mirrors/raylib
1
0
Fork 0
mirror of https://github.com/raysan5/raylib.git synced 2025-09-06 03:18:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

ADDED: Some security checks to verify examples categories provided

Browse Source
This commit is contained in:
Ray
2025-08-03 21:20:35 +02:00
parent 8f8a5ada60
commit d194b8d503
1 changed files with 84 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
examples/rexm.c
View File

@@ -152,11 +152,27 @@ int main(int argc, char *argv[])
else if (argc > 3) LOG("WARNING: Too many arguments provided\n"); else if (argc > 3) LOG("WARNING: Too many arguments provided\n");
else else
{ {
// TODO: Additional security checks for file name? // Security checks for file name to verify category is included
int catIndex = TextFindIndex(argv[2], "_");
if (catIndex > 3)
{
char cat[12] = { 0 };
strncpy(cat, argv[2], catIndex);
bool catFound = false;
for (int i = 0; i < MAX_EXAMPLE_CATEGORIES; i++)
{
if (TextIsEqual(cat, exCategories[i])) { catFound = true; break; }
}
if (catFound)
{
strcpy(exName, argv[2]); // Register filename for new example creation strcpy(exName, argv[2]); // Register filename for new example creation
strncpy(exCategory, exName, TextFindIndex(exName, "_")); strncpy(exCategory, exName, TextFindIndex(exName, "_"));
opCode = 1; opCode = OP_CREATE;
}
else LOG("WARNING: Example category is not valid\n");
}
else LOG("WARNING: Example name does not include category\n");
} }
} }
else if (strcmp(argv[1], "add") == 0) else if (strcmp(argv[1], "add") == 0)
@@ -169,11 +185,29 @@ int main(int argc, char *argv[])
if (IsFileExtension(argv[2], ".c")) // Check for valid file extension: input if (IsFileExtension(argv[2], ".c")) // Check for valid file extension: input
{ {
if (FileExists(inFileName)) if (FileExists(inFileName))
{
// Security checks for file name to verify category is included
int catIndex = TextFindIndex(argv[2], "_");
if (catIndex > 3)
{
char cat[12] = { 0 };
strncpy(cat, argv[2], catIndex);
bool catFound = false;
for (int i = 0; i < MAX_EXAMPLE_CATEGORIES; i++)
{
if (TextIsEqual(cat, exCategories[i])) { catFound = true; break; }
}
if (catFound)
{ {
strcpy(inFileName, argv[2]); // Register filename for addition strcpy(inFileName, argv[2]); // Register filename for addition
strcpy(exName, GetFileNameWithoutExt(argv[2])); // Register example name strcpy(exName, GetFileNameWithoutExt(argv[2])); // Register example name
strncpy(exCategory, exName, TextFindIndex(exName, "_")); strncpy(exCategory, exName, TextFindIndex(exName, "_"));
opCode = 2; opCode = OP_ADD;
}
else LOG("WARNING: Example category is not valid\n");
}
else LOG("WARNING: Example name does not include category\n");
} }
else LOG("WARNING: Input file not found, include path\n"); else LOG("WARNING: Input file not found, include path\n");
} }
@@ -185,12 +219,28 @@ int main(int argc, char *argv[])
if (argc == 2) LOG("WARNING: No filename provided to be renamed\n"); if (argc == 2) LOG("WARNING: No filename provided to be renamed\n");
else if (argc > 4) LOG("WARNING: Too many arguments provided\n"); else if (argc > 4) LOG("WARNING: Too many arguments provided\n");
else else
{
// Verify example exists in collection to be removed
char *exColInfo = LoadFileText(exCollectionListPath);
if (TextFindIndex(exColInfo, argv[2]) != -1) // Example in the collection
{ {
strcpy(exName, argv[2]); // Register example name strcpy(exName, argv[2]); // Register example name
strncpy(exCategory, exName, TextFindIndex(exName, "_")); strncpy(exCategory, exName, TextFindIndex(exName, "_"));
strcpy(exRename, argv[3]); strcpy(exRename, argv[3]);
char exReCategory[32] = { 0 };
strncpy(exReCategory, exRename, TextFindIndex(exRename, "_"));
if (strcmp(exCategory, exReCategory) != 0)
{
// TODO: Consider rename with change of category // TODO: Consider rename with change of category
opCode = 3; // Remove previous one from collection
// Add new one (copy) to collection
}
opCode = OP_RENAME;
}
else LOG("WARNING: RENAME: Example not available in the collection\n");
UnloadFileText(exColInfo);
} }
} }
else if (strcmp(argv[1], "remove") == 0) else if (strcmp(argv[1], "remove") == 0)
