cyberpresidentvanellope/CHOMPStation2
1
0
Fork 0
mirror of https://github.com/CHOMPStation2/CHOMPStation2.git synced 2025-12-11 18:53:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Port's /vg/'s RCE prevention.

Browse Source
This commit is contained in:
Neerti
2018-03-09 00:32:16 -05:00
parent a3228cd0c5
commit 0a2bf1eb42
2 changed files with 24 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
code/modules/ext_scripts/irc.dm
View File

@@ -1,7 +1,7 @@
/proc/send2irc(var/channel, var/msg) /proc/send2irc(var/channel, var/msg)
if (config.use_irc_bot) if (config.use_irc_bot)
if (config.use_node_bot) if (config.use_node_bot)
shell("node bridge.js -h \"[config.irc_bot_host]\" -p \"[config.irc_bot_port]\" -c \"[channel]\" -m \"[msg]\"") shell("node bridge.js -h \"[config.irc_bot_host]\" -p \"[config.irc_bot_port]\" -c \"[channel]\" -m \"[escape_shell_arg(msg)]\"")
else else
if (config.irc_bot_host) if (config.irc_bot_host)
if(config.irc_bot_export) if(config.irc_bot_export)
@@ -16,10 +16,10 @@
nudge_lib = "lib/nudge.so" nudge_lib = "lib/nudge.so"
spawn(0) spawn(0)
call(nudge_lib, "nudge")("[config.comms_password]","[config.irc_bot_host]","[channel]","[msg]") call(nudge_lib, "nudge")("[config.comms_password]","[config.irc_bot_host]","[channel]","[escape_shell_arg(msg)]")
else else
spawn(0) spawn(0)
ext_python("ircbot_message.py", "[config.comms_password] [config.irc_bot_host] [channel] [msg]") ext_python("ircbot_message.py", "[config.comms_password] [config.irc_bot_host] [channel] [escape_shell_arg(msg)]")
return return
/proc/send2mainirc(var/msg) /proc/send2mainirc(var/msg)

24
code/modules/ext_scripts/python.dm
View File

@@ -1,9 +1,27 @@
// Ported from /vg/.
/proc/escape_shell_arg(var/arg)
// RCE prevention
// - Encloses arg in single quotes
// - Escapes single quotes
// Also escapes %, ! on windows
if(world.system_type == MS_WINDOWS)
arg = replacetext(arg, "^", "^^") // Escape char
arg = replacetext(arg, "%", "%%") // %PATH% -> %%PATH%%
arg = replacetext(arg, "!", "^!") // !PATH!, delayed variable expansion on Windows
arg = replacetext(arg, "\"", "^\"")
arg = "\"[arg]\""
else
arg = replacetext(arg, "\\", "\\\\'") // Escape char
arg = replacetext(arg, "'", "\\'") // No breaking out of the single quotes.
arg = "'[arg]'"
return arg
/proc/ext_python(var/script, var/args, var/scriptsprefix = 1) /proc/ext_python(var/script, var/args, var/scriptsprefix = 1)
if(scriptsprefix) script = "scripts/" + script if(scriptsprefix)
script = "scripts/" + script
if(world.system_type == MS_WINDOWS) if(world.system_type == MS_WINDOWS)
script = replacetext(script, "/", "\\") script = replacetext(script, "/", "\\")
var/command = config.python_path + " " + script + " " + args var/command = config.python_path + " " + script + " " + args
return shell(command)
return shell(command)