Skip to content

Commit

Permalink
解决json注入问题(fix #299)
Browse files Browse the repository at this point in the history
  • Loading branch information
@CuteReimu
CuteReimu committed Sep 22, 2024
1 parent 686fadb commit 92cdc91
Show file tree
Hide file tree
Showing 22 changed files with 95 additions and 89 deletions.
16 changes: 8 additions & 8 deletions src/main/kotlin/QQPusher.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ object QQPusher {
lines.add("$name,$roleName,$identity,$result,$rank,$newScore($addScoreStr)")
map[name] = "$roleName,$identity,$result,$rank,$newScore($addScoreStr)"
}
val text = lines.joinToString(separator = "\\n")
val text = lines.joinToString(separator = "\n")
val at = runBlocking {
mu.withLock {
notifyQueueOnEnd.toLongArray().apply { notifyQueueOnEnd.clear() }
Expand Down Expand Up @@ -144,13 +144,13 @@ object QQPusher {
}

private fun sendGroupMessage(groupId: Long, message: String, atAll: Boolean, vararg at: Long) {
val atStr =
if (atAll) "{\"type\":\"at\",\"data\":{\"qq\":\"all\"}},"
else at.joinToString(separator = "") { "{\"type\":\"at\",\"data\":{\"qq\":\"$it\"}}," }
val postData = """{
"group_id":$groupId,
"message":[$atStr{"type":"text","data":{"text":"$message"}}]
}""".trimMargin().toRequestBody(contentType)
val atMsg =
if (atAll) listOf(mapOf("type" to "at", "data" to mapOf("qq" to "all")))
else at.map { mapOf("type" to "at", "data" to mapOf("qq" to "$it")) }
val postData = gson.toJson(mapOf(
"group_id" to groupId,
"message" to atMsg + mapOf("type" to "text", "data" to mapOf("text" to message))
)).toRequestBody(contentType)
val request = Request.Builder()
.header("Content-Type", "application/json")
.header("Authorization", "Bearer ${Config.MiraiVerifyKey}")
Expand Down
8 changes: 4 additions & 4 deletions src/main/kotlin/gm/Addcard.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ class Addcard : Function<Map<String, String>, Any> {
val playerId = form["player"]?.toInt() ?: 0
val cardTypeNum = form["card"]!!.toInt()
val cardType = card_type.forNumber(cardTypeNum)
if (cardType == null || cardType == UNRECOGNIZED) return "{\"error\": \"参数错误\"}"
if (cardType == null || cardType == UNRECOGNIZED) return gson.toJson(mapOf("error" to "参数错误"))
val count = form["count"]
val finalCount = count?.toInt()?.coerceIn(1..99) ?: 1
val availableCards = Deck.DefaultDeck.filter { it.type == cardType }
Expand Down Expand Up @@ -57,11 +57,11 @@ class Addcard : Function<Map<String, String>, Any> {
}
}
}
"{\"msg\": \"成功\"}"
gson.toJson(mapOf("msg" to "成功"))
} catch (e: NumberFormatException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
} catch (e: NullPointerException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
}
}
}
10 changes: 5 additions & 5 deletions src/main/kotlin/gm/Addenergy.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,18 +8,18 @@ class Addenergy : Function<Map<String, String>, Any> {
return try {
val name = form["name"]!!
val energy = form["energy"]!!.toInt()
val playerInfo = Statistics.getPlayerInfo(name) ?: return "{\"error\": \"玩家不存在\"}"
val playerInfo = Statistics.getPlayerInfo(name) ?: return gson.toJson(mapOf("error" to "玩家不存在"))
val forbidLeft = playerInfo.forbidUntil - System.currentTimeMillis()
if (forbidLeft > 0) {
"{\"result\": false}"
gson.toJson(mapOf("result" to false))
} else {
val result = Statistics.addEnergy(name, energy, true)
"{\"result\": $result}"
gson.toJson(mapOf("result" to result))
}
} catch (e: NumberFormatException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
} catch (e: NullPointerException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
}
}
}
10 changes: 5 additions & 5 deletions src/main/kotlin/gm/Addmessagecard.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,11 @@ class Addmessagecard : Function<Map<String, String>, Any> {
val colorNumlist = form["colors"]!!.split(',')
val colorNumber = colorNumlist.map { it.toInt() }
val colors: List<color> = colorNumber.map { color.forNumber(it) }
if (cardType == null || cardType == UNRECOGNIZED) return "{\"error\": \"参数错误\"}"
