Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: getstorage talkaction #3200

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

fix: getstorage talkaction #3200

wants to merge 6 commits into from

Conversation

arrudaqs
Copy link
Contributor

@arrudaqs arrudaqs commented Dec 30, 2024
edited
Loading

Description

Fix the getstorage talkaction used by server admins, which helps imensely with quest debugging.

Behaviour

Actual

Whenever the talkaction /getstorage Player, storagename is called, the server receives a string (storage name) or a number (storage key) as parameters, the key works fine, but the name should not be a string, it should be converted to the actual global storage variable type.

Expected

Given the admin prepares the /getstorage talkaction to be sent;
When the admin sends the storage parameter as a string e.g (/getstorage GOD, Storage.Quest.U8_0.TheIceIslands.Questline);
Then the /getstorage talkaction accepts the string parameter correctly.

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested

  • Tested the talkaction before my fix, all string typed parameters returned -1 (e.g Storage.Quest.U8_0.BarbarianTest.Questline returned -1)
  • Tested the talkaction after my fix, all string typed parameters returned their actual value (e.g Storage.Quest.U8_0.BarbarianTest.Questline returned 8)

Test Configuration:

  • Server Version: 3.1.2
  • Client: 13.40
  • Operating System: Windows 10

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I checked the PR checks reports

@majestyotbr majestyotbr changed the title Fix getstorage talkaction fix: getstorage talkaction Dec 30, 2024
@arrudaqs
Copy link
Contributor Author

@dudantas please have a look 🤭

@majestyotbr majestyotbr requested a review from dudantas January 2, 2025 17:10
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jan 2, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@arrudaqs arrudaqs requested a review from dudantas January 2, 2025 19:25
@dudantas
Copy link
Member

dudantas commented Jan 2, 2025
edited
Loading

Using loadstring here introduces potential security and performance risks, especially if the input (split[2]) is user-provided or not sanitized. A safer and more efficient approach would be to directly attempt converting the value to a number or treating it as a string key if the conversion fails. This would eliminate the need for dynamically executed code and improve both the safety and clarity of the implementation.

Example alternative:

local storageKey = tonumber(split[2]) or split[2]
local storageValue = target:getStorageValue(storageKey)
self:sendTextMessage(MESSAGE_EVENT_ADVANCE, "The storage with id: " .. split[1] .. " is: " .. storageValue .. ".")

This ensures the same functionality without the risks associated with loadstring.

dudantas
dudantas requested changes Jan 2, 2025
View reviewed changes
Copy link
Member

@dudantas dudantas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Address what I said in the previous comment, as it is very critical.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dudantas dudantas dudantas requested changes

@FelipePaluco FelipePaluco FelipePaluco approved these changes

@majestyotbr majestyotbr majestyotbr approved these changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@arrudaqs @dudantas @majestyotbr @FelipePaluco