From 53b281c5f77116b7748d1f7526925ddba71753a0 Mon Sep 17 00:00:00 2001
From: pongo1231 <pongo1999712@gmail.com>
Date: Thu, 30 Jan 2025 21:57:51 +0000
Subject: [PATCH] ChaosMod/LuaScripts: Properly block most exposables during
 script eval

---
 ChaosMod/Components/LuaScripts.cpp | 29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)

diff --git a/ChaosMod/Components/LuaScripts.cpp b/ChaosMod/Components/LuaScripts.cpp
index fe4720af0..c765a534f 100644
--- a/ChaosMod/Components/LuaScripts.cpp
+++ b/ChaosMod/Components/LuaScripts.cpp
@@ -292,7 +292,7 @@ struct ExposableFunc
 		ExposeFunc(state);
 	}
 };
-static const std::vector<ExposableFunc> ms_Exposables {
+static const std::vector<ExposableFunc> ms_SafeExposables {
 	E("GetTickCount", GetTickCount64),
 	E("GET_HASH_KEY", GET_HASH_KEY),
 	E("print", [](const sol::this_environment &curEnv, const std::string &text)
@@ -313,6 +313,11 @@ static const std::vector<ExposableFunc> ms_Exposables {
 
 	      return false;
 	  }),
+	E("GetChaosModVersion", []() { return MOD_VERSION; }),
+	E("GetGameBuild", Memory::GetGameBuild),
+};
+static const std::vector<ExposableFunc> ms_UnsafeExposables {
+	E("WAIT", WAIT),
 	E("APPLY_FORCE_TO_ENTITY", APPLY_FORCE_TO_ENTITY),
 	E("APPLY_FORCE_TO_ENTITY_CENTER_OF_MASS", APPLY_FORCE_TO_ENTITY_CENTER_OF_MASS),
 	E("LoadModel", LoadModel),
@@ -360,8 +365,6 @@ static const std::vector<ExposableFunc> ms_Exposables {
 	      return LuaVector3(result.x, result.y, result.z);
 	  }),
 	E("IsWeaponShotgun", Util::IsWeaponShotgun),
-	E("GetChaosModVersion", []() { return MOD_VERSION; }),
-	E("GetGameBuild", Memory::GetGameBuild),
 	E("AddCustomLabel", Hooks::AddCustomLabel),
 	E("DisplayHelpText", DisplayHelpText),
 	E("GetRandomInt",
@@ -467,7 +470,9 @@ LuaScripts::LuaScripts()
 		{
 			return LuaInvoke(curEnv, hash, returnType, args);
 		};
-		m_GlobalState["WAIT"] = WAIT;
+
+		for (const auto &exposable : ms_UnsafeExposables)
+			exposable(m_GlobalState);
 	}
 	else
 	{
@@ -477,10 +482,12 @@ LuaScripts::LuaScripts()
 			LOG("WARNING: Blocked invocation of native 0x" << std::uppercase << std::hex << hash << std::setfill(' ')
 			                                               << " during script evaluation!");
 		};
-		m_GlobalState["WAIT"] = []()
-		{
-			LOG("WARNING: Blocked invocation of WAIT during script evaluation!");
-		};
+
+		for (const auto &exposable : ms_UnsafeExposables)
+			m_GlobalState[exposable.Name] = [&]()
+			{
+				LOG("WARNING: Blocked invocation of mod function " << exposable.Name << " during script evaluation!");
+			};
 	}
 
 	for (auto dir : ms_ScriptDirs)
@@ -512,7 +519,9 @@ LuaScripts::LuaScripts()
 		{
 			return LuaInvoke(curEnv, hash, returnType, args);
 		};
-		m_GlobalState["WAIT"] = WAIT;
+
+		for (const auto &exposable : ms_UnsafeExposables)
+			exposable(m_GlobalState);
 	}
 }
 
@@ -603,7 +612,7 @@ void LuaScripts::SetupGlobalState()
 	m_GlobalState.new_enum("EOverrideShaderType", "LensDistortion", OverrideShaderType::LensDistortion, "Snow",
 	                       OverrideShaderType::Snow);
 
-	for (const auto &exposable : ms_Exposables)
+	for (const auto &exposable : ms_SafeExposables)
 		exposable(m_GlobalState);
 }