fix: security vulnerabilities

Tested that all functions related to the touched files work will test sqlite on a CI build
2026-06-08 15:54:22 +00:00 · 2026-06-06 23:13:09 -07:00
parent 8e09ffd6e8
commit fb166bd24d
107 changed files with 786 additions and 512 deletions
--- a/dScripts/ai/AG/AgFans.cpp
+++ b/dScripts/ai/AG/AgFans.cpp
@@ -24,8 +24,11 @@ void AgFans::OnStartup(Entity* self) {
 }

 void AgFans::ToggleFX(Entity* self, bool hit) {
-	std::string fanGroup = self->GetGroups()[0];
-	std::vector<Entity*> fanVolumes = Game::entityManager->GetEntitiesInGroup(fanGroup);
+	const auto groups = self->GetGroups();
+	std::string fanGroup = groups.empty() ? "" : groups[0];
+	const auto fanVolumes = Game::entityManager->GetEntitiesInGroup(fanGroup);
+	const auto fxObjs = Game::entityManager->GetEntitiesInGroup(fanGroup + "fx");
+	auto* const fxObj = fxObjs.empty() ? nullptr : fxObjs[0];

 	auto* renderComponent = static_cast<RenderComponent*>(self->GetComponent(eReplicaComponentType::RENDER));

@@ -47,8 +50,7 @@ void AgFans::ToggleFX(Entity* self, bool hit) {
 			volumePhys->SetPhysicsEffectActive(false);
 			Game::entityManager->SerializeEntity(volume);
 			if (!hit) {
-				Entity* fxObj = Game::entityManager->GetEntitiesInGroup(fanGroup + "fx")[0];
-				RenderComponent::PlayAnimation(fxObj, u"trigger");
+				if (fxObj) RenderComponent::PlayAnimation(fxObj, u"trigger");
 			}
 		}
 	} else if (!self->GetVar<bool>(u"on") && self->GetVar<bool>(u"alive")) {
@@ -63,8 +65,7 @@ void AgFans::ToggleFX(Entity* self, bool hit) {
 			volumePhys->SetPhysicsEffectActive(true);
 			Game::entityManager->SerializeEntity(volume);
 			if (!hit) {
-				Entity* fxObj = Game::entityManager->GetEntitiesInGroup(fanGroup + "fx")[0];
-				RenderComponent::PlayAnimation(fxObj, u"idle");
+				if (fxObj) RenderComponent::PlayAnimation(fxObj, u"idle");
 			}
 		}
 	}
--- a/dScripts/ai/FV/FvBrickPuzzleServer.cpp
+++ b/dScripts/ai/FV/FvBrickPuzzleServer.cpp
@@ -6,6 +6,7 @@

 void FvBrickPuzzleServer::OnStartup(Entity* self) {
 	const auto myGroup = GeneralUtils::UTF16ToWTF8(self->GetVar<std::u16string>(u"spawner_name"));
+	if (myGroup.size() <= 10) return;

 	const auto pipeNum = GeneralUtils::TryParse<int32_t>(myGroup.substr(10, 1));
 	if (!pipeNum) return;
@@ -17,6 +18,7 @@ void FvBrickPuzzleServer::OnStartup(Entity* self) {

 void FvBrickPuzzleServer::OnDie(Entity* self, Entity* killer) {
 	const auto myGroup = GeneralUtils::UTF16ToWTF8(self->GetVar<std::u16string>(u"spawner_name"));
+	if (myGroup.size() <= 10) return;

 	const auto pipeNum = GeneralUtils::TryParse<int32_t>(myGroup.substr(10, 1));
 	if (!pipeNum) return;
--- a/dScripts/ai/FV/FvFacilityBrick.cpp
+++ b/dScripts/ai/FV/FvFacilityBrick.cpp
@@ -9,9 +9,12 @@ void FvFacilityBrick::OnStartup(Entity* self) {
 }

 void FvFacilityBrick::OnNotifyObject(Entity* self, Entity* sender, const std::string& name, int32_t param1, int32_t param2) {
-	auto* brickSpawner = Game::zoneManager->GetSpawnersByName("ImaginationBrick")[0];
-	auto* bugSpawner = Game::zoneManager->GetSpawnersByName("MaelstromBug")[0];
-	auto* canisterSpawner = Game::zoneManager->GetSpawnersByName("BrickCanister")[0];
+	const auto brickObjs = Game::zoneManager->GetSpawnersByName("ImaginationBrick");
+	auto* const brickSpawner = brickObjs.empty() ? nullptr : brickObjs[0];
+	const auto bugObjs = Game::zoneManager->GetSpawnersByName("MaelstromBug");
+	auto* const bugSpawner = bugObjs.empty() ? nullptr : bugObjs[0];
+	const auto canisterObjs = Game::zoneManager->GetSpawnersByName("BrickCanister");
+	auto* const canisterSpawner = canisterObjs.empty() ? nullptr : canisterObjs[0];

 	if (name == "ConsoleLeftUp") {
 		GameMessages::SendStopFXEffect(self, true, "LeftPipeOff");
@@ -62,7 +65,7 @@ void FvFacilityBrick::OnNotifyObject(Entity* self, Entity* sender, const std::st
 		canisterSpawner->Reset();
 		canisterSpawner->Deactivate();
 	} else if (self->GetVar<bool>(u"ConsoleLEFTActive") || self->GetVar<bool>(u"ConsoleRIGHTActive")) {
-		brickSpawner->Activate();
+		if (brickSpawner) brickSpawner->Activate();

 		auto* object = Game::entityManager->GetEntitiesInGroup("Brick")[0];

