Skip to content

fix: better input sanitization [MTT-5894] #821

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Apr 20, 2023
Merged

fix: better input sanitization [MTT-5894] #821

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
29d4ed9
using NetworkEndPoint.TryParse to validate IP address and port
LPLafontaineB Apr 18, 2023
aef08f7
cleanup
LPLafontaineB Apr 18, 2023
72cf48f
adding changelog entry
LPLafontaineB Apr 18, 2023
738084c
Adding comments
LPLafontaineB Apr 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 6 additions & 4 deletions Assets/Prefabs/UI/IPPopup.prefab
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,7 @@ MonoBehaviour:
m_faceColor:
serializedVersion: 2
rgba: 4294967295
m_fontSize: 20.3
m_fontSize: 33
m_fontSizeBase: 36
m_fontWeight: 400
m_enableAutoSizing: 1
Expand Down Expand Up @@ -785,7 +785,7 @@ MonoBehaviour:
m_faceColor:
serializedVersion: 2
rgba: 4294967295
m_fontSize: 32.2
m_fontSize: 50
m_fontSizeBase: 36
m_fontWeight: 400
m_enableAutoSizing: 1
Expand Down Expand Up @@ -935,6 +935,7 @@ MonoBehaviour:
m_IPInputField: {fileID: 783666621484907260}
m_PortInputField: {fileID: 3692047279709044436}
m_CanvasGroup: {fileID: 3432270648822068983}
m_HostButton: {fileID: 8503688101831781139}
--- !u!1 &2513356161705610835
GameObject:
m_ObjectHideFlags: 0
Expand Down Expand Up @@ -2211,7 +2212,7 @@ MonoBehaviour:
m_faceColor:
serializedVersion: 2
rgba: 4294967295
m_fontSize: 32.2
m_fontSize: 50
m_fontSizeBase: 36
m_fontWeight: 400
m_enableAutoSizing: 1
Expand Down Expand Up @@ -3287,6 +3288,7 @@ MonoBehaviour:
m_CanvasGroup: {fileID: 6846323567751854231}
m_IPInputField: {fileID: 2677382141616317261}
m_PortInputField: {fileID: 7282211495594724544}
m_JoinButton: {fileID: 8754602378570439514}
--- !u!1 &5924530127146065184
GameObject:
m_ObjectHideFlags: 0
Expand Down Expand Up @@ -3577,7 +3579,7 @@ MonoBehaviour:
m_faceColor:
serializedVersion: 2
rgba: 4294967295
m_fontSize: 20.3
m_fontSize: 33
m_fontSizeBase: 36
m_fontWeight: 400
m_enableAutoSizing: 1
Expand Down
10 changes: 7 additions & 3 deletions Assets/Scripts/Gameplay/UI/IPHostingUI.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,9 @@ public class IPHostingUI : MonoBehaviour
[SerializeField]
CanvasGroup m_CanvasGroup;

[SerializeField]
Button m_HostButton;

[Inject] IPUIMediator m_IPUIMediator;

void Awake()
Expand Down Expand Up @@ -43,16 +46,17 @@ public void OnCreateClick()
/// </summary>
public void SanitizeIPInputText()
{
m_IPInputField.text = IPUIMediator.Sanitize(m_IPInputField.text);
m_IPInputField.text = IPUIMediator.SanitizeIP(m_IPInputField.text);
m_HostButton.interactable = IPUIMediator.AreIpAddressAndPortValid(m_IPInputField.text, m_PortInputField.text);
}

/// <summary>
/// Added to the InputField component's OnValueChanged callback for the Port UI text.
/// </summary>
public void SanitizePortText()
{
var inputFieldText = IPUIMediator.Sanitize(m_PortInputField.text);
m_PortInputField.text = inputFieldText;
m_PortInputField.text = IPUIMediator.SanitizePort(m_PortInputField.text);
m_HostButton.interactable = IPUIMediator.AreIpAddressAndPortValid(m_IPInputField.text, m_PortInputField.text);
}
}
}
10 changes: 7 additions & 3 deletions Assets/Scripts/Gameplay/UI/IPJoiningUI.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ public class IPJoiningUI : MonoBehaviour

[SerializeField] InputField m_PortInputField;

[SerializeField]
Button m_JoinButton;

[Inject] IPUIMediator m_IPUIMediator;

void Awake()
Expand Down Expand Up @@ -44,16 +47,17 @@ public void OnJoinButtonPressed()
/// </summary>
public void SanitizeIPInputText()
{
m_IPInputField.text = IPUIMediator.Sanitize(m_IPInputField.text);
m_IPInputField.text = IPUIMediator.SanitizeIP(m_IPInputField.text);
m_JoinButton.interactable = IPUIMediator.AreIpAddressAndPortValid(m_IPInputField.text, m_PortInputField.text);
}

/// <summary>
/// Added to the InputField component's OnValueChanged callback for the Port UI text.
/// </summary>
public void SanitizePortText()
{
var inputFieldText = IPUIMediator.Sanitize(m_PortInputField.text);
m_PortInputField.text = inputFieldText;
m_PortInputField.text = IPUIMediator.SanitizePort(m_PortInputField.text);
m_JoinButton.interactable = IPUIMediator.AreIpAddressAndPortValid(m_IPInputField.text, m_PortInputField.text);
}
}
}
26 changes: 23 additions & 3 deletions Assets/Scripts/Gameplay/UI/IPUIMediator.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
using TMPro;
using Unity.BossRoom.ConnectionManagement;
using Unity.BossRoom.Infrastructure;
using Unity.Networking.Transport;
using UnityEngine;
using VContainer;

Expand Down Expand Up @@ -171,13 +172,32 @@ public void CancelConnectingWindow()
}

/// <summary>
/// Sanitize user port InputField box allowing only alphanumerics and '.'
/// Sanitize user IP address InputField box allowing only numbers and '.'. This also prevents undesirable
/// invisible characters from being copy-pasted accidentally.
/// </summary>
/// <param name="dirtyString"> string to sanitize. </param>
/// <returns> Sanitized text string. </returns>
public static string Sanitize(string dirtyString)
public static string SanitizeIP(string dirtyString)
{
return Regex.Replace(dirtyString, "[^A-Za-z0-9.]", "");
return Regex.Replace(dirtyString, "[^0-9.]", "");
}

/// <summary>
/// Sanitize user port InputField box allowing only numbers. This also prevents undesirable invisible characters
/// from being copy-pasted accidentally.
/// </summary>
/// <param name="dirtyString"> string to sanitize. </param>
/// <returns> Sanitized text string. </returns>
public static string SanitizePort(string dirtyString)
{

return Regex.Replace(dirtyString, "[^0-9]", "");
}

public static bool AreIpAddressAndPortValid(string ipAddress, string port)
{
var portValid = ushort.TryParse(port, out var portNum);
return portValid && NetworkEndPoint.TryParse(ipAddress, portNum, out var networkEndPoint);
}
}
}
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ Additional documentation and release notes are available at [Multiplayer Documen
* Elements inside the Tank's and Rogue's AnimatorTriggeredSpecialFX list have been revised to not loop AudioSource clips, ending the logging of multiple warnings to the console (#785)
* ClientConnectedState now inherits from OnlineState instead of the base ConnectionState (#801)
* UpdateRunner now sends the right value for deltaTime when updating its subscribers (#805)
* Inputs are better sanitized when entering IP address and port (#821). Now all invalid characters are prevented, and UnityTransport's NetworkEndpoint.TryParse is used to verify the validity of the IP address and port that are entered before making the join/host button interactable.

## [2.0.4] - 2022-12-13
### Changed
Expand Down