Skip to content

Commit 5ff0de0

Browse files
4ian4ian
authored
Reduce risk of AI using invalid property values for behaviors (#8185)
1 parent dea081a commit 5ff0de0

File tree

11 files changed

+233
-30
lines changed

11 files changed

+233
-30
lines changed

Extensions/3D/JsExtension.js

Lines changed: 28 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -851,16 +851,41 @@ module.exports = {
851851
objectContent[propertyName] = parseFloat(newValue);
852852
return true;
853853
}
854+
if (propertyName === 'facesOrientation') {
855+
const normalizedValue = newValue.toUpperCase();
856+
if (normalizedValue === 'Y' || normalizedValue === 'Z') {
857+
objectContent.facesOrientation = normalizedValue;
858+
return true;
859+
}
860+
return false;
861+
}
862+
if (propertyName === 'backFaceUpThroughWhichAxisRotation') {
863+
const normalizedValue = newValue.toUpperCase();
864+
if (normalizedValue === 'X' || normalizedValue === 'Y') {
865+
objectContent.backFaceUpThroughWhichAxisRotation = normalizedValue;
866+
return true;
867+
}
868+
return false;
869+
}
870+
if (propertyName === 'materialType') {
871+
const normalizedValue = newValue.toLowerCase();
872+
if (normalizedValue === 'basic') {
873+
objectContent.materialType = 'Basic';
874+
return true;
875+
}
876+
if (normalizedValue === 'standardwithoutmetalness') {
877+
objectContent.materialType = 'StandardWithoutMetalness';
878+
return true;
879+
}
880+
return false;
881+
}
854882
if (
855883
propertyName === 'frontFaceResourceName' ||
856884
propertyName === 'backFaceResourceName' ||
857885
propertyName === 'leftFaceResourceName' ||
858886
propertyName === 'rightFaceResourceName' ||
859887
propertyName === 'topFaceResourceName' ||
860888
propertyName === 'bottomFaceResourceName' ||
861-
propertyName === 'backFaceUpThroughWhichAxisRotation' ||
862-
propertyName === 'facesOrientation' ||
863-
propertyName === 'materialType' ||
864889
propertyName === 'tint'
865890
) {
866891
objectContent[propertyName] = newValue;

Extensions/3D/Model3DObjectConfiguration.cpp

Lines changed: 33 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -56,15 +56,45 @@ bool Model3DObjectConfiguration::UpdateProperty(const gd::String &propertyName,
5656
return true;
5757
}
5858
if (propertyName == "materialType") {
59-
materialType = newValue;
59+
auto normalizedValue = newValue.LowerCase();
60+
if (normalizedValue == "basic")
61+
materialType = "Basic";
62+
else if (normalizedValue == "standardwithoutmetalness")
63+
materialType = "StandardWithoutMetalness";
64+
else if (normalizedValue == "keeporiginal")
65+
materialType = "KeepOriginal";
66+
else
67+
return false;
6068
return true;
6169
}
6270
if (propertyName == "originLocation") {
63-
originLocation = newValue;
71+
auto normalizedValue = newValue.LowerCase();
72+
if (normalizedValue == "modelorigin")
73+
originLocation = "ModelOrigin";
74+
else if (normalizedValue == "topleft")
75+
originLocation = "TopLeft";
76+
else if (normalizedValue == "objectcenter")
77+
originLocation = "ObjectCenter";
78+
else if (normalizedValue == "bottomcenterz")
79+
originLocation = "BottomCenterZ";
80+
else if (normalizedValue == "bottomcentery")
81+
originLocation = "BottomCenterY";
82+
else
83+
return false;
6484
return true;
6585
}
6686
if (propertyName == "centerLocation") {
67-
centerLocation = newValue;
87+
auto normalizedValue = newValue.LowerCase();
88+
if (normalizedValue == "modelorigin")
89+
centerLocation = "ModelOrigin";
90+
else if (normalizedValue == "objectcenter")
91+
centerLocation = "ObjectCenter";
92+
else if (normalizedValue == "bottomcenterz")
93+
centerLocation = "BottomCenterZ";
94+
else if (normalizedValue == "bottomcentery")
95+
centerLocation = "BottomCenterY";
96+
else
97+
return false;
6898
return true;
6999
}
70100
if (propertyName == "keepAspectRatio") {

