duckietm/Arcturus-Morningstar-Extended
1
0
Fork 0
mirror of https://github.com/duckietm/Arcturus-Morningstar-Extended.git synced 2026-06-20 07:26:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(housekeeping): enforce target rank ceiling

Browse Source
This commit is contained in:
simoleo89
2026-06-14 14:09:10 +02:00
parent 87e1ef94f7
commit 9ac50600f6
13 changed files with 124 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Emulator/src/test/java/com/eu/habbo/messages/incoming/housekeeping/HousekeepingTargetRankGuardContractTest.java
+46
View File
@@ -0,0 +1,46 @@
package com.eu.habbo.messages.incoming.housekeeping;
import org.junit.jupiter.api.Test;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.List;
import static org.junit.jupiter.api.Assertions.assertTrue;
class HousekeepingTargetRankGuardContractTest {
private static final List<String> RANK_GUARDED_HANDLERS = List.of(
"HousekeepingBanUserEvent.java",
"HousekeepingForceDisconnectUserEvent.java",
"HousekeepingGiveCreditsEvent.java",
"HousekeepingGiveCurrencyEvent.java",
"HousekeepingGrantItemEvent.java",
"HousekeepingKickUserEvent.java",
"HousekeepingMuteUserEvent.java",
"HousekeepingResetUserPasswordEvent.java",
"HousekeepingSetHcSubscriptionEvent.java",
"HousekeepingTradeLockUserEvent.java",
"HousekeepingUnbanUserEvent.java"
);
@Test
void privilegedUserActionsRejectPeerAndHigherRankTargets() throws Exception {
String guard = Files.readString(Path.of("src/main/java/com/eu/habbo/messages/incoming/housekeeping/HousekeepingTargetRankGuard.java"));
assertTrue(guard.contains("targetInfo.getRank().getId() < operator.getHabboInfo().getRank().getId()"),
"Housekeeping user actions must only target lower-ranked users");
}
@Test
void sensitiveHousekeepingUserActionsUseRankGuard() throws Exception {
Path base = Path.of("src/main/java/com/eu/habbo/messages/incoming/housekeeping");
for (String handler : RANK_GUARDED_HANDLERS) {
String source = Files.readString(base.resolve(handler));
assertTrue(source.contains("HousekeepingTargetRankGuard.canTargetUser(this.client.getHabbo(), userId)"),
handler + " must reject equal or higher-ranked targets before applying privileged user actions");
assertTrue(source.contains("housekeeping.error.rank_too_high"),
handler + " must return a rank-ceiling error when the target cannot be managed");
}
}
}