diff options
| author | flow <flowlnlnln@gmail.com> | 2022-05-15 15:58:23 -0300 |
|---|---|---|
| committer | flow <flowlnlnln@gmail.com> | 2022-05-15 16:06:49 -0300 |
| commit | 7194bb1b8114a2ec96d3cb30a4fe3338f3962d4c (patch) | |
| tree | 119724c63867548d30336dfeb33a1b49cd814b62 | |
| parent | 78cf0c73c89f0d1207bb079bf4670cc032607c4d (diff) | |
| download | PrismLauncher-7194bb1b8114a2ec96d3cb30a4fe3338f3962d4c.tar.gz PrismLauncher-7194bb1b8114a2ec96d3cb30a4fe3338f3962d4c.tar.bz2 PrismLauncher-7194bb1b8114a2ec96d3cb30a4fe3338f3962d4c.zip | |
fix: validate whitelisted download urls
| -rw-r--r-- | launcher/InstanceImportTask.cpp | 2 | ||||
| -rw-r--r-- | launcher/modplatform/modrinth/ModrinthPackManifest.cpp | 25 | ||||
| -rw-r--r-- | launcher/modplatform/modrinth/ModrinthPackManifest.h | 2 |
3 files changed, 26 insertions, 3 deletions
diff --git a/launcher/InstanceImportTask.cpp b/launcher/InstanceImportTask.cpp index f02aed91..3ca82923 100644 --- a/launcher/InstanceImportTask.cpp +++ b/launcher/InstanceImportTask.cpp @@ -545,7 +545,7 @@ void InstanceImportTask::processModrinth() { file.hashAlgorithm = hashAlgorithm; // Do not use requireUrl, which uses StrictMode, instead use QUrl's default TolerantMode (as Modrinth seems to incorrectly handle spaces) file.download = Json::requireString(Json::ensureArray(obj, "downloads").first(), "Download URL for " + file.path); - if (!file.download.isValid()) + if (!file.download.isValid() || !Modrinth::validadeDownloadUrl(file.download)) { throw JSONValidationError("Download URL for " + file.path + " is not a correctly formatted URL"); } diff --git a/launcher/modplatform/modrinth/ModrinthPackManifest.cpp b/launcher/modplatform/modrinth/ModrinthPackManifest.cpp index facf5ddb..947ac182 100644 --- a/launcher/modplatform/modrinth/ModrinthPackManifest.cpp +++ b/launcher/modplatform/modrinth/ModrinthPackManifest.cpp @@ -93,6 +93,23 @@ void loadIndexedVersions(Modpack& pack, QJsonDocument& doc) pack.versionsLoaded = true; } +auto validadeDownloadUrl(QUrl url) -> bool +{ + auto domain = url.host(); + if(domain == "cdn.modrinth.com") + return true; + if(domain == "edge.forgecdn.net") + return true; + if(domain == "media.forgecdn.net") + return true; + if(domain == "github.com") + return true; + if(domain == "raw.githubusercontent.com") + return true; + + return false; +} + auto loadIndexedVersion(QJsonObject &obj) -> ModpackVersion { ModpackVersion file; @@ -107,7 +124,6 @@ auto loadIndexedVersion(QJsonObject &obj) -> ModpackVersion auto files = Json::requireArray(obj, "files"); - qWarning() << files; for (auto file_iter : files) { File indexed_file; @@ -121,7 +137,12 @@ auto loadIndexedVersion(QJsonObject &obj) -> ModpackVersion continue; } - file.download_url = Json::requireString(parent, "url"); + auto url = Json::requireString(parent, "url"); + + if(!validadeDownloadUrl(url)) + continue; + + file.download_url = url; if(is_primary) break; } diff --git a/launcher/modplatform/modrinth/ModrinthPackManifest.h b/launcher/modplatform/modrinth/ModrinthPackManifest.h index 55ad40d9..4db4a75d 100644 --- a/launcher/modplatform/modrinth/ModrinthPackManifest.h +++ b/launcher/modplatform/modrinth/ModrinthPackManifest.h @@ -99,6 +99,8 @@ void loadIndexedInfo(Modpack&, QJsonObject&); void loadIndexedVersions(Modpack&, QJsonDocument&); auto loadIndexedVersion(QJsonObject&) -> ModpackVersion; +auto validadeDownloadUrl(QUrl) -> bool; + } Q_DECLARE_METATYPE(Modrinth::Modpack) |