake b/cmake/macros/SetPackagingParameters.cmake
index 9311594938..4c453cdfc0 100644
--- a/cmake/macros/SetPackagingParameters.cmake
+++ b/cmake/macros/SetPackagingParameters.cmake
@@ -25,7 +25,10 @@ macro(SET_PACKAGING_PARAMETERS)
   set_from_env(RELEASE_NUMBER RELEASE_NUMBER "")
   set_from_env(RELEASE_NAME RELEASE_NAME "")
   set_from_env(STABLE_BUILD STABLE_BUILD 0)
+
   set_from_env(INITIAL_STARTUP_LOCATION INITIAL_STARTUP_LOCATION "")
+  set_from_env(PRELOADED_SCRIPT_WHITELIST PRELOADED_SCRIPT_WHITELIST "")
+  
   set_from_env(BYPASS_SIGNING BYPASS_SIGNING 0)
 
   message(STATUS "The RELEASE_TYPE variable is: ${RELEASE_TYPE}")
diff --git a/cmake/templates/BuildInfo.h.in b/cmake/templates/BuildInfo.h.in
index 7f3a63d4b4..42a7eddb6c 100644
--- a/cmake/templates/BuildInfo.h.in
+++ b/cmake/templates/BuildInfo.h.in
@@ -30,6 +30,7 @@ namespace BuildInfo {
     const QString BUILD_GLOBAL_SERVICES = "@BUILD_GLOBAL_SERVICES@";
     const QString BUILD_TIME = "@BUILD_TIME@";
     const QString INITIAL_STARTUP_LOCATION = "@INITIAL_STARTUP_LOCATION@";
+    const QString PRELOADED_SCRIPT_WHITELIST = "@PRELOADED_SCRIPT_WHITELIST@";
 
     enum BuildType {
         Dev,
diff --git a/libraries/networking/src/AddressManager.cpp b/libraries/networking/src/AddressManager.cpp
index 94bcb718d3..ffa5a34118 100644
--- a/libraries/networking/src/AddressManager.cpp
+++ b/libraries/networking/src/AddressManager.cpp
@@ -4,6 +4,7 @@
 //
 //  Created by Stephen Birarda on 2014-09-10.
 //  Copyright 2014 High Fidelity, Inc.
+//  Copyright 2020 Vircadia contributors.
 //
 //  Distributed under the Apache License, Version 2.0.
 //  See the accompanying file LICENSE or http://www.apache.org/licenses/LICENSE-2.0.html
diff --git a/libraries/script-engine/src/ScriptEngine.h b/libraries/script-engine/src/ScriptEngine.h
index 1d85de4d94..a19e63a665 100644
--- a/libraries/script-engine/src/ScriptEngine.h
+++ b/libraries/script-engine/src/ScriptEngine.h
@@ -174,7 +174,6 @@ public:
 
     QString getFilename() const;
 
-
     QList<EntityItemID> getListOfEntityScriptIDs();
 
     /**jsdoc
diff --git a/libraries/script-engine/src/ScriptEngines.cpp b/libraries/script-engine/src/ScriptEngines.cpp
index 381d931620..d091e6e4b5 100644
--- a/libraries/script-engine/src/ScriptEngines.cpp
+++ b/libraries/script-engine/src/ScriptEngines.cpp
@@ -68,6 +68,8 @@ void ScriptEngines::onErrorLoadingScript(const QString& url) {
 ScriptEngines::ScriptEngines(ScriptEngine::Context context, const QUrl& defaultScriptsOverride)
     : _context(context), _defaultScriptsOverride(defaultScriptsOverride)
 {
+    scriptGatekeeper.initialize();
+    
     _scriptsModelFilter.setSourceModel(&_scriptsModel);
     _scriptsModelFilter.sort(0, Qt::AscendingOrder);
     _scriptsModelFilter.setDynamicSortFilter(true);
diff --git a/libraries/script-engine/src/ScriptEngines.h b/libraries/script-engine/src/ScriptEngines.h
index df736e101d..8c897f70fd 100644
--- a/libraries/script-engine/src/ScriptEngines.h
+++ b/libraries/script-engine/src/ScriptEngines.h
@@ -24,6 +24,7 @@
 #include "ScriptEngine.h"
 #include "ScriptsModel.h"
 #include "ScriptsModelFilter.h"
+#include "ScriptGatekeeper.h"
 
 class ScriptEngine;
 
