ArmaScriptCompiler icon indicating copy to clipboard operation
ArmaScriptCompiler copied to clipboard
verified publisher icon dedmen

[Security] Full local path included in output

Open jonpas opened this issue 2 years ago • 1 comments

This is a security issue and should be remedied.

Diff

jonpas avatar Jan 26 '23 01:01 jonpas

@PabstMirror @BrettMayson

jonpas avatar Jan 26 '23 01:01 jonpas

Not just security, this will also lead to incorrect in-game paths. Arma 3 base files have the same issue, resulting in /temp/bin/A3/Functions_F/Ambient/fn_ambientAnim.sqf instead of \A3\Functions_F\Ambient\fn_ambientAnim.sqf

dedmen avatar Feb 12 '24 17:02 dedmen

The problem is that the "root" what would often be a p-drive root. Is unknown. We can try finding it by looking for PBOPREFIX, which might solve most cases (doesn't solve our vanilla A3 case)

Instead of that, I'll add "rootPathMapping" config entry. They will map physical paths to virtual paths.

So in your case the root path might be "C:/Users/username/Appdata/Local/Temp/hemtt/DEV_CBA_A3/asc/source" -> "\x\cba" Such that your file instead of /Users/username/Appdata/Local/Temp/hemtt/DEV_CBA_A3/asc/source/addons/common/fnc_test.sqf will be translated to \x\cba\addons/common/fnc_test.sqf

dedmen avatar Feb 12 '24 17:02 dedmen

Also important note on this, this changes how the outputPath is handled. result file is outputPath/virtualPath. Because the virtualPath was previously bugged, it would output to example P:/Users/username/Appdata/Local/Temp/hemtt/DEV_CBA_A3/asc/source/addons/common/fnc_test.sqfc But with the fix, it will now output to P:\x\cba\addons/common/fnc_test.sqf

dedmen avatar Feb 13 '24 09:02 dedmen