mirrors/raylib
1
0
Fork 0
mirror of https://github.com/raysan5/raylib.git synced 2025-09-06 03:18:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

ADDED: Some security checks to verify examples categories provided

Browse Source
This commit is contained in:
Ray
2025-08-03 21:20:35 +02:00
parent 8f8a5ada60
commit d194b8d503
1 changed files with 84 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
examples/rexm.c
View File

@@ -152,11 +152,27 @@ int main(int argc, char *argv[])
else if (argc > 3) LOG("WARNING: Too many arguments provided\n");
else
{
// TODO: Additional security checks for file name?
// Security checks for file name to verify category is included
int catIndex = TextFindIndex(argv[2], "_");
if (catIndex > 3)
{
char cat[12] = { 0 };
strncpy(cat, argv[2], catIndex);
bool catFound = false;
for (int i = 0; i < MAX_EXAMPLE_CATEGORIES; i++)
{
if (TextIsEqual(cat, exCategories[i])) { catFound = true; break; }
}
if (catFound)
{
strcpy(exName, argv[2]); // Register filename for new example creation
strncpy(exCategory, exName, TextFindIndex(exName, "_"));
opCode = 1;
opCode = OP_CREATE;
}
else LOG("WARNING: Example category is not valid\n");
}
else LOG("WARNING: Example name does not include category\n");
}
}
else if (strcmp(argv[1], "add") == 0)
@@ -169,11 +185,29 @@ int main(int argc, char *argv[])
if (IsFileExtension(argv[2], ".c")) // Check for valid file extension: input
{
if (FileExists(inFileName))
{
// Security checks for file name to verify category is included
int catIndex = TextFindIndex(argv[2], "_");
if (catIndex > 3)
{
char cat[12] = { 0 };
strncpy(cat, argv[2], catIndex);
bool catFound = false;
for (int i = 0; i < MAX_EXAMPLE_CATEGORIES; i++)
{
if (TextIsEqual(cat, exCategories[i])) { catFound = true; break; }
}
if (catFound)
{
strcpy(inFileName, argv[2]); // Register filename for addition
strcpy(exName, GetFileNameWithoutExt(argv[2])); // Register example name
strncpy(exCategory, exName, TextFindIndex(exName, "_"));
opCode = 2;
opCode = OP_ADD;
}
else LOG("WARNING: Example category is not valid\n");
}
else LOG("WARNING: Example name does not include category\n");
}
else LOG("WARNING: Input file not found, include path\n");
}
@@ -185,12 +219,28 @@ int main(int argc, char *argv[])
if (argc == 2) LOG("WARNING: No filename provided to be renamed\n");
else if (argc > 4) LOG("WARNING: Too many arguments provided\n");
else
{
// Verify example exists in collection to be removed
char *exColInfo = LoadFileText(exCollectionListPath);
if (TextFindIndex(exColInfo, argv[2]) != -1) // Example in the collection
{
strcpy(exName, argv[2]); // Register example name
strncpy(exCategory, exName, TextFindIndex(exName, "_"));
strcpy(exRename, argv[3]);
char exReCategory[32] = { 0 };
strncpy(exReCategory, exRename, TextFindIndex(exRename, "_"));
if (strcmp(exCategory, exReCategory) != 0)
{
// TODO: Consider rename with change of category
opCode = 3;
// Remove previous one from collection
// Add new one (copy) to collection
}
opCode = OP_RENAME;
}
else LOG("WARNING: RENAME: Example not available in the collection\n");
UnloadFileText(exColInfo);
}
}
else if (strcmp(argv[1], "remove") == 0)
@@ -199,20 +249,26 @@ int main(int argc, char *argv[])
if (argc == 2) LOG("WARNING: No filename provided to create\n");
else if (argc > 3) LOG("WARNING: Too many arguments provided\n");
else
{
// Verify example exists in collection to be removed
char *exColInfo = LoadFileText(exCollectionListPath);
if (TextFindIndex(exColInfo, argv[2]) != -1) // Example in the collection
{
strcpy(exName, argv[2]); // Register filename for removal
opCode = 4;
opCode = OP_REMOVE;
}
else LOG("WARNING: REMOVE: Example not available in the collection\n");
UnloadFileText(exColInfo);
}
}
else if (strcmp(argv[1], "validate") == 0)
{
opCode = 5;
}
}
// Validate examples in collection
// All examples in collection match all requirements on required files
// Load examples collection information
//exInfo = LoadExamplesData(exCollectionListPath, "core", true, &exInfoCount);
//for (int i = 0; i < exInfoCount; i++) printf("%i - %s [%i]\n", i + 1, exInfo[i].name, exInfo[i].stars);
opCode = OP_VALIDATE;
}
}
switch (opCode)
{
@@ -240,16 +296,18 @@ int main(int argc, char *argv[])
// Add: raylib/examples/<category>/<category>_example_name.c
if (opCode != 1) FileCopy(inFileName, TextFormat("%s/%s/%s.c", exBasePath, exCategory, exName));
// TODO: Example to be added could be provided as a .zip, containing resources!
// Create: raylib/examples/<category>/<category>_example_name.png
FileCopy(exTemplateScreenshot, TextFormat("%s/%s/%s.png", exBasePath, exCategory, exName)); // WARNING: To be updated manually!
// Copy: raylib/examples/<category>/resources/... // WARNING: To be updated manually!
// TODO: Example to be added could be provided as a .zip, containing resources!
// TODO: Copy provided resources to respective directories
// Possible strategy:
// 1. Scan code file for resources paths -> Resources list
// Look for specific text: '.png"'
// Look for full path, previous '"'
// Be careful with shaders: '.vs"', '.fs"' -> Reconstruct path manually?
// 2. Verify paths: resource files exist
// 3. Copy files to required resource dir
@@ -295,6 +353,8 @@ int main(int argc, char *argv[])
SaveFileText(exCollectionListPath, exColInfoUpdated);
RL_FREE(exColInfoUpdated);
}
else LOG("WARNING: ADD: Example is already on the collection\n");
UnloadFileText(exColInfo);
//------------------------------------------------------------------------------------------------
@@ -504,7 +564,7 @@ int main(int argc, char *argv[])
if ((i == 6) && (x == (exCount - 1)))
{
// Last line to add, special case to consider
// NOTE: Last line to add, special case to consider
jsIndex += sprintf(jsTextUpdated + jsListStartIndex + jsIndex,
TextFormat(" exampleEntry('%s', '%s', '%s')];\n", stars, exCatList[x].category, exCatList[x].name + strlen(exCatList[x].category) + 1));
}