From 4f4328e1634b3b26ee18cb66926d4e3a1128b1fb Mon Sep 17 00:00:00 2001 From: biglyderv Date: Mon, 25 Nov 2024 14:14:20 -0500 Subject: [PATCH] sanitize packets --- game.js | 1 + index.js | 13 +++++++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/game.js b/game.js index 9d94afe..26bb087 100644 --- a/game.js +++ b/game.js @@ -19,6 +19,7 @@ class Game extends GameBasic { for (let entity of entities) { entity.pos = { x: Math.round(entity.pos.x), y: Math.round(entity.pos.y) }; entity.vel = { x: Math.round(entity.vel.x), y: Math.round(entity.vel.y) }; + entity.camera = entity.camera ? { x: Math.round(entity.camera.x), y: Math.round(entity.camera.y) } : false; let props = entity.serverProps; let basic = props.map(prop => entity[prop]); diff --git a/index.js b/index.js index 7d1bffb..34b25db 100644 --- a/index.js +++ b/index.js @@ -38,11 +38,20 @@ app.ws('/', function (ws, req) { let newEnt = game.entities[playerI]; - let {you} = newEnt; + let { you } = newEnt; let props = player.legalProps; for (let i in props) { + let prop = data[i]; + let typed = (typeof prop); + let keys = Object.keys(prop); + + let isC = (typed === 'object' && keys[0] == 'x' && keys[1] == 'y' && keys.length == 2 && typeof prop.x == 'number' && typeof prop.y == 'number'); + if (typed !== 'string' && typed !== 'number' && typed !== 'boolean' && typed !== 'undefined' && !isC) { + console.warn(`Player ${you} attempted to send an invalid packet ${props[i]}`) + continue; + } newEnt[props[i]] = data[i]; } @@ -51,7 +60,7 @@ app.ws('/', function (ws, req) { if (you != you2) { console.log(`Player ${you} now identifies as ${you2}`); } - + if (newEnt.ref) { console.log(`Player ${you2} discovered this game from ${newEnt.ref}`); newEnt.ref = undefined;