Extensions/BBText/JsExtension.js

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,30 @@ module.exports = {
3636
var objectBBText = new gd.ObjectJsImplementation();
3737
objectBBText.updateProperty = function (propertyName, newValue) {
3838
const objectContent = this.content;
39+
if (propertyName === 'align') {
40+
const normalizedValue = newValue.toLowerCase();
41+
if (
42+
normalizedValue === 'left' ||
43+
normalizedValue === 'center' ||
44+
normalizedValue === 'right'
45+
) {
46+
objectContent.align = normalizedValue;
47+
return true;
48+
}
49+
return false;
50+
}
51+
if (propertyName === 'verticalTextAlignment') {
52+
const normalizedValue = newValue.toLowerCase();
53+
if (
54+
normalizedValue === 'top' ||
55+
normalizedValue === 'center' ||
56+
normalizedValue === 'bottom'
57+
) {
58+
objectContent.verticalTextAlignment = normalizedValue;
59+
return true;
60+
}
61+
return false;
62+
}
3963
if (propertyName in objectContent) {
4064
if (typeof objectContent[propertyName] === 'boolean')
4165
objectContent[propertyName] = newValue === '1';

Extensions/BitmapText/JsExtension.js

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,30 @@ module.exports = {
3636
const bitmapTextObject = new gd.ObjectJsImplementation();
3737
bitmapTextObject.updateProperty = function (propertyName, newValue) {
3838
const objectContent = this.content;
39+
if (propertyName === 'align') {
40+
const normalizedValue = newValue.toLowerCase();
41+
if (
42+
normalizedValue === 'left' ||
43+
normalizedValue === 'center' ||
44+
normalizedValue === 'right'
45+
) {
46+
objectContent.align = normalizedValue;
47+
return true;
48+
}
49+
return false;
50+
}
51+
if (propertyName === 'verticalTextAlignment') {
52+
const normalizedValue = newValue.toLowerCase();
53+
if (
54+
normalizedValue === 'top' ||
55+
normalizedValue === 'center' ||
56+
normalizedValue === 'bottom'
57+
) {
58+
objectContent.verticalTextAlignment = normalizedValue;
59+
return true;
60+
}
61+
return false;
62+
}
3963
if (propertyName in objectContent) {
4064
if (typeof objectContent[propertyName] === 'boolean')
4165
objectContent[propertyName] = newValue === '1';

Extensions/ParticleSystem/ParticleEmitterObject.cpp

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -60,9 +60,17 @@ bool ParticleEmitterObject::UpdateProperty(const gd::String& propertyName,
6060
return true;
6161
}
6262
if (propertyName == "rendererType") {
63-
auto newRendererType = newValue == "Circle" ? Point
64-
: newValue == "Line" ? Line
65-
: Quad;
63+
auto normalizedValue = newValue.LowerCase();
64+
auto newRendererType = Point;
65+
if (normalizedValue == "circle") {
66+
newRendererType = Point;
67+
} else if (normalizedValue == "line") {
68+
newRendererType = Line;
69+
} else if (normalizedValue == "image") {
70+
newRendererType = Quad;
71+
} else {
72+
return false;
73+
}
6674
SetRendererType(newRendererType);
6775
if (newRendererType != Quad) {
6876
SetParticleTexture("");

