diff --git a/Emulator/src/main/java/com/eu/habbo/habbohotel/items/interactions/wired/conditions/WiredConditionHabboHasEffect.java b/Emulator/src/main/java/com/eu/habbo/habbohotel/items/interactions/wired/conditions/WiredConditionHabboHasEffect.java index e49ceddf..d28eedb3 100644 --- a/Emulator/src/main/java/com/eu/habbo/habbohotel/items/interactions/wired/conditions/WiredConditionHabboHasEffect.java +++ b/Emulator/src/main/java/com/eu/habbo/habbohotel/items/interactions/wired/conditions/WiredConditionHabboHasEffect.java @@ -18,6 +18,7 @@ import java.util.List; public class WiredConditionHabboHasEffect extends InteractionWiredCondition { protected static final int QUANTIFIER_ALL = 0; protected static final int QUANTIFIER_ANY = 1; + protected static final int MAX_EFFECT_ID = 10_000; public static final WiredConditionType type = WiredConditionType.ACTOR_WEARS_EFFECT; @@ -86,6 +87,7 @@ public class WiredConditionHabboHasEffect extends InteractionWiredCondition { @Override public void loadWiredData(ResultSet set, Room room) throws SQLException { + this.onPickUp(); String wiredData = set.getString("wired_data"); if (wiredData == null || wiredData.isEmpty()) { this.onPickUp(); @@ -171,6 +173,14 @@ public class WiredConditionHabboHasEffect extends InteractionWiredCondition { return (value == QUANTIFIER_ANY) ? QUANTIFIER_ANY : QUANTIFIER_ALL; } + protected int normalizeEffectId(int value) { + return Math.max(0, Math.min(MAX_EFFECT_ID, value)); + } + + protected int normalizeUserSource(int value) { + return WiredSourceUtil.isDefaultUserSource(value) ? value : WiredSourceUtil.SOURCE_TRIGGER; + } + static class JsonData { int effectId; int userSource; diff --git a/Emulator/src/main/java/com/eu/habbo/habbohotel/items/interactions/wired/conditions/WiredConditionHabboHasHandItem.java b/Emulator/src/main/java/com/eu/habbo/habbohotel/items/interactions/wired/conditions/WiredConditionHabboHasHandItem.java index c535e271..515db479 100644 --- a/Emulator/src/main/java/com/eu/habbo/habbohotel/items/interactions/wired/conditions/WiredConditionHabboHasHandItem.java +++ b/Emulator/src/main/java/com/eu/habbo/habbohotel/items/interactions/wired/conditions/WiredConditionHabboHasHandItem.java @@ -18,6 +18,7 @@ import java.util.List; public class WiredConditionHabboHasHandItem extends InteractionWiredCondition { protected static final int QUANTIFIER_ALL = 0; protected static final int QUANTIFIER_ANY = 1; + protected static final int MAX_HAND_ITEM_ID = 10_000; public static final WiredConditionType type = WiredConditionType.ACTOR_HAS_HANDITEM; @@ -171,6 +172,10 @@ public class WiredConditionHabboHasHandItem extends InteractionWiredCondition { return (value == QUANTIFIER_ANY) ? QUANTIFIER_ANY : QUANTIFIER_ALL; } + protected int normalizeUserSource(int value) { + return WiredSourceUtil.isDefaultUserSource(value) ? value : WiredSourceUtil.SOURCE_TRIGGER; + } + static class JsonData { int handItemId; int userSource; diff --git a/Emulator/src/main/java/com/eu/habbo/habbohotel/items/interactions/wired/conditions/WiredConditionHabboWearsBadge.java b/Emulator/src/main/java/com/eu/habbo/habbohotel/items/interactions/wired/conditions/WiredConditionHabboWearsBadge.java index 6d01aeaf..40986519 100644 --- a/Emulator/src/main/java/com/eu/habbo/habbohotel/items/interactions/wired/conditions/WiredConditionHabboWearsBadge.java +++ b/Emulator/src/main/java/com/eu/habbo/habbohotel/items/interactions/wired/conditions/WiredConditionHabboWearsBadge.java @@ -20,6 +20,7 @@ import java.util.List; public class WiredConditionHabboWearsBadge extends InteractionWiredCondition { protected static final int QUANTIFIER_ALL = 0; protected static final int QUANTIFIER_ANY = 1; + protected static final int MAX_BADGE_CODE_LENGTH = 64; public static final WiredConditionType type = WiredConditionType.ACTOR_WEARS_BADGE; @@ -37,6 +38,10 @@ public class WiredConditionHabboWearsBadge extends InteractionWiredCondition { @Override public boolean evaluate(WiredContext