@@ -70,17 +73,25 @@ void FvFacilityBrick::OnNotifyObject(Entity* self, Entity* sender, const std::st
 			GameMessages::SendStopFXEffect(object, true, "bluebrick");
 		}

-		bugSpawner->Reset();
-		bugSpawner->Deactivate();
+		if (bugSpawner) {
+			bugSpawner->Reset();
+			bugSpawner->Deactivate();
+		}

-		canisterSpawner->Reset();
-		canisterSpawner->Activate();
+		if (canisterSpawner) {
+			canisterSpawner->Reset();
+			canisterSpawner->Activate();
+		}
 	} else {
-		brickSpawner->Reset();
-		brickSpawner->Deactivate();
+		if (brickSpawner) {
+			brickSpawner->Reset();
+			brickSpawner->Deactivate();
+		}

-		bugSpawner->Reset();
-		bugSpawner->Activate();
+		if (bugSpawner) {
+			bugSpawner->Reset();
+			bugSpawner->Activate();
+		}
 	}
 }

--- a/dScripts/ai/MINIGAME/SG_GF/SERVER/SGCannon.cpp
+++ b/dScripts/ai/MINIGAME/SG_GF/SERVER/SGCannon.cpp
@@ -241,7 +241,7 @@ void SGCannon::GameOverTimerFunc(Entity* self) {

 void SGCannon::DoSpawnTimerFunc(Entity* self, const std::string& name) {
 	if (self->GetVar<bool>(GameStartedVariable)) {
-		const auto spawnNumber = static_cast<uint32_t>(std::stoi(name.substr(7)));
+		const auto spawnNumber = GeneralUtils::TryParse(name.substr(7), 0);
 		const auto& activeSpawns = self->GetVar<std::vector<SGEnemy>>(ActiveSpawnsVariable);
 		if (activeSpawns.size() <= spawnNumber) {
 			LOG_DEBUG("Trying to spawn %i when spawns size is only %i", spawnNumber, activeSpawns.size());
--- a/dScripts/ai/NS/NsConcertQuickBuild.cpp
+++ b/dScripts/ai/NS/NsConcertQuickBuild.cpp
@@ -41,7 +41,9 @@ void NsConcertQuickBuild::OnStartup(Entity* self) {
 		return;

 	// Get the manager of the crate of this quick build
-	const auto groupNumber = std::stoi(splitGroup.at(3));
+	const auto groupNumber = GeneralUtils::TryParse(splitGroup.at(3), -1);
+	if (groupNumber == -1) return;
+
 	const auto managerObjects = Game::entityManager->GetEntitiesInGroup("CB_" + std::to_string(groupNumber));
 	if (managerObjects.empty())
 		return;
--- a/dScripts/ai/NS/NsGetFactionMissionServer.cpp
+++ b/dScripts/ai/NS/NsGetFactionMissionServer.cpp
@@ -42,8 +42,11 @@ void NsGetFactionMissionServer::OnRespondToMission(Entity* self, int missionID,
 		}

 		if (flagID != -1) {
-			player->GetCharacter()->SetPlayerFlag(ePlayerFlag::JOINED_A_FACTION, true);
-			player->GetCharacter()->SetPlayerFlag(flagID, true);
+			auto* const character = player->GetCharacter();
+			if (character) {
+				character->SetPlayerFlag(ePlayerFlag::JOINED_A_FACTION, true);
+				character->SetPlayerFlag(flagID, true);
+			}
 		}

 		MissionComponent* mis = static_cast<MissionComponent*>(player->GetComponent(eReplicaComponentType::MISSION));
--- a/dScripts/ai/PROPERTY/AG/AgPropGuard.cpp
+++ b/dScripts/ai/PROPERTY/AG/AgPropGuard.cpp
@@ -33,7 +33,8 @@ void AgPropGuard::OnMissionDialogueOK(Entity* self, Entity* target, int missionI
 		) {
 		//GameMessages::SendNotifyClientObject(Game::entityManager->GetZoneControlEntity()->GetObjectID(), u"GuardChat", target->GetObjectID(), 0, target->GetObjectID(), "", target->GetSystemAddress());

-		target->GetCharacter()->SetPlayerFlag(113, true);
+		auto* const character = target->GetCharacter();
+		if (character) character->SetPlayerFlag(113, true);

 		Game::entityManager->GetZoneControlEntity()->AddTimer("GuardFlyAway", 1.0f);
 	}