Union/ProjectLighthouse
1
0
Fork 0
mirror of https://github.com/LBPUnion/ProjectLighthouse.git synced 2025-07-15 01:31:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add checks for resource strings (#930)

Browse source 
* Add checks for resource strings

* Don't use resource regex against png files
This commit is contained in:
Josh 2023-10-24 17:14:52 -05:00 committed by GitHub
parent 153bd75e26
commit 58664a2c7e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 53 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

8
ProjectLighthouse.Servers.GameServer/Controllers/Resources/PhotosController.cs
View file

@ -3,6 +3,7 @@ using Discord;
using LBPUnion.ProjectLighthouse.Configuration;
using LBPUnion.ProjectLighthouse.Database;
using LBPUnion.ProjectLighthouse.Extensions;
using LBPUnion.ProjectLighthouse.Files;
using LBPUnion.ProjectLighthouse.Helpers;
using LBPUnion.ProjectLighthouse.Logging;
using LBPUnion.ProjectLighthouse.Types.Entities.Level;
@ -42,6 +43,13 @@ public class PhotosController : ControllerBase
GamePhoto? photo = await this.DeserializeBody<GamePhoto>();
if (photo == null) return this.BadRequest();
string[] photoHashes =
{
photo.LargeHash, photo.MediumHash, photo.SmallHash, photo.PlanHash,
};
if (photoHashes.Any(hash => !FileHelper.ResourceExists(hash))) return this.BadRequest();
foreach (PhotoEntity p in this.database.Photos.Where(p => p.CreatorId == token.UserId))
{
if (p.LargeHash == photo.LargeHash) return this.Ok(); // photo already uploaded

1
ProjectLighthouse.Servers.GameServer/Controllers/Resources/ResourcesController.cs
View file

@ -49,7 +49,6 @@ public class ResourcesController : ControllerBase
return this.NotFound();
}
// TODO: check if this is a valid hash
[HttpPost("upload/{hash}/unattributed")]
[HttpPost("upload/{hash}")]
public async Task<IActionResult> UploadResource(string hash)

7
ProjectLighthouse.Servers.GameServer/Controllers/UserController.cs
View file

@ -83,12 +83,9 @@ public class UserController : ControllerBase
// ReSharper disable once LoopCanBeConvertedToQuery
foreach (string? resource in new[]{update.IconHash, update.YayHash, update.MehHash, update.BooHash, update.PlanetHash,})
{
if (resource == "0") continue;
if (string.IsNullOrWhiteSpace(resource)) continue;
if (resource != null && !resource.StartsWith('g') && !FileHelper.ResourceExists(resource))
{
return this.BadRequest();
}
if (!FileHelper.ResourceExists(resource)) return this.BadRequest();
}
if (update.IconHash != null) user.IconHash = update.IconHash;

3
ProjectLighthouse.Servers.Website/Controllers/Admin/AdminUserController.cs
View file

@ -8,7 +8,6 @@ using LBPUnion.ProjectLighthouse.Types.Moderation.Cases;
using LBPUnion.ProjectLighthouse.Types.Users;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using IOFile = System.IO.File;
namespace LBPUnion.ProjectLighthouse.Servers.Website.Controllers.Admin;
@ -68,7 +67,7 @@ public class AdminUserController : ControllerBase
// And finally, attempt to remove the resource from the filesystem. We don't want that taking up space.
try
{
IOFile.Delete(FileHelper.GetResourcePath(hash));
FileHelper.DeleteResource(hash);
Logger.Success($"Deleted planet resource {hash}",
LogArea.Admin);
}

33
ProjectLighthouse.Tests/Unit/ResourceTests.cs
View file

@ -10,6 +10,39 @@ namespace LBPUnion.ProjectLighthouse.Tests.Unit;
[Trait("Category", "Unit")]
public class ResourceTests
{
[Fact]
public void IsResourceValid_ReturnsTrue_ForValidResource()
{
string[] resources = {
"g123456", "g123", "98f54143ab4e86b28c3afee0f50f2f51cfb2ed38", "0ebe53fc820a544798000188d39bfda94f53fe37"
};
Assert.Multiple(() =>
{
foreach (string resource in resources)
{
Assert.True(FileHelper.IsResourceValid(resource));
}
});
}
[Fact]
public void IsResourceValid_ReturnsFalse_ForInvalidResource()
{
string[] resources =
{
"G0234", "g123456789012334567", "b28c3afee0f50f2f51cfb2ed38", "../Test",
};
Assert.Multiple(() =>
{
foreach (string resource in resources)
{
Assert.False(FileHelper.IsResourceValid(resource));
}
});
}
[Fact]
public void ShouldNotDeleteResourceFolder()
{

8
ProjectLighthouse/Files/FileHelper.cs
View file

@ -2,6 +2,7 @@
using System;
using System.IO;
using System.Linq;
using System.Text.RegularExpressions;
using LBPUnion.ProjectLighthouse.Configuration;
using LBPUnion.ProjectLighthouse.Types.Resources;
@ -9,6 +10,9 @@ namespace LBPUnion.ProjectLighthouse.Files;
public static partial class FileHelper
{
[GeneratedRegex("^(g[0-9]{3,16}|[a-z0-9]{40})$")]
private static partial Regex ResourceRegex();
public static readonly string ResourcePath = Path.Combine(Environment.CurrentDirectory, "r");
public static readonly string FullResourcePath = Path.GetFullPath(ResourcePath);
@ -21,6 +25,8 @@ public static partial class FileHelper
public static string GetImagePath(string hash) => Path.Combine(ImagePath, hash);
public static bool IsResourceValid(string hash) => ResourceRegex().IsMatch(hash);
public static bool IsFileSafe(LbpFile file)
{
if (!ServerConfiguration.Instance.CheckForUnsafeFiles) return true;
@ -52,7 +58,7 @@ public static partial class FileHelper
};
}
public static bool ResourceExists(string hash) => File.Exists(GetResourcePath(hash));
public static bool ResourceExists(string hash) => ResourceRegex().IsMatch(hash) && File.Exists(GetResourcePath(hash));
public static bool ImageExists(string hash) => File.Exists(GetImagePath(hash));
public static void DeleteResource(string hash)

3
ProjectLighthouse/Types/Resources/LbpFile.cs
View file

@ -30,7 +30,8 @@ public class LbpFile
public static LbpFile? FromHash(string? hash)
{
if (hash == null) return null;
if (hash == null || !FileHelper.IsResourceValid(hash)) return null;
string path = FileHelper.GetResourcePath(hash);
if (!File.Exists(path)) return null;