ctx) { + if (ctx == null || ctx.room() == null) { + return false; + } + Room room = ctx.room(); List targets = WiredSourceUtil.resolveUsers(ctx, this.userSource); if (targets.isEmpty()) return false; @@ -102,6 +107,7 @@ public class WiredConditionHabboWearsBadge extends InteractionWiredCondition { @Override public void loadWiredData(ResultSet set, Room room) throws SQLException { + this.onPickUp(); String wiredData = set.getString("wired_data"); if (wiredData == null) { this.onPickUp(); @@ -181,6 +187,19 @@ public class WiredConditionHabboWearsBadge extends InteractionWiredCondition { return (value == QUANTIFIER_ANY) ? QUANTIFIER_ANY : QUANTIFIER_ALL; } + protected String normalizeBadge(String value) { + if (value == null) { + return ""; + } + + String normalized = value.trim(); + return normalized.length() <= MAX_BADGE_CODE_LENGTH ? normalized : normalized.substring(0, MAX_BADGE_CODE_LENGTH); + } + + protected int normalizeUserSource(int value) { + return WiredSourceUtil.isDefaultUserSource(value) ? value : WiredSourceUtil.SOURCE_TRIGGER; + } + static class JsonData { String badge; int userSource; diff --git a/Emulator/src/test/java/com/eu/habbo/habbohotel/items/interactions/wired/conditions/WiredConditionAvatarPayloadGuardTest.java b/Emulator/src/test/java/com/eu/habbo/habbohotel/items/interactions/wired/conditions/WiredConditionAvatarPayloadGuardTest.java new file mode 100644 index 00000000..58f0050d --- /dev/null +++ b/Emulator/src/test/java/com/eu/habbo/habbohotel/items/interactions/wired/conditions/WiredConditionAvatarPayloadGuardTest.java @@ -0,0 +1,47 @@ +package com.eu.habbo.habbohotel.items.interactions.wired.conditions; + +import com.eu.habbo.habbohotel.wired.core.WiredSourceUtil; +import org.junit.jupiter.api.Test; + +import static org.junit.jupiter.api.Assertions.assertEquals; + +class WiredConditionAvatarPayloadGuardTest { + @Test + void effectIdsSourcesAndQuantifiersAreBounded() { + WiredConditionHabboHasEffect condition = new WiredConditionHabboHasEffect(1, 1, null, "", 0, 0); + + assertEquals(0, condition.normalizeEffectId(-1)); + assertEquals(23, condition.normalizeEffectId(23)); + assertEquals(WiredConditionHabboHasEffect.MAX_EFFECT_ID, condition.normalizeEffectId(Integer.MAX_VALUE)); + assertEquals(WiredSourceUtil.SOURCE_CLICKED_USER, condition.normalizeUserSource(WiredSourceUtil.SOURCE_CLICKED_USER)); + assertEquals(WiredSourceUtil.SOURCE_TRIGGER, condition.normalizeUserSource(777)); + assertEquals(1, condition.normalizeQuantifier(1, 0)); + assertEquals(0, condition.normalizeQuantifier(5, 0)); + } + + @Test + void handItemIdsSourcesAndQuantifiersAreBounded() { + WiredConditionHabboHasHandItem condition = new WiredConditionHabboHasHandItem(1, 1, null, "", 0, 0); + + assertEquals(0, condition.normalizeHandItem(-1)); + assertEquals(9, condition.normalizeHandItem(9)); + assertEquals(WiredConditionHabboHasHandItem.MAX_HAND_ITEM_ID, condition.normalizeHandItem(Integer.MAX_VALUE)); + assertEquals(WiredSourceUtil.SOURCE_SIGNAL, condition.normalizeUserSource(WiredSourceUtil.SOURCE_SIGNAL)); + assertEquals(WiredSourceUtil.SOURCE_TRIGGER, condition.normalizeUserSource(-44)); + assertEquals(1, condition.normalizeQuantifier(1)); + assertEquals(0, condition.normalizeQuantifier(8)); + } + + @Test + void badgeCodesSourcesAndQuantifiersAreBounded() { + WiredConditionHabboWearsBadge condition = new WiredConditionHabboWearsBadge(1, 1, null, "", 0, 0); + + assertEquals("", condition.normalizeBadge(null)); + assertEquals("ADM", condition.normalizeBadge(" ADM ")); + assertEquals(WiredConditionHabboWearsBadge.MAX_BADGE_CODE_LENGTH, condition.normalizeBadge("x".repeat(200)).length()); + assertEquals(WiredSourceUtil.SOURCE_SELECTOR, condition.normalizeUserSource(WiredSourceUtil.SOURCE_SELECTOR)); + assertEquals(WiredSourceUtil.SOURCE_TRIGGER, condition.normalizeUserSource(66)); + assertEquals(1, condition.normalizeQuantifier(1, 0)); + assertEquals(0, condition.normalizeQuantifier(3, 0)); + } +}