@@ -176,6 +177,8 @@ public:
     bool isStopped() const { return _isStopped; }
 
     void addScriptEngine(ScriptEnginePointer);
+    
+    ScriptGatekeeper scriptGatekeeper;
 
 signals:
 
diff --git a/libraries/script-engine/src/ScriptGatekeeper.cpp b/libraries/script-engine/src/ScriptGatekeeper.cpp
new file mode 100644
index 0000000000..d69e8c9561
--- /dev/null
+++ b/libraries/script-engine/src/ScriptGatekeeper.cpp
@@ -0,0 +1,41 @@
+//
+//  ScriptGatekeeper.cpp
+//  libraries/script-engine/src
+//
+//  Created by Kalila L. on Mar 7 2021
+//  Copyright 2021 Vircadia contributors.
+//
+//  Distributed under the Apache License, Version 2.0.
+//  See the accompanying file LICENSE or http://www.apache.org/licenses/LICENSE-2.0.html
+//
+
+#include "ScriptGatekeeper.h"
+
+#include "BuildInfo.h"
+#include "SettingHandle.h"
+
+void ScriptGatekeeper::initialize() {
+    if (_initialized == true) {
+        return;
+    }
+
+    QVariant rawCurrentWhitelistValues = Setting::Handle<QVariant>(SCRIPT_WHITELIST_ENTRIES_KEY).get();
+    QString settingsSafeValues = rawCurrentWhitelistValues.toString();
+
+    Setting::Handle<bool> whitelistEnabled{ SCRIPT_WHITELIST_ENABLED_KEY, false };
+    Setting::Handle<bool> isFirstRun { Settings::firstRun, true };
+
+    QString preloadedVal = BuildInfo::PRELOADED_SCRIPT_WHITELIST;
+
+    if (settingsSafeValues.isEmpty() && !preloadedVal.isEmpty() && isFirstRun.get()) {
+        // We assume that the whitelist should be enabled if a preloaded whitelist is attached, so we activate it if it's not already active.
+        qDebug() << "hi" << !whitelistEnabled.get() << whitelistEnabled.get();
+        if (!whitelistEnabled.get()) {
+            whitelistEnabled.set(true);
+        }
+
+        Setting::Handle<QVariant>(SCRIPT_WHITELIST_ENTRIES_KEY).set(preloadedVal);
+    }
+    
+    _initialized = true;
+}
diff --git a/libraries/script-engine/src/ScriptGatekeeper.h b/libraries/script-engine/src/ScriptGatekeeper.h
new file mode 100644
index 0000000000..a73ef5995a
--- /dev/null
+++ b/libraries/script-engine/src/ScriptGatekeeper.h
@@ -0,0 +1,29 @@
+//
+//  ScriptGatekeeper.h
+//  libraries/script-engine/src
+//
+//  Created by Kalila L. on Mar 7 2021
+//  Copyright 2021 Vircadia contributors.
+//
+//  Distributed under the Apache License, Version 2.0.
+//  See the accompanying file LICENSE or http://www.apache.org/licenses/LICENSE-2.0.html
+//
+
+#ifndef vircadia_ScriptGatekeeper_h
+#define vircadia_ScriptGatekeeper_h
+
+#include <QtCore/QObject>
+
+class ScriptGatekeeper : public QObject {
+    Q_OBJECT
+public:
+    void initialize();
+
+    QString SCRIPT_WHITELIST_ENABLED_KEY{ "private/whitelistEnabled" };
+    QString SCRIPT_WHITELIST_ENTRIES_KEY{ "private/settingsSafeURLS" };
+
+private:
+    bool _initialized{ false };
+};
+
+#endif // vircadia_ScriptGatekeeper_h