Extensions/Physics2Behavior/JsExtension.js

Lines changed: 25 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,14 @@ module.exports = {
4343
newValue
4444
) {
4545
if (propertyName === 'bodyType') {
46-
behaviorContent.getChild('bodyType').setStringValue(newValue);
46+
const normalizedValue = newValue.toLowerCase();
47+
let bodyTypeValue = '';
48+
if (normalizedValue === 'static') bodyTypeValue = 'Static';
49+
else if (normalizedValue === 'dynamic') bodyTypeValue = 'Dynamic';
50+
else if (normalizedValue === 'kinematic') bodyTypeValue = 'Kinematic';
51+
else return false;
52+
53+
behaviorContent.getChild('bodyType').setStringValue(bodyTypeValue);
4754
return true;
4855
}
4956

@@ -65,7 +72,15 @@ module.exports = {
6572
}
6673

6774
if (propertyName === 'shape') {
68-
behaviorContent.getChild('shape').setStringValue(newValue);
75+
const normalizedValue = newValue.toLowerCase();
76+
let shapeValue = '';
77+
if (normalizedValue === 'box') shapeValue = 'Box';
78+
else if (normalizedValue === 'circle') shapeValue = 'Circle';
79+
else if (normalizedValue === 'edge') shapeValue = 'Edge';
80+
else if (normalizedValue === 'polygon') shapeValue = 'Polygon';
81+
else return false;
82+
83+
behaviorContent.getChild('shape').setStringValue(shapeValue);
6984
return true;
7085
}
7186

@@ -106,7 +121,14 @@ module.exports = {
106121
}
107122

108123
if (propertyName === 'polygonOrigin') {
109-
behaviorContent.addChild('polygonOrigin').setStringValue(newValue);
124+
const normalizedValue = newValue.toLowerCase();
125+
let originValue = '';
126+
if (normalizedValue === 'center') originValue = 'Center';
127+
else if (normalizedValue === 'origin') originValue = 'Origin';
128+
else if (normalizedValue === 'topleft') originValue = 'TopLeft';
129+
else return false;
130+
131+
behaviorContent.addChild('polygonOrigin').setStringValue(originValue);
110132
return true;
111133
}
112134

Extensions/Physics3DBehavior/JsExtension.js

Lines changed: 32 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -48,10 +48,18 @@ module.exports = {
4848
}
4949

5050
if (propertyName === 'bodyType') {
51-
behaviorContent.getChild('bodyType').setStringValue(newValue);
51+
const normalizedValue = newValue.toLowerCase();
52+
let bodyTypeValue = '';
53+
if (normalizedValue === 'static') bodyTypeValue = 'Static';
54+
else if (normalizedValue === 'dynamic') bodyTypeValue = 'Dynamic';
55+
else if (normalizedValue === 'kinematic') bodyTypeValue = 'Kinematic';
56+
else return false;
57+
58+
behaviorContent.getChild('bodyType').setStringValue(bodyTypeValue);
5259
if (
53-
newValue !== 'Static' &&
54-
behaviorContent.getChild('shape').getStringValue() === 'Mesh'
60+
bodyTypeValue !== 'Static' &&
61+
behaviorContent.getChild('shape').getStringValue().toLowerCase() ===
62+
'mesh'
5563
) {
5664
behaviorContent.getChild('shape').setStringValue('Box');
5765
}
@@ -71,8 +79,17 @@ module.exports = {
7179
}
7280

7381
if (propertyName === 'shape') {
74-
behaviorContent.getChild('shape').setStringValue(newValue);
75-
if (newValue === 'Mesh') {
82+
const normalizedValue = newValue.toLowerCase();
83+
let shapeValue = '';
84+
if (normalizedValue === 'box') shapeValue = 'Box';
85+
else if (normalizedValue === 'capsule') shapeValue = 'Capsule';
86+
else if (normalizedValue === 'sphere') shapeValue = 'Sphere';
87+
else if (normalizedValue === 'cylinder') shapeValue = 'Cylinder';
88+
else if (normalizedValue === 'mesh') shapeValue = 'Mesh';
89+
else return false;
90+
91+
behaviorContent.getChild('shape').setStringValue(shapeValue);
92+
if (shapeValue === 'Mesh') {
7693
behaviorContent.getChild('bodyType').setStringValue('Static');
7794
}
7895
return true;
@@ -86,7 +103,16 @@ module.exports = {
86103
}
87104

