mirror of
https://github.com/bitburner-official/bitburner-src.git
synced 2024-11-17 13:13:49 +01:00
BUGFIX: Crash when accessing nonexist files with file protocol (#1529)
This commit is contained in:
parent
06677a1306
commit
6483b5e7fe
@ -1,30 +0,0 @@
|
|||||||
<!DOCTYPE html>
|
|
||||||
<html lang="en">
|
|
||||||
<head>
|
|
||||||
<meta charset="utf-8" />
|
|
||||||
<title>Bitburner</title>
|
|
||||||
<style>
|
|
||||||
body {
|
|
||||||
background-color: black;
|
|
||||||
color: #0c0;
|
|
||||||
margin: 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
div {
|
|
||||||
height: 100vh;
|
|
||||||
display: flex;
|
|
||||||
justify-content: center;
|
|
||||||
align-items: center;
|
|
||||||
}
|
|
||||||
|
|
||||||
h1 {
|
|
||||||
text-align: center;
|
|
||||||
}
|
|
||||||
</style>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<div>
|
|
||||||
<h1>Attempts to access local files outside the normal game environment will be directed to this file.</h1>
|
|
||||||
</div>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
@ -201,19 +201,31 @@ global.app_handlers = {
|
|||||||
app.on("ready", async () => {
|
app.on("ready", async () => {
|
||||||
// Intercept file protocol requests and only let valid requests through
|
// Intercept file protocol requests and only let valid requests through
|
||||||
protocol.interceptFileProtocol("file", ({ url, method }, callback) => {
|
protocol.interceptFileProtocol("file", ({ url, method }, callback) => {
|
||||||
const filePath = fileURLToPath(url);
|
let filePath;
|
||||||
const realPath = realpathSync(filePath);
|
let realPath;
|
||||||
const relativePath = path.relative(__dirname, realPath);
|
let relativePath;
|
||||||
// Only allow access to files in "dist" folder or html files in the same directory
|
/**
|
||||||
if (method === "GET" && (relativePath.startsWith("dist") || relativePath.match(/^[a-zA-Z-_]*\.html/))) {
|
* "realpathSync" will throw an error if "filePath" points to a non-existent file. If an error is thrown here, the
|
||||||
callback(realPath);
|
* electron app will crash immediately. We can use fs.existsSync to check "filePath" before using it, but it's best
|
||||||
return;
|
* to try-catch the entire code block and avoid unexpected issues.
|
||||||
|
*/
|
||||||
|
try {
|
||||||
|
filePath = fileURLToPath(url);
|
||||||
|
realPath = realpathSync(filePath);
|
||||||
|
relativePath = path.relative(__dirname, realPath);
|
||||||
|
// Only allow access to files in "dist" folder or html files in the same directory
|
||||||
|
if (method === "GET" && (relativePath.startsWith("dist") || relativePath.match(/^[a-zA-Z-_]*\.html/))) {
|
||||||
|
callback(realPath);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
} catch (error) {
|
||||||
|
log.error(error);
|
||||||
}
|
}
|
||||||
log.error(
|
log.error(
|
||||||
`Tried to access a page outside the sandbox. Url: ${url}. FilePath: ${filePath}. RealPath: ${realPath}.` +
|
`Tried to access a page outside the sandbox. Url: ${url}. FilePath: ${filePath}. RealPath: ${realPath}.` +
|
||||||
` __dirname: ${__dirname}. RelativePath: ${relativePath}. Method: ${method}.`,
|
` __dirname: ${__dirname}. RelativePath: ${relativePath}. Method: ${method}.`,
|
||||||
);
|
);
|
||||||
callback(path.join(__dirname, "fileError.html"));
|
callback({ statusCode: 403 });
|
||||||
});
|
});
|
||||||
|
|
||||||
log.info("Application is ready!");
|
log.info("Application is ready!");
|
||||||
|
Loading…
Reference in New Issue
Block a user