if (cardType == null || cardType == UNRECOGNIZED) return gson.toJson(mapOf("error" to "参数错误"))
val count = form["count"]
val finalCount = count?.toInt()?.coerceIn(1..99) ?: 1
val availableCards = Deck.DefaultDeck.filter { card -> card.type == cardType && colors.all { it in card.colors } }
if (availableCards.isEmpty()) return "{\"error\": \"牌堆没有该颜色卡牌\"}"
if (availableCards.isEmpty()) return gson.toJson(mapOf("error" to "牌堆没有该颜色卡牌"))
for (g in Game.gameCache.values) {
GameExecutor.post(g) {
if (!g.isStarted || g.fsm == null || g.fsm is WaitForSelectRole) return@post
Expand Down Expand Up @@ -66,11 +66,11 @@ class Addmessagecard : Function<Map<String, String>, Any> {
}
}
}
"{\"msg\": \"成功\"}"
gson.toJson(mapOf("msg" to "成功"))
} catch (e: NumberFormatException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
} catch (e: NullPointerException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
}
}
}
6 changes: 3 additions & 3 deletions src/main/kotlin/gm/Addnotify.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,11 @@ class Addnotify : Function<Map<String, String>, Any> {
val qq = form["qq"]!!.toLong()
val onStart = (form["when"]?.toInt() ?: 0) == 0
val result = QQPusher.addIntoNotifyQueue(qq, onStart)
"{\"result\": $result}"
gson.toJson(mapOf("result" to result))
} catch (e: NumberFormatException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
} catch (e: NullPointerException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
}
}
}
6 changes: 3 additions & 3 deletions src/main/kotlin/gm/Addrobot.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,11 @@ class Addrobot : Function<Map<String, String>, Any> {
}
}
}
"{\"msg\": \"success\"}"
gson.toJson(mapOf("msg" to "success"))
} catch (e: NumberFormatException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
} catch (e: NullPointerException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
}
}
}
10 changes: 5 additions & 5 deletions src/main/kotlin/gm/Forbidplayer.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,14 @@ class Forbidplayer : Function<Map<String, String>, Any> {
return try {
val name = form["name"]!!
val hours = form["hour"]!!.toInt()
if (hours <= 0) return "{\"error\": \"参数错误\"}"
if (hours <= 0) return gson.toJson(mapOf("error" to "参数错误"))
if (Statistics.forbidPlayer(name, hours))
"{\"result\": \"已将${name}封禁${hours}小时\"}"
else "{\"result\": \"找不到玩家\"}"
gson.toJson(mapOf("result" to "已将${name}封禁${hours}小时"))
else gson.toJson(mapOf("result" to "找不到玩家"))
} catch (e: NumberFormatException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
} catch (e: NullPointerException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
}
}
}
4 changes: 2 additions & 2 deletions src/main/kotlin/gm/Forbidrole.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ class Forbidrole : Function<Map<String, String>, Any> {
return try {
val name = form["name"]!!
val result = RoleCache.forbidRole(name)
"{\"result\": \"$result\"}"
gson.toJson(mapOf("result" to result))
} catch (e: NullPointerException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
}
}
}
4 changes: 2 additions & 2 deletions src/main/kotlin/gm/Forceend.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@ class Forceend : Function<Map<String, String>, Any> {
it.end(null, null, true)
}
}
"{\"result\": true}"
gson.toJson(mapOf("result" to true))
} catch (e: NullPointerException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
}
}
}
6 changes: 0 additions & 6 deletions src/main/kotlin/gm/Getallgames.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@ import com.fengsheng.Game
import com.fengsheng.GameExecutor
import com.fengsheng.HumanPlayer
import com.fengsheng.protos.Common
import com.google.gson.FieldNamingPolicy
import com.google.gson.GsonBuilder
import java.util.function.Function

class Getallgames : Function<Map<String, String>, Any> {
Expand Down Expand Up @@ -58,8 +56,4 @@ class Getallgames : Function<Map<String, String>, Any> {
val players: List<PlayerData>,
val playTime: Long
)

