Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mods(Safe I/O): Only allow creating files with whitelisted filetypes #682

Merged
merged 11 commits into from
Nov 22, 2024
Merged

mods(Safe I/O): Only allow creating files with whitelisted filetypes #682

merged 11 commits into from
Nov 22, 2024

Conversation

GeckoEidechse
Copy link
Member

@GeckoEidechse GeckoEidechse commented Mar 22, 2024
edited
Loading

Only allow creating files with whitelisted filetypes to prevent writing .bat or .vb files with Safe I/O that could then be called using some exploit (e.g. #674), we should prevent writing file types that by default are interpreted as executable.

Whitelisting was chosen over blacklisting as we can always extend the list and don't have to worry about potentially forgetting to blacklist a certain filetype.

Of course this doesn't prevent writing a bash script to a .txt file and then somehow getting Windows to interpret it as a batch file.

Reading files is not restricted to filetypes as we are primarily concerned with creating files here.

Supersedes #675

Completely untested atm.

Testing instructions:

  1. Use the following mod: GeckoEidechse.Safe-IO-Testing.zip
  2. Go into private match and start a match
  3. Enable cheats (sv_cheats 1)
  4. Open console and run 
    script GeckoSaveFile()
  5. Go to <profile folder>\save_data\GeckoEidechse.Safe-IO-Testing\
  6. Check that only test1.txt exists but no test2.bat or test3.

@GeckoEidechse
Copy link
Member Author

I wrote this on a system that is unable to compile Northstar and without having written C++ for like more than half a year, would be surprised if it even compiles xD

@Alystrasz
Copy link
Contributor

@ASpoonPlaysGames is also working on that (#675), are you aware of that? 😄

@ASpoonPlaysGames
Copy link
Contributor

@ASpoonPlaysGames is also working on that (#675), are you aware of that? 😄

ngl that PR is kinda dead, i've just not had the time to do much lately. Honestly this PR might be preferable to mine.

@Alystrasz
Copy link
Contributor

@GeckoEidechse you created the branch on the main repo so we cannot update it 😢

@GeckoEidechse GeckoEidechse mentioned this pull request Aug 22, 2024
Closed
barnabwhy
barnabwhy suggested changes Aug 23, 2024
View reviewed changes
primedev/mods/modsavefiles.cpp Outdated Show resolved Hide resolved
primedev/mods/modsavefiles.cpp Outdated Show resolved Hide resolved
@barnabwhy
Copy link
Contributor

This isn't directly related to the PR but I noticed while reviewing that the code immediately below directly locks and unlocks the mutex, but ideally it should be using std::lock_guard at the start of the try catch block so that we don't need to explcitly unlock on every scope exit.

RoyalBlue1
RoyalBlue1 approved these changes Nov 20, 2024
View reviewed changes
Copy link
Contributor

@RoyalBlue1 RoyalBlue1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good I didn't test though.
If we plan on staying C++20 using !whitelist.contains(extention) might be more readable than whitelist.find(extention) == whitelist.end() but that is up to preference and shouldn't be blocking really

@GeckoEidechse GeckoEidechse added needs testing Changes from the PR still need to be tested almost ready to merge Apart from any small remaining other issues addressed by other labels, this would be ready to merge labels Nov 20, 2024
@GeckoEidechse
Copy link
Member Author

mfw when 3 people reviewed the PR and no one noticed that the return statements are missing in the check :clueless:

Alystrasz
Alystrasz approved these changes Nov 20, 2024
View reviewed changes
Copy link
Contributor

@Alystrasz Alystrasz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good, test mod works as expected:

image

@GeckoEidechse GeckoEidechse added READY TO MERGE This mergeable right now and removed needs testing Changes from the PR still need to be tested almost ready to merge Apart from any small remaining other issues addressed by other labels, this would be ready to merge labels Nov 20, 2024
@GeckoEidechse GeckoEidechse changed the title [Safe I/O] Only allow creating files with whitelisted filetypes mods(Safe I/O): Only allow creating files with whitelisted filetypes Nov 20, 2024
@GeckoEidechse GeckoEidechse merged commit db40260 into main Nov 22, 2024
8 checks passed
@GeckoEidechse GeckoEidechse deleted the feat/whitelist-safeio-file-extensions branch November 22, 2024 14:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catornot catornot catornot left review comments

@barnabwhy barnabwhy barnabwhy requested changes

@Alystrasz Alystrasz Alystrasz approved these changes

@RoyalBlue1 RoyalBlue1 RoyalBlue1 approved these changes

Assignees
No one assigned
Labels
READY TO MERGE This mergeable right now
Projects
Northstar Roadmap
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@GeckoEidechse @Alystrasz @ASpoonPlaysGames @barnabwhy @RoyalBlue1 @catornot