From a796cb9185b4775cca3d26cca9008399b320ec38 Mon Sep 17 00:00:00 2001 From: Slendy Date: Sat, 18 Feb 2023 07:15:39 -0600 Subject: [PATCH] Add basic checks to grief reporting --- .../Controllers/ReportController.cs | 9 +++++++++ ProjectLighthouse/Database/DatabaseUserUtils.cs | 6 +++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/ProjectLighthouse.Servers.GameServer/Controllers/ReportController.cs b/ProjectLighthouse.Servers.GameServer/Controllers/ReportController.cs index 6a066e51..d5904f57 100644 --- a/ProjectLighthouse.Servers.GameServer/Controllers/ReportController.cs +++ b/ProjectLighthouse.Servers.GameServer/Controllers/ReportController.cs @@ -3,6 +3,7 @@ using System.Text.Json; using LBPUnion.ProjectLighthouse.Configuration; using LBPUnion.ProjectLighthouse.Database; using LBPUnion.ProjectLighthouse.Extensions; +using LBPUnion.ProjectLighthouse.Files; using LBPUnion.ProjectLighthouse.Helpers; using LBPUnion.ProjectLighthouse.Types.Entities.Moderation; using LBPUnion.ProjectLighthouse.Types.Entities.Token; @@ -37,6 +38,14 @@ public class ReportController : ControllerBase SanitizationHelper.SanitizeStringsInClass(report); + if (string.IsNullOrWhiteSpace(report.JpegHash)) return this.BadRequest(); + + if (!FileHelper.ResourceExists(report.JpegHash)) return this.BadRequest(); + + if (report.XmlPlayers.Length > 4) return this.BadRequest(); + + if (report.XmlPlayers.Any(p => !this.database.IsUsernameValid(p.Name))) return this.BadRequest(); + report.Bounds = JsonSerializer.Serialize(report.XmlBounds.Rect, typeof(Rectangle)); report.Players = JsonSerializer.Serialize(report.XmlPlayers, typeof(ReportPlayer[])); report.Timestamp = TimeHelper.TimestampMillis; diff --git a/ProjectLighthouse/Database/DatabaseUserUtils.cs b/ProjectLighthouse/Database/DatabaseUserUtils.cs index f9478a6d..206b9379 100644 --- a/ProjectLighthouse/Database/DatabaseUserUtils.cs +++ b/ProjectLighthouse/Database/DatabaseUserUtils.cs @@ -21,6 +21,8 @@ public partial class DatabaseContext [GeneratedRegex("^[a-zA-Z0-9_.-]{3,16}$")] private static partial Regex UsernameRegex(); + public bool IsUsernameValid(string username) => UsernameRegex().IsMatch(username); + #nullable enable public async Task CreateUser(string username, string password, string? emailAddress = null) { @@ -31,9 +33,7 @@ public partial class DatabaseContext { if (username.Length is > 16 or < 3) throw new ArgumentException(nameof(username) + " is either too long or too short"); - Regex regex = UsernameRegex(); - - if (!regex.IsMatch(username)) throw new ArgumentException(nameof(username) + " does not match the username regex"); + if (!this.IsUsernameValid(username)) throw new ArgumentException(nameof(username) + " does not match the username regex"); } User? user = await this.Users.Where(u => u.Username == username).FirstOrDefaultAsync();