companion object {
private val gson = GsonBuilder().setFieldNamingPolicy(FieldNamingPolicy.LOWER_CASE_WITH_UNDERSCORES).create()
}
}
6 changes: 3 additions & 3 deletions src/main/kotlin/gm/Getlasttime.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,10 @@ class Getlasttime : Function<Map<String, String>, Any> {
return try {
val name = form["name"]!!
val playerInfo = Statistics.getPlayerInfo(name)
if (playerInfo == null || playerInfo.energy <= 0) "{\"result\": 0}"
else "{\"result\": ${System.currentTimeMillis() - playerInfo.lastTime}}"
if (playerInfo == null || playerInfo.energy <= 0) gson.toJson(mapOf("result" to 0))
else gson.toJson(mapOf("result" to System.currentTimeMillis() - playerInfo.lastTime))
} catch (e: NullPointerException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
}
}
}
24 changes: 12 additions & 12 deletions src/main/kotlin/gm/Getscore.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ class Getscore : Function<Map<String, String>, Any> {
val name = form["name"]!!
val playerInfo = Statistics.getPlayerInfo(name)
if (playerInfo == null) {
"{\"result\": \"${name}已身死道消\"}"
gson.toJson(mapOf("result" to "${name}已身死道消"))
} else {
val winRateSum = "%.2f%%".format(ScoreFactory.getAllWinRate())
val rbWinRateSum = "%.2f%%".format(ScoreFactory.getRBWinRate())
Expand All @@ -32,12 +32,12 @@ class Getscore : Function<Map<String, String>, Any> {
val blackWinRate =
if (blackGameCount == 0) "0.00%"
else "%.2f%%".format(playerInfo.blackWinCount * 100.0 / blackGameCount)
var s = "$name·$rank·$score,总场次:$total,胜率:$winRate\\n"
s += "-----------------------------------\\n"
s += "身份\\t 胜率\\t 平均胜率\\t 场次\\n"
s += "总计\\t $winRate\\t $winRateSum\\t $total\\n"
s += "军潜\\t $rbWinRate\\t $rbWinRateSum\\t $rbGameCount\\n"
s += "神秘人\\t $blackWinRate\\t $blackWinRateSum\\t $blackGameCount\\n"
var s = "$name·$rank·$score,总场次:$total,胜率:$winRate\n"
s += "---------------------------------\n"
s += "身份\t 胜率\t 平均胜率\t 场次\n"
s += "总计\t $winRate\t $winRateSum\t $total\n"
s += "军潜\t $rbWinRate\t $rbWinRateSum\t $rbGameCount\n"
s += "神秘人\t $blackWinRate\t $blackWinRateSum\t $blackGameCount\n"
listOf(Killer to "镇压者", Stealer to "篡夺者", Collector to "双面间谍",
Mutator to "诱变者", Pioneer to "先行者", Disturber to "搅局者", Sweeper to "清道夫"
).forEach { (secretTask, taskName) ->
Expand All @@ -47,18 +47,18 @@ class Getscore : Function<Map<String, String>, Any> {
if (gameCount1 == 0) "0.00%"
else "%.2f%%".format(winCount1 * 100.0 / gameCount1)
val winRateSum1 = "%.2f%%".format(ScoreFactory.getBlackWinRate(secretTask))
s += "$taskName\\t $winRate1\\t $winRateSum1\\t $gameCount1\\n"
s += "$taskName\t $winRate1\t $winRateSum1\t $gameCount1\n"
}
s += "-----------------------------------\\n"
s += "---------------------------------\n"
s += "剩余精力:$energy"
if (playerInfo.score != score) s += "(长期不打会掉分,打一场即可全部恢复)"
val history = QQPusher.getHistory(name)
if (history.isNotEmpty())
s += "\\n\\n最近${history.size}场战绩\\n" + history.joinToString(separator = "\\n")
"{\"result\": \"$s\"}"
s += "\n\n最近${history.size}场战绩\n" + history.joinToString(separator = "\n")
gson.toJson(mapOf("result" to s))
}
} catch (e: NullPointerException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
}
}
}
6 changes: 6 additions & 0 deletions src/main/kotlin/gm/Init.kt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
package com.fengsheng.gm

