Mirrors/overte
3
0
Fork 0
mirror of https://github.com/overte-org/overte.git synced 2025-08-10 13:07:04 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #65 from kasenvr/fix/whitelist-server

Browse source 
Whitelist Quality of Life Updates
This commit is contained in:
kasenvr 2020-01-09 17:55:45 -05:00 committed by GitHub
commit 5fdd563bfa
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 46 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

66
libraries/script-engine/src/ScriptEngine.cpp
View file

@ -85,9 +85,9 @@
#include "MIDIEvent.h" #include "MIDIEvent.h"
#include "SettingHandle.h" #include "SettingHandle.h"
// #include "SettingManager.h" #include <AddressManager.h>
// #include "SettingInterface.h" #include <NetworkingConstants.h>
// #include "SettingHelpers.h"
const QString ScriptEngine::_SETTINGS_ENABLE_EXTENDED_EXCEPTIONS { const QString ScriptEngine::_SETTINGS_ENABLE_EXTENDED_EXCEPTIONS {
"com.highfidelity.experimental.enableExtendedJSExceptions" "com.highfidelity.experimental.enableExtendedJSExceptions"
@ -2361,32 +2361,58 @@ void ScriptEngine::entityScriptContentAvailable(const EntityItemID& entityID, co
} else if (testConstructor.isError()) { } else if (testConstructor.isError()) {
exception = testConstructor; exception = testConstructor;
} }
} } else {
else { // ENTITY SCRIPT WHITELIST STARTS HERE
// ENTITY SCRIPT WHITELIST STARTS HERE auto nodeList = DependencyManager::get<NodeList>();
bool passList = false; // assume unsafe
QString whitelistPrefix = "[WHITELIST ENTITY SCRIPTS]"; QString whitelistPrefix = "[WHITELIST ENTITY SCRIPTS]";
QList<QString> safeURLS = { "" }; QList<QString> safeURLPrefixes = { "file:///", "atp:", "cache:" };
safeURLS += qEnvironmentVariable("EXTRA_WHITELIST").trimmed().split(QRegExp("\\s*,\\s*"), QString::SkipEmptyParts); safeURLPrefixes += qEnvironmentVariable("EXTRA_WHITELIST").trimmed().split(QRegExp("\\s*,\\s*"), QString::SkipEmptyParts);
// PULL SAFEURLS FROM INTERFACE.JSON Settings // IF WHITELIST IS DISABLED IN SETTINGS
bool whitelistEnabled = Setting::Handle<bool>("private/whitelistEnabled", true).get();
if (!whitelistEnabled) {
passList = true;
}
// PULL SAFEURLS FROM INTERFACE.JSON Settings
QVariant raw = Setting::Handle<QVariant>("private/settingsSafeURLS").get(); QVariant raw = Setting::Handle<QVariant>("private/settingsSafeURLS").get();
QStringList settingsSafeURLS = raw.toString().trimmed().split(QRegExp("\\s*[,\r\n]+\\s*"), QString::SkipEmptyParts); QStringList settingsSafeURLS = raw.toString().trimmed().split(QRegExp("\\s*[,\r\n]+\\s*"), QString::SkipEmptyParts);
safeURLS += settingsSafeURLS; safeURLPrefixes += settingsSafeURLS;
// END PULL SAFEURLS FROM INTERFACE.JSON Settings // END PULL SAFEURLS FROM INTERFACE.JSON Settings
bool isInWhitelist = false; // assume unsafe // GET CURRENT DOMAIN WHITELIST BYPASS, IN CASE AN ENTIRE DOMAIN IS WHITELISTED
for (const auto& str : safeURLS) { QString currentDomain = DependencyManager::get<AddressManager>()->getDomainURL().host();
qCDebug(scriptengine) << whitelistPrefix << "Script URL: " << scriptOrURL << "TESTING AGAINST" << str << "RESULTS IN"
<< scriptOrURL.startsWith(str); QString domainSafeIP = nodeList->getDomainHandler().getHostname();
if (!str.isEmpty() && scriptOrURL.startsWith(str)) { QString domainSafeURL = URL_SCHEME_HIFI + "://" + currentDomain;
isInWhitelist = true; for (const auto& str : safeURLPrefixes) {
qCDebug(scriptengine) << whitelistPrefix << "Script approved."; if (domainSafeURL.startsWith(str) || domainSafeIP.startsWith(str)) {
break; // bail early since we found a match qCDebug(scriptengine) << whitelistPrefix << "Whitelist Bypassed. Current Domain Host: "
<< nodeList->getDomainHandler().getHostname()
<< "Current Domain: " << currentDomain;
passList = true;
} }
} }
if (!isInWhitelist) { // END CURRENT DOMAIN WHITELIST BYPASS
// START CHECKING AGAINST THE WHITELIST
if (ScriptEngine::getContext() == "entity_server") { // If running on the server, do not engage whitelist.
passList = true;
} else if (!passList) { // If waved through, do not engage whitelist.
for (const auto& str : safeURLPrefixes) {
qCDebug(scriptengine) << whitelistPrefix << "Script URL: " << scriptOrURL << "TESTING AGAINST" << str << "RESULTS IN"
<< scriptOrURL.startsWith(str);
if (!str.isEmpty() && scriptOrURL.startsWith(str)) {
passList = true;
qCDebug(scriptengine) << whitelistPrefix << "Script approved.";
break; // bail early since we found a match
}
}
}
// END CHECKING AGAINST THE WHITELIST
if (!passList) { // If the entity failed to pass for any reason, it's blocked and an error is thrown.
qCDebug(scriptengine) << whitelistPrefix << "(disabled entity script)" << entityID.toString() << scriptOrURL; qCDebug(scriptengine) << whitelistPrefix << "(disabled entity script)" << entityID.toString() << scriptOrURL;
exception = makeError("UNSAFE_ENTITY_SCRIPTS == 0"); exception = makeError("UNSAFE_ENTITY_SCRIPTS == 0");
} else { } else {