fix: Expensive command crash exploit

KitsuneLab-Development · Apr 25, 2024 · 99c4a47 · 99c4a47
1 parent 61afb68
commit 99c4a47
Show file tree

Hide file tree

Showing 6 changed files with 36 additions and 2 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,3 +1,7 @@
+-- 2023.04.16 - V4.1.7
+
+- fix: Expensive command crash exploit
+
 -- 2023.04.16 - V4.1.6
 
 - fix: Stats/Points not counted for bots even if they are enabled

diff --git a/K4-System/src/Models/PlayerModel.cs b/K4-System/src/Models/PlayerModel.cs
@@ -17,6 +17,7 @@ public class K4Player
 	public readonly CCSPlayerController Controller;
 	public readonly ulong SteamID;
 	public readonly string PlayerName;
+	public CounterStrikeSharp.API.Modules.Timers.Timer? cooldownTimer = null;
 
 	//** ? Data */
 	public RankData? rankData { get; set; }

diff --git a/K4-System/src/Module/Rank/RankCommands.cs b/K4-System/src/Module/Rank/RankCommands.cs
@@ -102,6 +102,18 @@ public void OnCommandRank(CCSPlayerController? player, CommandInfo info)
 				return;
 			}
 
+			if (k4player.cooldownTimer != null)
+			{
+				info.ReplyToCommand($" {plugin.Localizer["k4.general.prefix"]} {plugin.Localizer["k4.general.cooldown", Config.GeneralSettings.ExpensiveCommandCooldown]}");
+				return;
+			}
+
+			k4player.cooldownTimer = plugin.AddTimer(Config.GeneralSettings.ExpensiveCommandCooldown, () =>
+			{
+				k4player.cooldownTimer?.Kill();
+				k4player.cooldownTimer = null;
+			});
+
 			int printCount = 5;
 
 			if (int.TryParse(info.ArgByIndex(1), out int parsedInt))
@@ -169,6 +181,18 @@ public void OnCommandTop(CCSPlayerController? player, CommandInfo info)
 				return;
 			}
 
+			if (k4player.cooldownTimer != null)
+			{
+				info.ReplyToCommand($" {plugin.Localizer["k4.general.prefix"]} {plugin.Localizer["k4.general.cooldown", Config.GeneralSettings.ExpensiveCommandCooldown]}");
+				return;
+			}
+
+			k4player.cooldownTimer = plugin.AddTimer(Config.GeneralSettings.ExpensiveCommandCooldown, () =>
+			{
+				k4player.cooldownTimer?.Kill();
+				k4player.cooldownTimer = null;
+			});
+
 			int printCount = 5;
 
 			if (int.TryParse(info.ArgByIndex(1), out int parsedInt))

diff --git a/K4-System/src/Plugin/PluginConfig.cs b/K4-System/src/Plugin/PluginConfig.cs
@@ -40,6 +40,9 @@ public sealed class GeneralSettings
 		[JsonPropertyName("ffa-mode")]
 		public bool FFAMode { get; set; } = false;
 
+		[JsonPropertyName("expensive-command-cooldown")]
+		public int ExpensiveCommandCooldown { get; set; } = 3;
+
 		[JsonPropertyName("table-purge-days")]
 		public int TablePurgeDays { get; set; } = 30;
 
@@ -361,6 +364,6 @@ public sealed class PluginConfig : BasePluginConfig
 		public PointSettings PointSettings { get; set; } = new PointSettings();
 
 		[JsonPropertyName("ConfigVersion")]
-		public override int Version { get; set; } = 10;
+		public override int Version { get; set; } = 11;
 	}
 }
diff --git a/K4-System/src/Plugin/PluginManifest.cs b/K4-System/src/Plugin/PluginManifest.cs
@@ -10,7 +10,7 @@ public sealed partial class Plugin : BasePlugin
 
         public override string ModuleAuthor => "K4ryuu";
 
-        public override string ModuleVersion => "4.1.6 " +
+        public override string ModuleVersion => "4.1.7 " +
 #if RELEASE
             "(release)";
 #else

diff --git a/K4-System/src/lang/en.json b/K4-System/src/lang/en.json
@@ -44,6 +44,8 @@
   "k4.ranks.promote": "{silver}You have been {green}promoted {silver}to {0}{1}{silver}.",
   "k4.ranks.notenoughplayers": "{silver}There are not enough players on the server to gain points. You need at least {lime}{0} {silver}players.",
 
+  "k4.general.cooldown": "{lightred}Please wait {lime}{0} {silver}seconds before using this command again.",
+
   "k4.ranks.listitem": "{0}{1} - {2} Points",
   "k4.ranks.listdefault": "{0}{1} - Default Rank",
   "k4.ranks.selected.title": "{silver}Selected Rank: {0}{1}",