duckietm/Arcturus-Morningstar-Extended
1
0
Fork 0
mirror of https://github.com/duckietm/Arcturus-Morningstar-Extended.git synced 2026-06-20 15:36:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(modtool): bound staff supplied messages

Browse Source
This commit is contained in:
simoleo89
2026-06-15 19:54:34 +02:00
parent 36a06647f0
commit 8ba9132e7e
11 changed files with 115 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolAlertEvent.java
+9 -2
View File
@@ -11,10 +11,17 @@ public class ModToolAlertEvent extends MessageHandler {
@Override @Override
public void handle() throws Exception { public void handle() throws Exception {
if (this.client.getHabbo().hasPermission(Permission.ACC_SUPPORTTOOL)) { if (this.client.getHabbo().hasPermission(Permission.ACC_SUPPORTTOOL)) {
Habbo alertedUser = Emulator.getGameEnvironment().getHabboManager().getHabbo(this.packet.readInt()); int userId = this.packet.readInt();
String message = ModToolInputGuard.normalize(this.packet.readString());
if (!ModToolInputGuard.isSafeMessage(message)) {
return;
}
Habbo alertedUser = Emulator.getGameEnvironment().getHabboManager().getHabbo(userId);
if (alertedUser != null) if (alertedUser != null)
Emulator.getGameEnvironment().getModToolManager().alert(this.client.getHabbo(), alertedUser, this.packet.readString(), SupportUserAlertedReason.ALERT); Emulator.getGameEnvironment().getModToolManager().alert(this.client.getHabbo(), alertedUser, message, SupportUserAlertedReason.ALERT);
} else { } else {
ScripterManager.scripterDetected(this.client, Emulator.getTexts().getValue("scripter.warning.modtools.kick").replace("%username%", this.client.getHabbo().getHabboInfo().getUsername())); ScripterManager.scripterDetected(this.client, Emulator.getTexts().getValue("scripter.warning.modtools.kick").replace("%username%", this.client.getHabbo().getHabboInfo().getUsername()));
} }
Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolInputGuard.java
+16
View File
@@ -0,0 +1,16 @@
package com.eu.habbo.messages.incoming.modtool;
final class ModToolInputGuard {
static final int MAX_MESSAGE_LENGTH = 1000;
private ModToolInputGuard() {
}
static String normalize(String value) {
return value == null ? "" : value.trim();
}
static boolean isSafeMessage(String value) {
return value != null && !value.isEmpty() && value.length() <= MAX_MESSAGE_LENGTH;
}
}
Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolKickEvent.java
+8 -1
View File
@@ -18,6 +18,13 @@ public class ModToolKickEvent extends MessageHandler {
return; return;
} }
Emulator.getGameEnvironment().getModToolManager().kick(this.client.getHabbo(), Emulator.getGameEnvironment().getHabboManager().getHabbo(this.packet.readInt()), this.packet.readString()); int userId = this.packet.readInt();
String message = ModToolInputGuard.normalize(this.packet.readString());
if (!ModToolInputGuard.isSafeMessage(message)) {
return;
}
Emulator.getGameEnvironment().getModToolManager().kick(this.client.getHabbo(), Emulator.getGameEnvironment().getHabboManager().getHabbo(userId), message);
} }
} }
Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolRoomAlertEvent.java
+6 -1
View File
@@ -11,10 +11,15 @@ public class ModToolRoomAlertEvent extends MessageHandler {
public void handle() throws Exception { public void handle() throws Exception {
if (this.client.getHabbo().hasPermission(Permission.ACC_SUPPORTTOOL)) { if (this.client.getHabbo().hasPermission(Permission.ACC_SUPPORTTOOL)) {
this.packet.readInt(); this.packet.readInt();
String message = ModToolInputGuard.normalize(this.packet.readString());
if (!ModToolInputGuard.isSafeMessage(message)) {
return;
}
Room room = this.client.getHabbo().getHabboInfo().getCurrentRoom(); Room room = this.client.getHabbo().getHabboInfo().getCurrentRoom();
if (room != null) { if (room != null) {