88105
if (propertyName === 'shapeOrientation') {
89-
behaviorContent.getChild('shapeOrientation').setStringValue(newValue);
106+
const normalizedValue = newValue.toLowerCase();
107+
let orientationValue = '';
108+
if (normalizedValue === 'x') orientationValue = 'X';
109+
else if (normalizedValue === 'y') orientationValue = 'Y';
110+
else if (normalizedValue === 'z') orientationValue = 'Z';
111+
else return false;
112+
113+
behaviorContent
114+
.getChild('shapeOrientation')
115+
.setStringValue(orientationValue);
90116
return true;
91117
}
92118

Extensions/PrimitiveDrawing/ShapePainterObject.cpp

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -187,8 +187,13 @@ bool ShapePainterObject::UpdateProperty(const gd::String& propertyName,
187187
}
188188

189189
if (propertyName == "antialiasing") {
190-
SetAntialiasing(newValue);
191-
return true;
190+
auto normalizedValue = newValue.LowerCase();
191+
if (normalizedValue == "none" || normalizedValue == "low" ||
192+
normalizedValue == "medium" || normalizedValue == "high") {
193+
SetAntialiasing(normalizedValue);
194+
return true;
195+
}
196+
return false;
192197
}
193198

194199
return false;

Extensions/SaveState/JsExtension.js

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -407,10 +407,20 @@ module.exports = {
407407
newValue
408408
) {
409409
if (propertyName === 'defaultProfilePersistence') {
410-
behaviorContent
411-
.getChild('defaultProfilePersistence')
412-
.setStringValue(newValue);
413-
return true;
410+
const normalizedValue = newValue.toLowerCase();
411+
if (normalizedValue === 'persisted') {
412+
behaviorContent
413+
.getChild('defaultProfilePersistence')
414+
.setStringValue('Persisted');
415+
return true;
416+
}
417+
if (normalizedValue === 'donotsave') {
418+
behaviorContent
419+
.getChild('defaultProfilePersistence')
420+
.setStringValue('DoNotSave');
421+
return true;
422+
}
423+
return false;
414424
}
415425
if (propertyName === 'persistedInProfiles') {
416426
behaviorContent

Extensions/TextInput/JsExtension.js

Lines changed: 25 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -46,8 +46,21 @@ module.exports = {
4646
objectContent.fontSize = Math.max(1, parseFloat(newValue));
4747
return true;
4848
} else if (propertyName === 'inputType') {
49-
objectContent.inputType = newValue;
50-
return true;
49+
const normalizedValue = newValue.toLowerCase();
50+
if (
51+
normalizedValue === 'text' ||
52+
normalizedValue === 'text area' ||
53+
normalizedValue === 'email' ||
54+
normalizedValue === 'password' ||
55+
normalizedValue === 'number' ||
56+
normalizedValue === 'telephone number' ||
57+
normalizedValue === 'url' ||
58+
normalizedValue === 'search'
59+
) {
60+
objectContent.inputType = normalizedValue;
61+
return true;
62+
}
63+
return false;
5164
} else if (propertyName === 'textColor') {
5265
objectContent.textColor = newValue;
5366
return true;
@@ -91,8 +104,16 @@ module.exports = {
91104
objectContent.paddingY = Math.max(0, parseFloat(newValue));
92105
return true;
93106
} else if (propertyName === 'textAlign') {
94-
objectContent.textAlign = newValue;
95-
return true;
107+
const normalizedValue = newValue.toLowerCase();
108+
if (
109+
normalizedValue === 'left' ||
110+
normalizedValue === 'center' ||
111+
normalizedValue === 'right'
112+
) {
113+
objectContent.textAlign = normalizedValue;
114+
return true;
115+
}
116+
return false;
96117
}
97118

98119
return false;

0 commit comments

Comments
 (0)