From 6872661fd03649cc7a8762c41c16e9ee5a4de1c9 Mon Sep 17 00:00:00 2001 From: "Dylan K. Taylor" Date: Fri, 23 Feb 2024 14:10:02 +0000 Subject: [PATCH] Harden JsonMapper on login JSON handling --- composer.json | 2 +- composer.lock | 29 +++++++++---------- src/network/mcpe/auth/ProcessLoginTask.php | 2 ++ .../mcpe/handler/LoginPacketHandler.php | 2 ++ 4 files changed, 19 insertions(+), 16 deletions(-) diff --git a/composer.json b/composer.json index f99c44dc5..c3f94ad34 100644 --- a/composer.json +++ b/composer.json @@ -32,7 +32,7 @@ "ext-zlib": ">=1.2.11", "composer-runtime-api": "^2.0", "adhocore/json-comment": "~1.2.0", - "pocketmine/netresearch-jsonmapper": "~v4.2.1000", + "pocketmine/netresearch-jsonmapper": "~v4.4.999", "pocketmine/bedrock-block-upgrade-schema": "~3.5.0+bedrock-1.20.60", "pocketmine/bedrock-data": "~2.8.0+bedrock-1.20.60", "pocketmine/bedrock-item-upgrade-schema": "~1.7.0+bedrock-1.20.60", diff --git a/composer.lock b/composer.lock index 876e52fb7..9254bdff4 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "9e781d0fef7796616b0580e7b06cc6d1", + "content-hash": "14848cb7b70d0fa63ed46b30128c2320", "packages": [ { "name": "adhocore/json-comment", @@ -200,21 +200,20 @@ }, { "name": "pocketmine/bedrock-protocol", - "version": "27.0.1+bedrock-1.20.60", + "version": "27.0.2+bedrock-1.20.60", "source": { "type": "git", "url": "https://github.com/pmmp/BedrockProtocol.git", - "reference": "0cebb55f6e904f722b14d420f6b2c84c7fa69f10" + "reference": "6905865133b69da8c95a13c563d349e1993c06b8" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/pmmp/BedrockProtocol/zipball/0cebb55f6e904f722b14d420f6b2c84c7fa69f10", - "reference": "0cebb55f6e904f722b14d420f6b2c84c7fa69f10", + "url": "https://api.github.com/repos/pmmp/BedrockProtocol/zipball/6905865133b69da8c95a13c563d349e1993c06b8", + "reference": "6905865133b69da8c95a13c563d349e1993c06b8", "shasum": "" }, "require": { "ext-json": "*", - "netresearch/jsonmapper": "^4.0", "php": "^8.1", "pocketmine/binaryutils": "^0.2.0", "pocketmine/color": "^0.2.0 || ^0.3.0", @@ -241,9 +240,9 @@ "description": "An implementation of the Minecraft: Bedrock Edition protocol in PHP", "support": { "issues": "https://github.com/pmmp/BedrockProtocol/issues", - "source": "https://github.com/pmmp/BedrockProtocol/tree/27.0.1+bedrock-1.20.60" + "source": "https://github.com/pmmp/BedrockProtocol/tree/27.0.2+bedrock-1.20.60" }, - "time": "2024-02-07T11:53:50+00:00" + "time": "2024-02-23T13:43:39+00:00" }, { "name": "pocketmine/binaryutils", @@ -563,16 +562,16 @@ }, { "name": "pocketmine/netresearch-jsonmapper", - "version": "v4.2.1000", + "version": "v4.4.999", "source": { "type": "git", "url": "https://github.com/pmmp/netresearch-jsonmapper.git", - "reference": "078764e869e9b732f97206ec9363480a77c35532" + "reference": "9a6610033d56e358e86a3e4fd5f87063c7318833" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/pmmp/netresearch-jsonmapper/zipball/078764e869e9b732f97206ec9363480a77c35532", - "reference": "078764e869e9b732f97206ec9363480a77c35532", + "url": "https://api.github.com/repos/pmmp/netresearch-jsonmapper/zipball/9a6610033d56e358e86a3e4fd5f87063c7318833", + "reference": "9a6610033d56e358e86a3e4fd5f87063c7318833", "shasum": "" }, "require": { @@ -586,7 +585,7 @@ "netresearch/jsonmapper": "~4.2.0" }, "require-dev": { - "phpunit/phpunit": "~7.5 || ~8.0 || ~9.0", + "phpunit/phpunit": "~7.5 || ~8.0 || ~9.0 || ~10.0", "squizlabs/php_codesniffer": "~3.5" }, "type": "library", @@ -611,9 +610,9 @@ "support": { "email": "cweiske@cweiske.de", "issues": "https://github.com/cweiske/jsonmapper/issues", - "source": "https://github.com/pmmp/netresearch-jsonmapper/tree/v4.2.1000" + "source": "https://github.com/pmmp/netresearch-jsonmapper/tree/v4.4.999" }, - "time": "2023-07-14T10:44:14+00:00" + "time": "2024-02-23T13:17:01+00:00" }, { "name": "pocketmine/raklib", diff --git a/src/network/mcpe/auth/ProcessLoginTask.php b/src/network/mcpe/auth/ProcessLoginTask.php index 607b75c89..9078fca75 100644 --- a/src/network/mcpe/auth/ProcessLoginTask.php +++ b/src/network/mcpe/auth/ProcessLoginTask.php @@ -135,6 +135,7 @@ class ProcessLoginTask extends AsyncTask{ $mapper = new \JsonMapper(); $mapper->bExceptionOnMissingData = true; $mapper->bExceptionOnUndefinedProperty = true; + $mapper->bStrictObjectTypeChecking = true; $mapper->bEnforceMapType = false; try{ @@ -181,6 +182,7 @@ class ProcessLoginTask extends AsyncTask{ $mapper = new \JsonMapper(); $mapper->bExceptionOnUndefinedProperty = false; //we only care about the properties we're using in this case $mapper->bExceptionOnMissingData = true; + $mapper->bStrictObjectTypeChecking = true; $mapper->bEnforceMapType = false; $mapper->bRemoveUndefinedAttributes = true; try{ diff --git a/src/network/mcpe/handler/LoginPacketHandler.php b/src/network/mcpe/handler/LoginPacketHandler.php index 26e2bf028..2e3a51519 100644 --- a/src/network/mcpe/handler/LoginPacketHandler.php +++ b/src/network/mcpe/handler/LoginPacketHandler.php @@ -169,6 +169,7 @@ class LoginPacketHandler extends PacketHandler{ $mapper->bEnforceMapType = false; //TODO: we don't really need this as an array, but right now we don't have enough models $mapper->bExceptionOnMissingData = true; $mapper->bExceptionOnUndefinedProperty = true; + $mapper->bStrictObjectTypeChecking = true; try{ /** @var AuthenticationData $extraData */ $extraData = $mapper->map($claims["extraData"], new AuthenticationData()); @@ -197,6 +198,7 @@ class LoginPacketHandler extends PacketHandler{ $mapper->bEnforceMapType = false; //TODO: we don't really need this as an array, but right now we don't have enough models $mapper->bExceptionOnMissingData = true; $mapper->bExceptionOnUndefinedProperty = true; + $mapper->bStrictObjectTypeChecking = true; try{ $clientData = $mapper->map($clientDataClaims, new ClientData()); }catch(\JsonMapper_Exception $e){