diff --git a/server/src/core/idobject.cpp b/server/src/core/idobject.cpp index b7fe6316..c0b389e4 100644 --- a/server/src/core/idobject.cpp +++ b/server/src/core/idobject.cpp @@ -1,7 +1,7 @@ /** - * Traintastic + * server/src/core/idobject.cpp * - * Copyright (C) 2019-2022 Reinder Feenstra + * Copyright (C) 2019-2023 Reinder Feenstra * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -22,6 +22,7 @@ #include "../traintastic/traintastic.hpp" #include "../world/getworld.hpp" #include "attributes.hpp" +#include "isvalidobjectid.hpp" #include "../utils/displayname.hpp" IdObject::IdObject(World& world, std::string_view _id) : @@ -33,6 +34,8 @@ IdObject::IdObject(World& world, std::string_view _id) : }, [this](std::string& value) { + if(!isValidObjectId(value)) + throw invalid_value_error(); auto& m = m_world.m_objects; if(m.find(value) != m.end()) return false; diff --git a/server/src/core/isvalidobjectid.cpp b/server/src/core/isvalidobjectid.cpp new file mode 100644 index 00000000..77539b7d --- /dev/null +++ b/server/src/core/isvalidobjectid.cpp @@ -0,0 +1,30 @@ +/** + * server/src/core/isvalidobjectid.cpp + * + * This file is part of the traintastic source code. + * + * Copyright (C) 2023 Reinder Feenstra + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ + +#include "isvalidobjectid.hpp" +#include + +bool isValidObjectId(std::string_view id) +{ + static const std::regex re{"[a-z][a-z0-9_]*", }; + return std::regex_match(id.begin(), id.end(), re); +} diff --git a/server/src/core/isvalidobjectid.hpp b/server/src/core/isvalidobjectid.hpp new file mode 100644 index 00000000..b588adb1 --- /dev/null +++ b/server/src/core/isvalidobjectid.hpp @@ -0,0 +1,30 @@ +/** + * server/src/core/isvalidobjectid.hpp + * + * This file is part of the traintastic source code. + * + * Copyright (C) 2023 Reinder Feenstra + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ + +#ifndef TRAINTASTIC_SERVER_CORE_ISVALIDOBJECTID_HPP +#define TRAINTASTIC_SERVER_CORE_ISVALIDOBJECTID_HPP + +#include + +bool isValidObjectId(std::string_view id); + +#endif diff --git a/server/src/world/worldloader.cpp b/server/src/world/worldloader.cpp index 060294d5..8d21a1a8 100644 --- a/server/src/world/worldloader.cpp +++ b/server/src/world/worldloader.cpp @@ -3,7 +3,7 @@ * * This file is part of the traintastic source code. * - * Copyright (C) 2019-2022 Reinder Feenstra + * Copyright (C) 2019-2023 Reinder Feenstra * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -26,6 +26,7 @@ #include #include #include "world.hpp" +#include "../core/isvalidobjectid.hpp" #include "../utils/startswith.hpp" #include "../utils/stripsuffix.hpp" #include "ctwreader.hpp" @@ -167,7 +168,12 @@ void WorldLoader::load() for(json object : data["objects"]) { if(auto it = object.find("id"); it != object.end()) - m_objects.insert({it.value().get(), {object, nullptr, false}}); + { + auto id = it.value().get(); + if(!isValidObjectId(id)) + throw std::runtime_error("invalid object id value"); + m_objects.insert({std::move(id), {object, nullptr, false}}); + } else throw std::runtime_error("id missing"); }