From f88ffcf0c3441f27bfddb9490b2b946df7394658 Mon Sep 17 00:00:00 2001 From: Stefan Zermatten Date: Sun, 24 Jul 2022 14:17:39 +0200 Subject: [PATCH] Hardened archive upload slightly --- .../methods/restoreCreatureFromFile.js | 4 +++ .../archive/methods/verifyArchiveSafety.js | 28 +++++++++++++++++++ app/imports/api/creature/log/CreatureLogs.js | 2 +- .../v1Migration/migrateCharacter.js | 12 -------- 4 files changed, 33 insertions(+), 13 deletions(-) create mode 100644 app/imports/api/creature/archive/methods/verifyArchiveSafety.js delete mode 100644 app/imports/migrations/v1Migration/migrateCharacter.js diff --git a/app/imports/api/creature/archive/methods/restoreCreatureFromFile.js b/app/imports/api/creature/archive/methods/restoreCreatureFromFile.js index 1c0feff9..9479b0c7 100644 --- a/app/imports/api/creature/archive/methods/restoreCreatureFromFile.js +++ b/app/imports/api/creature/archive/methods/restoreCreatureFromFile.js @@ -10,6 +10,7 @@ import { removeCreatureWork } from '/imports/api/creature/creatures/methods/remo import ArchiveCreatureFiles from '/imports/api/creature/archive/ArchiveCreatureFiles.js'; import assertHasCharactersSlots from '/imports/api/creature/creatures/methods/assertHasCharacterSlots.js'; import { incrementFileStorageUsed } from '/imports/api/users/methods/updateFileStorageUsed.js'; +import verifyArchiveSafety from '/imports/api/creature/archive/methods/verifyArchiveSafety.js'; let migrateArchive; if (Meteor.isServer){ @@ -25,6 +26,9 @@ function restoreCreature(archive, userId){ // Migrate and verify the archive meets the current schema migrateArchive(archive); + // Asset that the archive is safe + verifyArchiveSafety(archive); + // Don't upload creatures twice const existingCreature = Creatures.findOne(archive.creature._id, { fields: { _id: 1 } diff --git a/app/imports/api/creature/archive/methods/verifyArchiveSafety.js b/app/imports/api/creature/archive/methods/verifyArchiveSafety.js new file mode 100644 index 00000000..734b2582 --- /dev/null +++ b/app/imports/api/creature/archive/methods/verifyArchiveSafety.js @@ -0,0 +1,28 @@ +import { slice } from 'lodash'; +import PER_CREATURE_LOG_LIMIT from '/imports/api/creature/log/CreatureLogs.js'; + +export default function verifyArchiveSafety({ meta, creature, properties, experiences, logs }){ + const creatureId = creature._id; + + // Check lengths of arrays + if (logs.length > PER_CREATURE_LOG_LIMIT) { + logs = slice(logs, 0, PER_CREATURE_LOG_LIMIT); + } + + // Check that everything belongs to the right creature + logs.forEach(log => { + if (log.creatureId !== creatureId) { + throw new Meteor.Error('Malicious log', 'Log contains an entry for the wrong creature'); + } + }); + experiences.forEach(experience => { + if (experience.creatureId !== creatureId) { + throw new Meteor.Error('Malicious experience', 'Experiences contains an entry for the wrong creature'); + } + }); + properties.forEach(prop => { + if (prop.ancestors[0].id !== creatureId) { + throw new Meteor.Error('Malicious prop', 'Properties contains an entry for the wrong creature'); + } + }); +} diff --git a/app/imports/api/creature/log/CreatureLogs.js b/app/imports/api/creature/log/CreatureLogs.js index 1ba50c1d..de7777b7 100644 --- a/app/imports/api/creature/log/CreatureLogs.js +++ b/app/imports/api/creature/log/CreatureLogs.js @@ -211,4 +211,4 @@ const logRoll = new ValidatedMethod({ }); export default CreatureLogs; -export { CreatureLogSchema, insertCreatureLog, logRoll}; +export { CreatureLogSchema, insertCreatureLog, logRoll, PER_CREATURE_LOG_LIMIT}; diff --git a/app/imports/migrations/v1Migration/migrateCharacter.js b/app/imports/migrations/v1Migration/migrateCharacter.js deleted file mode 100644 index f4246d19..00000000 --- a/app/imports/migrations/v1Migration/migrateCharacter.js +++ /dev/null @@ -1,12 +0,0 @@ -import { fetch } from 'meteor/fetch' - -export default function importCharacter(url){ - // Using v1's JSON API to fetch the character data in a usable format - // url -> https://dicecloud.com/character//json?key= - fetch(url) - .then(response => response.json()) - .then(data => { - let character = data.characters[0]; - console.log(character.name + ' fetched successfuly') - }); -}