diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolAlertEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolAlertEvent.java index c2b6820f..75312562 100644 --- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolAlertEvent.java +++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolAlertEvent.java @@ -14,7 +14,7 @@ public class ModToolAlertEvent extends MessageHandler { int userId = this.packet.readInt(); String message = ModToolInputGuard.normalize(this.packet.readString()); - if (!ModToolInputGuard.isSafeMessage(message)) { + if (!ModToolTicketGuard.isPositiveId(userId) || !ModToolInputGuard.isSafeMessage(message)) { return; } diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolChangeRoomSettingsEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolChangeRoomSettingsEvent.java index a84022df..48b8c5f6 100644 --- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolChangeRoomSettingsEvent.java +++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolChangeRoomSettingsEvent.java @@ -10,7 +10,13 @@ public class ModToolChangeRoomSettingsEvent extends MessageHandler { @Override public void handle() throws Exception { if (this.client.getHabbo().hasPermission(Permission.ACC_SUPPORTTOOL)) { - Room room = Emulator.getGameEnvironment().getRoomManager().getRoom(this.packet.readInt()); + int roomId = this.packet.readInt(); + + if (!ModToolTicketGuard.isPositiveId(roomId)) { + return; + } + + Room room = Emulator.getGameEnvironment().getRoomManager().getRoom(roomId); if (room != null) { final boolean lockDoor = this.packet.readInt() == 1; diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolIssueDefaultSanctionEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolIssueDefaultSanctionEvent.java index 2b0789f6..61e6c3ab 100644 --- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolIssueDefaultSanctionEvent.java +++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolIssueDefaultSanctionEvent.java @@ -19,6 +19,10 @@ public class ModToolIssueDefaultSanctionEvent extends MessageHandler { this.packet.readInt(); int category = this.packet.readInt(); + if (!ModToolTicketGuard.isPositiveId(issueId) || !ModToolTicketGuard.isPositiveId(category)) { + return; + } + ModToolIssue issue = Emulator.getGameEnvironment().getModToolManager().getTicket(issueId); if (issue == null) { diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolKickEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolKickEvent.java index da01445a..c5ecb445 100644 --- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolKickEvent.java +++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolKickEvent.java @@ -21,7 +21,7 @@ public class ModToolKickEvent extends MessageHandler { int userId = this.packet.readInt(); String message = ModToolInputGuard.normalize(this.packet.readString()); - if (!ModToolInputGuard.isSafeMessage(message)) { + if (!ModToolTicketGuard.isPositiveId(userId) || !ModToolInputGuard.isSafeMessage(message)) { return; } diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolRequestRoomInfoEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolRequestRoomInfoEvent.java index 5f140550..c6cc5fb6 100644 --- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolRequestRoomInfoEvent.java +++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolRequestRoomInfoEvent.java @@ -13,6 +13,10 @@ public class ModToolRequestRoomInfoEvent extends MessageHandler { if (this.client.getHabbo().hasPermission(Permission.ACC_SUPPORTTOOL)) { int roomId = this.packet.readInt(); + if (!ModToolTicketGuard.isPositiveId(roomId)) { + return; + } + Room room = Emulator.getGameEnvironment().getRoomManager().getRoom(roomId); if (room != null) { diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolRequestRoomVisitsEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolRequestRoomVisitsEvent.java index 57ba6578..b219be44 100644 --- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolRequestRoomVisitsEvent.java +++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolRequestRoomVisitsEvent.java @@ -12,6 +12,10 @@ public class ModToolRequestRoomVisitsEvent extends MessageHandler { if (this.client.getHabbo().hasPermission(Permission.ACC_SUPPORTTOOL)) { int userId = this.packet.readInt(); + if (!ModToolTicketGuard.isPositiveId(userId)) { + return; + } + HabboInfo habboInfo = Emulator.getGameEnvironment().getHabboManager().getHabboInfo(userId); if (habboInfo != null) { diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolSanctionAlertEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolSanctionAlertEvent.java index c37f1f52..835ae6f7 100644 --- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolSanctionAlertEvent.java +++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolSanctionAlertEvent.java @@ -24,7 +24,7 @@ public class ModToolSanctionAlertEvent extends MessageHandler { String message = ModToolInputGuard.normalize(this.packet.readString()); int cfhTopic = this.packet.readInt(); - if (!ModToolInputGuard.isSafeMessage(message)) { + if (!ModToolTicketGuard.isPositiveId(userId) || !ModToolTicketGuard.isPositiveId(cfhTopic) || !ModToolInputGuard.isSafeMessage(message)) { return; } diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolSanctionBanEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolSanctionBanEvent.java index d23f943a..f6bb775a 100644 --- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolSanctionBanEvent.java +++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolSanctionBanEvent.java @@ -37,7 +37,7 @@ public class ModToolSanctionBanEvent extends MessageHandler { int duration = 0; - if (!ModToolInputGuard.isSafeMessage(message)) { + if (!ModToolTicketGuard.isPositiveId(userId) || !ModToolTicketGuard.isPositiveId(cfhTopic) || !ModToolInputGuard.isSafeMessage(message)) { return; } diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolSanctionMuteEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolSanctionMuteEvent.java index e5f91ab2..ea2604a4 100644 --- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolSanctionMuteEvent.java +++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolSanctionMuteEvent.java @@ -26,7 +26,7 @@ public class ModToolSanctionMuteEvent extends MessageHandler { String message = ModToolInputGuard.normalize(this.packet.readString()); int cfhTopic = this.packet.readInt(); - if (!ModToolInputGuard.isSafeMessage(message)) { + if (!ModToolTicketGuard.isPositiveId(userId) || !ModToolTicketGuard.isPositiveId(cfhTopic) || !ModToolInputGuard.isSafeMessage(message)) { return; } diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolSanctionTradeLockEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolSanctionTradeLockEvent.java index b49134f6..546a05a3 100644 --- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolSanctionTradeLockEvent.java +++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolSanctionTradeLockEvent.java @@ -25,7 +25,7 @@ public class ModToolSanctionTradeLockEvent extends MessageHandler { int duration = this.packet.readInt(); int cfhTopic = this.packet.readInt(); - if (!ModToolInputGuard.isSafeMessage(message)) { + if (!ModToolTicketGuard.isPositiveId(userId) || !ModToolTicketGuard.isPositiveId(cfhTopic) || !ModToolInputGuard.isSafeMessage(message)) { return; } diff --git a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolWarnEvent.java b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolWarnEvent.java index 06c118b2..eead312a 100644 --- a/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolWarnEvent.java +++ b/Emulator/src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolWarnEvent.java @@ -19,7 +19,7 @@ public class ModToolWarnEvent extends MessageHandler { int userId = this.packet.readInt(); String message = ModToolInputGuard.normalize(this.packet.readString()); - if (!ModToolInputGuard.isSafeMessage(message)) { + if (!ModToolTicketGuard.isPositiveId(userId) || !ModToolInputGuard.isSafeMessage(message)) { return; } diff --git a/Emulator/src/test/java/com/eu/habbo/messages/incoming/modtool/ModToolPermissionContractTest.java b/Emulator/src/test/java/com/eu/habbo/messages/incoming/modtool/ModToolPermissionContractTest.java index ba03fc67..ce1d6a4b 100644 --- a/Emulator/src/test/java/com/eu/habbo/messages/incoming/modtool/ModToolPermissionContractTest.java +++ b/Emulator/src/test/java/com/eu/habbo/messages/incoming/modtool/ModToolPermissionContractTest.java @@ -109,4 +109,28 @@ class ModToolPermissionContractTest { handler + " must reject empty or oversized staff-supplied text"); } } + + @Test + void staffSuppliedModToolTargetsArePositiveBeforeLookupOrMutation() throws Exception { + Path base = Path.of("src/main/java/com/eu/habbo/messages/incoming/modtool"); + + for (String handler : List.of( + "ModToolAlertEvent.java", + "ModToolWarnEvent.java", + "ModToolKickEvent.java", + "ModToolChangeRoomSettingsEvent.java", + "ModToolRequestRoomInfoEvent.java", + "ModToolRequestRoomVisitsEvent.java", + "ModToolIssueDefaultSanctionEvent.java", + "ModToolSanctionAlertEvent.java", + "ModToolSanctionBanEvent.java", + "ModToolSanctionMuteEvent.java", + "ModToolSanctionTradeLockEvent.java" + )) { + String source = Files.readString(base.resolve(handler)); + + assertTrue(source.contains("ModToolTicketGuard.isPositiveId"), + handler + " must reject zero or negative client-provided ids before manager/database lookups"); + } + } }