import com.google.gson.FieldNamingPolicy
import com.google.gson.GsonBuilder

internal val gson = GsonBuilder().setFieldNamingPolicy(FieldNamingPolicy.LOWER_CASE_WITH_UNDERSCORES).create()
10 changes: 5 additions & 5 deletions src/main/kotlin/gm/Register.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,14 @@ class Register : Function<Map<String, String>, Any> {
override fun apply(form: Map<String, String>): Any {
return try {
val name = form["name"]!!
if (name.length > 12) return "{\"error\": \"名字太长\"}"
if (invalidString.any { it in name }) return "{\"error\": \"名字中含有非法字符\"}"
if ("名字" in name) return "{\"error\": \"不能含有“名字”二字\"}"
if (name.length > 12) return gson.toJson(mapOf("error" to "名字太长"))
if (invalidString.any { it in name }) return gson.toJson(mapOf("error" to "名字中含有非法字符"))
if ("名字" in name) return gson.toJson(mapOf("error" to "不能含有“名字”二字"))
val result = Statistics.register(name)
Statistics.setTrialStartTime(name, System.currentTimeMillis())
"{\"result\": $result}"
gson.toJson(mapOf("result" to result))
} catch (e: NullPointerException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
}
}

Expand Down
6 changes: 3 additions & 3 deletions src/main/kotlin/gm/Releaseplayer.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,10 @@ class Releaseplayer : Function<Map<String, String>, Any> {
return try {
val name = form["name"]!!
if (Statistics.releasePlayer(name))
"{\"result\": \"${name}已解封\"}"
else "{\"result\": \"找不到玩家\"}"
gson.toJson(mapOf("result" to "${name}已解封"))
else gson.toJson(mapOf("result" to "找不到玩家"))
} catch (e: NullPointerException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
}
}
}
4 changes: 2 additions & 2 deletions src/main/kotlin/gm/Releaserole.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ class Releaserole : Function<Map<String, String>, Any> {
return try {
val name = form["name"]!!
val result = RoleCache.releaseRole(name)
"{\"result\": $result}"
gson.toJson(mapOf("result" to result))
} catch (e: NullPointerException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
}
}
}
6 changes: 3 additions & 3 deletions src/main/kotlin/gm/Resetpwd.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,11 @@ class Resetpwd : Function<Map<String, String>, Any> {
return try {
val name = form["name"]!!
if (Statistics.resetPassword(name))
"{\"result\": \"重置成功\"}"
gson.toJson(mapOf("result" to "重置成功"))
else
"{\"result\": \"玩家不存在\"}"
gson.toJson(mapOf("result" to "玩家不存在"))
} catch (e: NullPointerException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
}
}
}
2 changes: 1 addition & 1 deletion src/main/kotlin/gm/Resetseason.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,6 @@ import java.util.function.Function
class Resetseason : Function<Map<String, String>, Any> {
override fun apply(form: Map<String, String>): Any {
Statistics.resetSeason()
return "{\"result\": \"重置成功\"}"
return gson.toJson(mapOf("result" to "重置成功"))
}
}
4 changes: 2 additions & 2 deletions src/main/kotlin/gm/Setnotice.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ class Setnotice : Function<Map<String, String>, Any> {
val notice = form["notice"]!!
Config.Notice.set(notice)
Config.save()
"{\"result\": true}"
gson.toJson(mapOf("result" to true))
} catch (e: NullPointerException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
}
}
}
6 changes: 3 additions & 3 deletions src/main/kotlin/gm/Setversion.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,11 @@ class Setversion : Function<Map<String, String>, Any> {
val name = form["version"]!!
Config.ClientVersion.set(name.toInt())
Config.save()
"{\"result\": true}"
gson.toJson(mapOf("result" to true))
} catch (e: NumberFormatException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
} catch (e: NullPointerException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
}
}
}
8 changes: 4 additions & 4 deletions src/main/kotlin/gm/Updatewaitsecond.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,16 +8,16 @@ class Updatewaitsecond : Function<Map<String, String>, Any> {
return try {
val second = form["second"]!!.toInt()
if (second <= 0) {
"{\"result\": false}"
gson.toJson(mapOf("result" to false))
} else {
Config.WaitingSecond.set(second)
Config.save()
"{\"result\": true}"
gson.toJson(mapOf("result" to true))
}
} catch (e: NumberFormatException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
} catch (e: NullPointerException) {
"{\"error\": \"参数错误\"}"
gson.toJson(mapOf("error" to "参数错误"))
}
}
}
Loading

0 comments on commit 92cdc91

Please sign in to comment.