Mirrors/overte
3
0
Fork 0
mirror of https://github.com/overte-org/overte.git synced 2025-08-09 17:01:18 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Adds major QOL updates to whitelist

Browse source
This commit is contained in:
Kasen IO 2020-01-07 03:03:08 -05:00
parent 20f5439fa8
commit d87cd01129
1 changed files with 27 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
libraries/script-engine/src/ScriptEngine.cpp
View file

@ -85,9 +85,7 @@
#include "MIDIEvent.h" #include "MIDIEvent.h"
#include "SettingHandle.h" #include "SettingHandle.h"
// #include "SettingManager.h" #include <AddressManager.h>
// #include "SettingInterface.h"
// #include "SettingHelpers.h"
const QString ScriptEngine::_SETTINGS_ENABLE_EXTENDED_EXCEPTIONS { const QString ScriptEngine::_SETTINGS_ENABLE_EXTENDED_EXCEPTIONS {
"com.highfidelity.experimental.enableExtendedJSExceptions" "com.highfidelity.experimental.enableExtendedJSExceptions"
@ -2364,10 +2362,18 @@ void ScriptEngine::entityScriptContentAvailable(const EntityItemID& entityID, co
} }
else { else {
// ENTITY SCRIPT WHITELIST STARTS HERE // ENTITY SCRIPT WHITELIST STARTS HERE
auto nodeList = DependencyManager::get<NodeList>();
bool isInWhitelist = false; // assume unsafe
bool autoPassList = false;
QString whitelistPrefix = "[WHITELIST ENTITY SCRIPTS]"; QString whitelistPrefix = "[WHITELIST ENTITY SCRIPTS]";
QList<QString> safeURLS = { "" }; QList<QString> safeURLS = { "file:///", "atp:", "cache:" };
safeURLS += qEnvironmentVariable("EXTRA_WHITELIST").trimmed().split(QRegExp("\\s*,\\s*"), QString::SkipEmptyParts); safeURLS += qEnvironmentVariable("EXTRA_WHITELIST").trimmed().split(QRegExp("\\s*,\\s*"), QString::SkipEmptyParts);
// IF WHITELIST IS DISABLED IN SETTINGS
bool whitelistEnabled = Setting::Handle<bool>("private/whitelistEnabled", true).get();
if (!whitelistEnabled) {
autoPassList = true;
}
// PULL SAFEURLS FROM INTERFACE.JSON Settings // PULL SAFEURLS FROM INTERFACE.JSON Settings
QVariant raw = Setting::Handle<QVariant>("private/settingsSafeURLS").get(); QVariant raw = Setting::Handle<QVariant>("private/settingsSafeURLS").get();
@ -2376,9 +2382,23 @@ void ScriptEngine::entityScriptContentAvailable(const EntityItemID& entityID, co
// END PULL SAFEURLS FROM INTERFACE.JSON Settings // END PULL SAFEURLS FROM INTERFACE.JSON Settings
bool isInWhitelist = false; // assume unsafe // GET CURRENT DOMAIN WHITELIST BYPASS, IN CASE AN ENTIRE DOMAIN IS WHITELISTED
QString currentDomain = DependencyManager::get<AddressManager>()->getDomainURL().host();
QString domainSafeIP = nodeList->getDomainHandler().getHostname();
QString domainSafeURL = "hifi://" + currentDomain;
for (const auto& str : safeURLS) {
if(domainSafeURL.startsWith(str) || domainSafeIP.startsWith(str)) {
qCDebug(scriptengine) << whitelistPrefix << "Whitelist Bypassed. Current Domain Host: "
<< nodeList->getDomainHandler().getHostname()
<< "Current Domain: " << currentDomain;
isInWhitelist = true;
autoPassList = true;
}
}
// END CURRENT DOMAIN WHITELIST BYPASS
if (ScriptEngine::getContext() == "entity_server") { if (ScriptEngine::getContext() == "entity_server" || autoPassList == true) { // If running on the server or waved through, do not engage whitelist.
isInWhitelist = true; isInWhitelist = true;
} else { } else {
for (const auto& str : safeURLS) { for (const auto& str : safeURLS) {
@ -2392,7 +2412,7 @@ void ScriptEngine::entityScriptContentAvailable(const EntityItemID& entityID, co
} }
} }
if (!isInWhitelist) { if (!isInWhitelist || autoPassList == false) {
qCDebug(scriptengine) << whitelistPrefix << "(disabled entity script)" << entityID.toString() << scriptOrURL; qCDebug(scriptengine) << whitelistPrefix << "(disabled entity script)" << entityID.toString() << scriptOrURL;
exception = makeError("UNSAFE_ENTITY_SCRIPTS == 0"); exception = makeError("UNSAFE_ENTITY_SCRIPTS == 0");
} else { } else {