@@ -199,20 +249,26 @@ int main(int argc, char *argv[])
if (argc == 2) LOG("WARNING: No filename provided to create\n"); if (argc == 2) LOG("WARNING: No filename provided to create\n");
else if (argc > 3) LOG("WARNING: Too many arguments provided\n"); else if (argc > 3) LOG("WARNING: Too many arguments provided\n");
else else
{
// Verify example exists in collection to be removed
char *exColInfo = LoadFileText(exCollectionListPath);
if (TextFindIndex(exColInfo, argv[2]) != -1) // Example in the collection
{ {
strcpy(exName, argv[2]); // Register filename for removal strcpy(exName, argv[2]); // Register filename for removal
opCode = 4; opCode = OP_REMOVE;
}
else LOG("WARNING: REMOVE: Example not available in the collection\n");
UnloadFileText(exColInfo);
} }
} }
else if (strcmp(argv[1], "validate") == 0) else if (strcmp(argv[1], "validate") == 0)
{ {
opCode = 5; // Validate examples in collection
} // All examples in collection match all requirements on required files
}
// Load examples collection information opCode = OP_VALIDATE;
//exInfo = LoadExamplesData(exCollectionListPath, "core", true, &exInfoCount); }
//for (int i = 0; i < exInfoCount; i++) printf("%i - %s [%i]\n", i + 1, exInfo[i].name, exInfo[i].stars); }
switch (opCode) switch (opCode)
{ {
@@ -240,16 +296,18 @@ int main(int argc, char *argv[])
// Add: raylib/examples/<category>/<category>_example_name.c // Add: raylib/examples/<category>/<category>_example_name.c
if (opCode != 1) FileCopy(inFileName, TextFormat("%s/%s/%s.c", exBasePath, exCategory, exName)); if (opCode != 1) FileCopy(inFileName, TextFormat("%s/%s/%s.c", exBasePath, exCategory, exName));
// TODO: Example to be added could be provided as a .zip, containing resources!
// Create: raylib/examples/<category>/<category>_example_name.png // Create: raylib/examples/<category>/<category>_example_name.png
FileCopy(exTemplateScreenshot, TextFormat("%s/%s/%s.png", exBasePath, exCategory, exName)); // WARNING: To be updated manually! FileCopy(exTemplateScreenshot, TextFormat("%s/%s/%s.png", exBasePath, exCategory, exName)); // WARNING: To be updated manually!
// Copy: raylib/examples/<category>/resources/... // WARNING: To be updated manually! // Copy: raylib/examples/<category>/resources/... // WARNING: To be updated manually!
// TODO: Example to be added could be provided as a .zip, containing resources!
// TODO: Copy provided resources to respective directories // TODO: Copy provided resources to respective directories
// Possible strategy: // Possible strategy:
// 1. Scan code file for resources paths -> Resources list // 1. Scan code file for resources paths -> Resources list
// Look for specific text: '.png"'
// Look for full path, previous '"'
// Be careful with shaders: '.vs"', '.fs"' -> Reconstruct path manually?
// 2. Verify paths: resource files exist // 2. Verify paths: resource files exist
// 3. Copy files to required resource dir // 3. Copy files to required resource dir
@@ -295,6 +353,8 @@ int main(int argc, char *argv[])
SaveFileText(exCollectionListPath, exColInfoUpdated); SaveFileText(exCollectionListPath, exColInfoUpdated);
RL_FREE(exColInfoUpdated); RL_FREE(exColInfoUpdated);
} }
else LOG("WARNING: ADD: Example is already on the collection\n");
UnloadFileText(exColInfo); UnloadFileText(exColInfo);
//------------------------------------------------------------------------------------------------ //------------------------------------------------------------------------------------------------
@@ -504,7 +564,7 @@ int main(int argc, char *argv[])
if ((i == 6) && (x == (exCount - 1))) if ((i == 6) && (x == (exCount - 1)))
{ {
// Last line to add, special case to consider // NOTE: Last line to add, special case to consider
jsIndex += sprintf(jsTextUpdated + jsListStartIndex + jsIndex, jsIndex += sprintf(jsTextUpdated + jsListStartIndex + jsIndex,
TextFormat(" exampleEntry('%s', '%s', '%s')];\n", stars, exCatList[x].category, exCatList[x].name + strlen(exCatList[x].category) + 1)); TextFormat(" exampleEntry('%s', '%s', '%s')];\n", stars, exCatList[x].category, exCatList[x].name + strlen(exCatList[x].category) + 1));
} }