Merge pull request #179 from simoleo89/fix/rooms-self-moderation-scope

fix(rooms): scope room actions and bound rights removal

Emulator/src/test/java/com/eu/habbo/messages/incoming/polls/PollRoomScopeContractTest.java

@@ -0,0 +1,33 @@
+package com.eu.habbo.messages.incoming.polls;
+
+import org.junit.jupiter.api.Test;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+class PollRoomScopeContractTest {
+    @Test
+    void pollHandlersRequireMatchingCurrentRoomPoll() throws Exception {
+        assertRequiresMatchingRoomPoll("AnswerPollEvent.java");
+        assertRequiresMatchingRoomPoll("CancelPollEvent.java");
+        assertRequiresMatchingRoomPoll("GetPollDataEvent.java");
+    }
+
+    private void assertRequiresMatchingRoomPoll(String fileName) throws Exception {
+        String source = Files.readString(Path.of("src/main/java/com/eu/habbo/messages/incoming/polls/" + fileName));
+        int packetPollId = source.indexOf("int pollId = this.packet.readInt();");
+        int pollLookup = source.indexOf("getPoll(pollId)");
+
+        assertTrue(packetPollId >= 0, fileName + " must read the poll id from the packet");
+        assertTrue(pollLookup >= 0, fileName + " must look up the requested poll explicitly");
+
+        String guardedSection = source.substring(packetPollId, pollLookup);
+
+        assertTrue(guardedSection.contains("getCurrentRoom()"),
+                fileName + " must bind poll actions to the caller's current room");
+        assertTrue(guardedSection.contains("room == null || room.getPollId() != pollId"),
+                fileName + " must reject poll ids that are not active in the current room");
+    }
+}

Emulator/src/test/java/com/eu/habbo/messages/incoming/rooms/users/RoomModerationScopeContractTest.java

@@ -0,0 +1,24 @@
+package com.eu.habbo.messages.incoming.rooms.users;
+
+import org.junit.jupiter.api.Test;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+class RoomModerationScopeContractTest {
+    @Test
+    void roomUserBanAndMuteAreScopedToCurrentRoom() throws Exception {
+        Path base = Path.of("src/main/java/com/eu/habbo/messages/incoming/rooms/users");
+
+        for (String handler : new String[]{"RoomUserBanEvent.java", "RoomUserMuteEvent.java", "UnbanRoomUserEvent.java"}) {
+            String source = Files.readString(base.resolve(handler));
+
+            assertTrue(source.contains("getCurrentRoom()"),
+                    handler + " must authorize room moderation against the user's current room");
+            assertTrue(source.contains("room.getId() != roomId"),
+                    handler + " must reject client-supplied room ids that do not match the current room");
+        }
+    }
+}

Emulator/src/test/java/com/eu/habbo/messages/incoming/rooms/users/RoomUserRemoveRightsContractTest.java

@@ -0,0 +1,32 @@
+package com.eu.habbo.messages.incoming.rooms.users;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+import org.junit.jupiter.api.Test;
+
+class RoomUserRemoveRightsContractTest {
+    private static final Path SOURCE = Path.of(
+            "src/main/java/com/eu/habbo/messages/incoming/rooms/users/RoomUserRemoveRightsEvent.java");
+
+    @Test
+    void removeRightsBatchIsBoundedAndRequiresCompletePayload() throws IOException {
+        String source = Files.readString(SOURCE);
+
+        assertTrue(source.contains("private static final int MAX_RIGHTS_REMOVALS = 100;"));
+        assertTrue(source.contains("PacketGuard.isCountInRange(amount, 1, MAX_RIGHTS_REMOVALS)"));
+        assertTrue(source.contains("PacketGuard.hasFixedWidthEntries(this.packet, amount, BYTES_PER_USER_ID)"));
+
+        int guardIndex = source.indexOf("PacketGuard.isCountInRange(amount, 1, MAX_RIGHTS_REMOVALS)");
+        int payloadIndex = source.indexOf("PacketGuard.hasFixedWidthEntries(this.packet, amount, BYTES_PER_USER_ID)");
+        int readIndex = source.indexOf("int userId = this.packet.readInt();");
+        int removeIndex = source.indexOf("room.removeRights(userId);");
+
+        assertTrue(guardIndex < readIndex, "batch size should be validated before reading user ids");
+        assertTrue(payloadIndex < readIndex, "payload length should be validated before reading user ids");
+        assertTrue(readIndex < removeIndex, "rights should only be removed after reading a validated user id");
+    }
+}