From 9ac7a42c1a4d024afa832d21152c381799a064fc Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Sun, 7 Jul 2024 19:12:48 -0500 Subject: [PATCH] Security: Remove simulate feature that actually executes a script. The simulate is setup to actually execute scripts via a fake script execution. This is not intended to do anything other than to catch problems in the script setup. I have come to the realization that a malicious actor could setup a custom scripting engine to be executed on simulation. An oblivious user could then be performing a simulation with the expectation that nothing actually happens while the malicious scripting engine performs some nefarious activity. Strip out the fake script execution to prevent this behavior. This is a loss of some functionality but I prefer the safety over this potential bad behavior. --- level_3/controller/c/rule/private-rule.c | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/level_3/controller/c/rule/private-rule.c b/level_3/controller/c/rule/private-rule.c index afc5825..3ecc7f1 100644 --- a/level_3/controller/c/rule/private-rule.c +++ b/level_3/controller/c/rule/private-rule.c @@ -1463,12 +1463,6 @@ extern "C" { status = F_status_set_error(F_interrupt); } } - - if (F_status_set_fine(status) != F_interrupt) { - fl_execute_parameter_t simulated_parameter = macro_fl_execute_parameter_t_initialize(execute_set->parameter.option, execute_set->parameter.wait, process->rule.has & controller_rule_has_environment_d ? execute_set->parameter.environment : 0, execute_set->parameter.signals, &f_string_empty_s); - - status = fll_execute_program(*main->default_engine, process->rule.engine_arguments, &simulated_parameter, &execute_set->as, (void *) &result); - } } else { status = fll_execute_program(program, arguments, &execute_set->parameter, &execute_set->as, (void *) &result); @@ -1719,13 +1713,6 @@ extern "C" { status = F_status_set_error(F_interrupt); } } - - if (F_status_set_fine(status) != F_interrupt) { - const f_string_statics_t simulated_arguments = f_string_statics_t_initialize; - fl_execute_parameter_t simulated_parameter = macro_fl_execute_parameter_t_initialize(execute_set->parameter.option, execute_set->parameter.wait, process->rule.has & controller_rule_has_environment_d ? execute_set->parameter.environment : 0, execute_set->parameter.signals, &f_string_empty_s); - - status = fll_execute_program(*main->default_engine, simulated_arguments, &simulated_parameter, &execute_set->as, (void *) &result); - } } else { status = fll_execute_program(program, arguments, &execute_set->parameter, &execute_set->as, (void *) &result); -- 1.8.3.1