room.alert(this.packet.readString()); room.alert(message);
} }
} else { } else {
ScripterManager.scripterDetected(this.client, Emulator.getTexts().getValue("scripter.warning.roomalert").replace("%username%", this.client.getHabbo().getHabboInfo().getUsername())); ScripterManager.scripterDetected(this.client, Emulator.getTexts().getValue("scripter.warning.roomalert").replace("%username%", this.client.getHabbo().getHabboInfo().getUsername()));
Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolSanctionAlertEvent.java
+5 -1
View File
@@ -21,9 +21,13 @@ public class ModToolSanctionAlertEvent extends MessageHandler {
@Override @Override
public void handle() throws Exception { public void handle() throws Exception {
int userId = this.packet.readInt(); int userId = this.packet.readInt();
String message = this.packet.readString(); String message = ModToolInputGuard.normalize(this.packet.readString());
int cfhTopic = this.packet.readInt(); int cfhTopic = this.packet.readInt();
if (!ModToolInputGuard.isSafeMessage(message)) {
return;
}
if (this.client.getHabbo().hasPermission(Permission.ACC_SUPPORTTOOL)) { if (this.client.getHabbo().hasPermission(Permission.ACC_SUPPORTTOOL)) {
Habbo habbo = Emulator.getGameEnvironment().getHabboManager().getHabbo(userId); Habbo habbo = Emulator.getGameEnvironment().getHabboManager().getHabbo(userId);
Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolSanctionBanEvent.java
+5 -1
View File
@@ -30,13 +30,17 @@ public class ModToolSanctionBanEvent extends MessageHandler {
@Override @Override
public void handle() throws Exception { public void handle() throws Exception {
int userId = this.packet.readInt(); int userId = this.packet.readInt();
String message = this.packet.readString(); String message = ModToolInputGuard.normalize(this.packet.readString());
int cfhTopic = this.packet.readInt(); int cfhTopic = this.packet.readInt();
int banType = this.packet.readInt(); int banType = this.packet.readInt();
this.packet.readBoolean(); this.packet.readBoolean();
int duration = 0; int duration = 0;
if (!ModToolInputGuard.isSafeMessage(message)) {
return;
}
switch (banType) { switch (banType) {
case BAN_18_HOURS: case BAN_18_HOURS:
duration = 18 * 60 * 60; duration = 18 * 60 * 60;
Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolSanctionMuteEvent.java
+5 -1
View File
@@ -23,9 +23,13 @@ public class ModToolSanctionMuteEvent extends MessageHandler {
@Override @Override
public void handle() throws Exception { public void handle() throws Exception {
int userId = this.packet.readInt(); int userId = this.packet.readInt();
String message = this.packet.readString(); String message = ModToolInputGuard.normalize(this.packet.readString());
int cfhTopic = this.packet.readInt(); int cfhTopic = this.packet.readInt();
if (!ModToolInputGuard.isSafeMessage(message)) {
return;
}
if (this.client.getHabbo().hasPermission(Permission.ACC_SUPPORTTOOL)) { if (this.client.getHabbo().hasPermission(Permission.ACC_SUPPORTTOOL)) {
Habbo habbo = Emulator.getGameEnvironment().getHabboManager().getHabbo(userId); Habbo habbo = Emulator.getGameEnvironment().getHabboManager().getHabbo(userId);
Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolSanctionTradeLockEvent.java
+5 -1
View File
@@ -21,10 +21,14 @@ public class ModToolSanctionTradeLockEvent extends MessageHandler {
@Override @Override
public void handle() throws Exception { public void handle() throws Exception {
int userId = this.packet.readInt(); int userId = this.packet.readInt();
String message = this.packet.readString(); String message = ModToolInputGuard.normalize(this.packet.readString());
int duration = this.packet.readInt(); int duration = this.packet.readInt();
int cfhTopic = this.packet.readInt(); int cfhTopic = this.packet.readInt();
