fix: better input sanitization [MTT-5894] (#821)

* using NetworkEndPoint.TryParse to validate IP address and port

Author: LPLafontaineB

Assets/Prefabs/UI/IPPopup.prefab

@@ -173,7 +173,7 @@ MonoBehaviour:
   m_faceColor:
     serializedVersion: 2
     rgba: 4294967295
-  m_fontSize: 20.3
+  m_fontSize: 33
   m_fontSizeBase: 36
   m_fontWeight: 400
   m_enableAutoSizing: 1
@@ -785,7 +785,7 @@ MonoBehaviour:
   m_faceColor:
     serializedVersion: 2
     rgba: 4294967295
-  m_fontSize: 32.2
+  m_fontSize: 50
   m_fontSizeBase: 36
   m_fontWeight: 400
   m_enableAutoSizing: 1
@@ -935,6 +935,7 @@ MonoBehaviour:
   m_IPInputField: {fileID: 783666621484907260}
   m_PortInputField: {fileID: 3692047279709044436}
   m_CanvasGroup: {fileID: 3432270648822068983}
+  m_HostButton: {fileID: 8503688101831781139}
 --- !u!1 &2513356161705610835
 GameObject:
   m_ObjectHideFlags: 0
@@ -2211,7 +2212,7 @@ MonoBehaviour:
   m_faceColor:
     serializedVersion: 2
     rgba: 4294967295
-  m_fontSize: 32.2
+  m_fontSize: 50
   m_fontSizeBase: 36
   m_fontWeight: 400
   m_enableAutoSizing: 1
@@ -3287,6 +3288,7 @@ MonoBehaviour:
   m_CanvasGroup: {fileID: 6846323567751854231}
   m_IPInputField: {fileID: 2677382141616317261}
   m_PortInputField: {fileID: 7282211495594724544}
+  m_JoinButton: {fileID: 8754602378570439514}
 --- !u!1 &5924530127146065184
 GameObject:
   m_ObjectHideFlags: 0
@@ -3577,7 +3579,7 @@ MonoBehaviour:
   m_faceColor:
     serializedVersion: 2
     rgba: 4294967295
-  m_fontSize: 20.3
+  m_fontSize: 33
   m_fontSizeBase: 36
   m_fontWeight: 400
   m_enableAutoSizing: 1

Assets/Scripts/Gameplay/UI/IPHostingUI.cs

@@ -13,6 +13,9 @@ public class IPHostingUI : MonoBehaviour
         [SerializeField]
         CanvasGroup m_CanvasGroup;
 
+        [SerializeField]
+        Button m_HostButton;
+
         [Inject] IPUIMediator m_IPUIMediator;
 
         void Awake()
@@ -43,16 +46,17 @@ public void OnCreateClick()
         /// </summary>
         public void SanitizeIPInputText()
         {
-            m_IPInputField.text = IPUIMediator.Sanitize(m_IPInputField.text);
+            m_IPInputField.text = IPUIMediator.SanitizeIP(m_IPInputField.text);
+            m_HostButton.interactable = IPUIMediator.AreIpAddressAndPortValid(m_IPInputField.text, m_PortInputField.text);
         }
 
         /// <summary>
         /// Added to the InputField component's OnValueChanged callback for the Port UI text.
         /// </summary>
         public void SanitizePortText()
         {
-            var inputFieldText = IPUIMediator.Sanitize(m_PortInputField.text);
-            m_PortInputField.text = inputFieldText;
+            m_PortInputField.text = IPUIMediator.SanitizePort(m_PortInputField.text);
+            m_HostButton.interactable = IPUIMediator.AreIpAddressAndPortValid(m_IPInputField.text, m_PortInputField.text);
         }
     }
 }

Assets/Scripts/Gameplay/UI/IPJoiningUI.cs

@@ -14,6 +14,9 @@ public class IPJoiningUI : MonoBehaviour
 
         [SerializeField] InputField m_PortInputField;
 
+        [SerializeField]
+        Button m_JoinButton;
+
         [Inject] IPUIMediator m_IPUIMediator;
 
         void Awake()
@@ -44,16 +47,17 @@ public void OnJoinButtonPressed()
         /// </summary>
         public void SanitizeIPInputText()
         {
-            m_IPInputField.text = IPUIMediator.Sanitize(m_IPInputField.text);
+            m_IPInputField.text = IPUIMediator.SanitizeIP(m_IPInputField.text);
+            m_JoinButton.interactable = IPUIMediator.AreIpAddressAndPortValid(m_IPInputField.text, m_PortInputField.text);
         }
 
         /// <summary>
         /// Added to the InputField component's OnValueChanged callback for the Port UI text.
         /// </summary>
         public void SanitizePortText()
         {
-            var inputFieldText = IPUIMediator.Sanitize(m_PortInputField.text);
-            m_PortInputField.text = inputFieldText;
+            m_PortInputField.text = IPUIMediator.SanitizePort(m_PortInputField.text);
+            m_JoinButton.interactable = IPUIMediator.AreIpAddressAndPortValid(m_IPInputField.text, m_PortInputField.text);
         }
     }
 }

Assets/Scripts/Gameplay/UI/IPUIMediator.cs

@@ -4,6 +4,7 @@
 using TMPro;
 using Unity.BossRoom.ConnectionManagement;
 using Unity.BossRoom.Infrastructure;
+using Unity.Networking.Transport;
 using UnityEngine;
 using VContainer;
 
@@ -171,13 +172,32 @@ public void CancelConnectingWindow()
         }
 
         /// <summary>
-        /// Sanitize user port InputField box allowing only alphanumerics and '.'
+        /// Sanitize user IP address InputField box allowing only numbers and '.'. This also prevents undesirable
+        /// invisible characters from being copy-pasted accidentally.
         /// </summary>
         /// <param name="dirtyString"> string to sanitize. </param>
         /// <returns> Sanitized text string. </returns>
-        public static string Sanitize(string dirtyString)
+        public static string SanitizeIP(string dirtyString)
         {
-            return Regex.Replace(dirtyString, "[^A-Za-z0-9.]", "");
+            return Regex.Replace(dirtyString, "[^0-9.]", "");
+        }
+
+        /// <summary>
+        /// Sanitize user port InputField box allowing only numbers. This also prevents undesirable invisible characters
+        /// from being copy-pasted accidentally.
+        /// </summary>
+        /// <param name="dirtyString"> string to sanitize. </param>
+        /// <returns> Sanitized text string. </returns>
+        public static string SanitizePort(string dirtyString)
+        {
+
+            return Regex.Replace(dirtyString, "[^0-9]", "");
+        }
+
+        public static bool AreIpAddressAndPortValid(string ipAddress, string port)
+        {
+            var portValid = ushort.TryParse(port, out var portNum);
+            return portValid && NetworkEndPoint.TryParse(ipAddress, portNum, out var networkEndPoint);
         }
     }
 }

CHANGELOG.md

@@ -23,6 +23,7 @@ Additional documentation and release notes are available at [Multiplayer Documen
 * Elements inside the Tank's and Rogue's AnimatorTriggeredSpecialFX list have been revised to not loop AudioSource clips, ending the logging of multiple warnings to the console (#785)
 * ClientConnectedState now inherits from OnlineState instead of the base ConnectionState (#801)
 * UpdateRunner now sends the right value for deltaTime when updating its subscribers (#805)
+* Inputs are better sanitized when entering IP address and port (#821). Now all invalid characters are prevented, and UnityTransport's NetworkEndpoint.TryParse is used to verify the validity of the IP address and port that are entered before making the join/host button interactable.
 
 ## [2.0.4] - 2022-12-13
 ### Changed