if (!ModToolInputGuard.isSafeMessage(message)) {
return;
}
if (this.client.getHabbo().hasPermission(Permission.ACC_SUPPORTTOOL)) { if (this.client.getHabbo().hasPermission(Permission.ACC_SUPPORTTOOL)) {
Habbo habbo = Emulator.getGameEnvironment().getHabboManager().getHabbo(userId); Habbo habbo = Emulator.getGameEnvironment().getHabboManager().getHabbo(userId);
Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolWarnEvent.java
+9 -2
View File
@@ -16,10 +16,17 @@ public class ModToolWarnEvent extends MessageHandler {
@Override @Override
public void handle() throws Exception { public void handle() throws Exception {
if (this.client.getHabbo().hasPermission(Permission.ACC_SUPPORTTOOL)) { if (this.client.getHabbo().hasPermission(Permission.ACC_SUPPORTTOOL)) {
Habbo alertedUser = Emulator.getGameEnvironment().getHabboManager().getHabbo(this.packet.readInt()); int userId = this.packet.readInt();
String message = ModToolInputGuard.normalize(this.packet.readString());
if (!ModToolInputGuard.isSafeMessage(message)) {
return;
}
Habbo alertedUser = Emulator.getGameEnvironment().getHabboManager().getHabbo(userId);
if (alertedUser != null) if (alertedUser != null)
Emulator.getGameEnvironment().getModToolManager().alert(this.client.getHabbo(), alertedUser, this.packet.readString(), SupportUserAlertedReason.CAUTION); Emulator.getGameEnvironment().getModToolManager().alert(this.client.getHabbo(), alertedUser, message, SupportUserAlertedReason.CAUTION);
} else { } else {
ScripterManager.scripterDetected(this.client, Emulator.getTexts().getValue("scripter.warning.modtools.kick").replace("%username%", this.client.getHabbo().getHabboInfo().getUsername())); ScripterManager.scripterDetected(this.client, Emulator.getTexts().getValue("scripter.warning.modtools.kick").replace("%username%", this.client.getHabbo().getHabboInfo().getUsername()));
} }
Emulator/src/test/java/com/eu/habbo/messages/incoming/modtool/ModToolInputGuardTest.java
+23
View File
@@ -0,0 +1,23 @@
package com.eu.habbo.messages.incoming.modtool;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertTrue;
class ModToolInputGuardTest {
@Test
void normalizesNullableMessages() {
assertEquals("", ModToolInputGuard.normalize(null));
assertEquals("warn", ModToolInputGuard.normalize(" warn "));
}
@Test
void staffMessagesMustBeNonEmptyAndBounded() {
assertFalse(ModToolInputGuard.isSafeMessage(null));
assertFalse(ModToolInputGuard.isSafeMessage(""));
assertTrue(ModToolInputGuard.isSafeMessage("a".repeat(ModToolInputGuard.MAX_MESSAGE_LENGTH)));
assertFalse(ModToolInputGuard.isSafeMessage("a".repeat(ModToolInputGuard.MAX_MESSAGE_LENGTH + 1)));
}
}
Emulator/src/test/java/com/eu/habbo/messages/incoming/modtool/ModToolPermissionContractTest.java
+23
View File
@@ -86,4 +86,27 @@ class ModToolPermissionContractTest {
assertTrue(defaultSanction.contains("if (issue == null)"), assertTrue(defaultSanction.contains("if (issue == null)"),
"default sanctions must tolerate stale or missing ticket ids"); "default sanctions must tolerate stale or missing ticket ids");
} }
@Test
void staffSuppliedModToolMessagesAreBounded() throws Exception {
Path base = Path.of("src/main/java/com/eu/habbo/messages/incoming/modtool");
for (String handler : List.of(
"ModToolAlertEvent.java",
"ModToolWarnEvent.java",
"ModToolKickEvent.java",
"ModToolRoomAlertEvent.java",
"ModToolSanctionAlertEvent.java",
"ModToolSanctionBanEvent.java",
"ModToolSanctionMuteEvent.java",
"ModToolSanctionTradeLockEvent.java"
)) {
String source = Files.readString(base.resolve(handler));
assertTrue(source.contains("ModToolInputGuard.normalize"),
handler + " must normalize staff-supplied text before use");
assertTrue(source.contains("ModToolInputGuard.isSafeMessage"),
handler + " must reject empty or oversized staff-supplied text");
}
}
} }