more remotecall security

Author: kellyelton

.gitignore

@@ -80,4 +80,6 @@ _TeamCity.OCTGN
 /installer/*.exe
 /.HistoryData
 /packages
-/octgnFX/Octgn.Desktop/Packages/octgn.packages.jodsengine/engine
+/octgnFX/Octgn.Desktop/Packages/octgn.packages.joodsengine/engine
+*TestResults.xml
+*TestResult.xml

octgnFX/Octgn.JodsEngine/Octgn.JodsEngine_qm2tucxo_wpftmp.csproj

@@ -0,0 +1,42 @@
+using System;
+
+namespace Octgn.Scripting
+{
+    /// <summary>
+    /// Interface for the scripting engine to enable testing
+    /// </summary>
+    public interface IScriptingEngine : IDisposable
+    {
+        /// <summary>
+        /// Executes a function securely with validation
+        /// </summary>
+        void ExecuteFunctionSecureNoFormat(string function, string args);
+
+        /// <summary>
+        /// Executes a function without security validation
+        /// </summary>
+        void ExecuteFunctionNoFormat(string function, string args);
+    }
+
+    /// <summary>
+    /// Interface for function existence validation - allows mocking in tests
+    /// </summary>
+    public interface IFunctionValidator
+    {
+        /// <summary>
+        /// Checks if a function exists and is callable in the current scope
+        /// </summary>
+        bool IsFunctionAvailable(string functionName, out object functionObject);
+    }
+
+    /// <summary>
+    /// Interface for code execution - allows mocking in tests
+    /// </summary>
+    public interface ICodeExecutor
+    {
+        /// <summary>
+        /// Executes the function with the given arguments
+        /// </summary>
+        void ExecuteFunction(string function, string args);
+    }
+}

octgnFX/Octgn.JodsEngine/Scripting/Engine.cs

@@ -0,0 +1,80 @@
+using System;
+using Microsoft.Scripting.Hosting;
+
+namespace Octgn.JodsEngine.Scripting
+{
+    /// <summary>
+    /// Default implementation of IFunctionValidator that checks actual scope
+    /// </summary>
+    public class DefaultFunctionValidator : IFunctionValidator
+    {
+        private readonly ScriptScope _scope;
+
+        public DefaultFunctionValidator(ScriptScope scope)
+        {
+            _scope = scope ?? throw new ArgumentNullException(nameof(scope));
+        }
+
+        public bool IsFunctionAvailable(string functionName)
+        {
+            if (string.IsNullOrEmpty(functionName))
+                return false;
+
+            return _scope.TryGetVariable(functionName, out var functionObject) && functionObject != null;
+        }
+    }
+
+    /// <summary>
+    /// Default implementation of ICodeExecutor that executes actual code
+    /// </summary>
+    public class DefaultCodeExecutor : ICodeExecutor
+    {
+        private readonly Action<string, string> _executeFunction;
+
+        public DefaultCodeExecutor(Action<string, string> executeFunction)
+        {
+            _executeFunction = executeFunction ?? throw new ArgumentNullException(nameof(executeFunction));
+        }
+
+        public void ExecuteFunction(string functionName, string arguments)
+        {
+            _executeFunction(functionName, arguments);
+        }
+    }
+
+    /// <summary>
+    /// Mock implementation of IFunctionValidator for testing
+    /// </summary>
+    public class MockFunctionValidator : IFunctionValidator
+    {
+        private readonly Func<string, bool> _isAvailableFunc;
+
+        public MockFunctionValidator(Func<string, bool> isAvailableFunc = null)
+        {
+            _isAvailableFunc = isAvailableFunc ?? (_ => true); // Default to allowing all functions
+        }
+
+        public bool IsFunctionAvailable(string functionName)
+        {
+            return _isAvailableFunc(functionName);
+        }
+    }
+
+    /// <summary>
+    /// Mock implementation of ICodeExecutor for testing
+    /// </summary>
+    public class MockCodeExecutor : ICodeExecutor
+    {
+        private readonly Action<string, string> _executeAction;
+
+        public MockCodeExecutor(Action<string, string> executeAction = null)
+        {
+            _executeAction = executeAction ?? ((f, a) => { }); // Default to no-op
+        }
+
+        public void ExecuteFunction(string functionName, string arguments)
+        {
+            _executeAction(functionName, arguments);
+        }
+    }
+}

octgnFX/Octgn.JodsEngine/Scripting/IScriptingEngine.cs

@@ -107,6 +107,7 @@
     <Compile Include="Networking\SocketBase.cs" />
     <Compile Include="Networking\SocketMessageProcessorBase.cs" />
     <Compile Include="Networking\SocketReceiveBundle.cs" />
+    <Compile Include="Scripting\ScriptingInterfaces.cs" />
     <Compile Include="SavedPasswordManager.cs" />
     <Compile Include="Paths.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />

octgnFX/Octgn.JodsEngine/Scripting/ScriptingInterfaces.cs

@@ -0,0 +1,103 @@
+using System;
+
+namespace Octgn.Library.Scripting
+{
+    /// <summary>
+    /// Interface for the scripting engine to support dependency injection
+    /// </summary>
+    public interface IScriptingEngine : IDisposable
+    {
+        void ExecuteFunctionSecureNoFormat(string function, string args);
+    }
+
+    /// <summary>
+    /// Interface for validating function availability
+    /// </summary>
+    public interface IFunctionValidator
+    {
+        bool IsFunctionAvailable(string functionName);
+    }
+
+    /// <summary>
+    /// Interface for executing code
+    /// </summary>
+    public interface ICodeExecutor
+    {
+        void ExecuteFunction(string functionName, string arguments);
+    }
+
+    /// <summary>
+    /// Default implementation of IFunctionValidator that checks actual scope
+    /// </summary>
+    public class DefaultFunctionValidator : IFunctionValidator
+    {
+        private readonly Func<string, bool> _checkFunction;
+
+        public DefaultFunctionValidator(Func<string, bool> checkFunction)
+        {
+            _checkFunction = checkFunction ?? throw new ArgumentNullException(nameof(checkFunction));
+        }
+
+        public bool IsFunctionAvailable(string functionName)
+        {
+            if (string.IsNullOrEmpty(functionName))
+                return false;
+
+            return _checkFunction(functionName);
+        }
+    }
+
+    /// <summary>
+    /// Default implementation of ICodeExecutor that executes actual code
+    /// </summary>
+    public class DefaultCodeExecutor : ICodeExecutor
+    {
+        private readonly Action<string, string> _executeFunction;
+
+        public DefaultCodeExecutor(Action<string, string> executeFunction)
+        {
+            _executeFunction = executeFunction ?? throw new ArgumentNullException(nameof(executeFunction));
+        }
+
+        public void ExecuteFunction(string functionName, string arguments)
+        {
+            _executeFunction(functionName, arguments);
+        }
+    }
+
+    /// <summary>
+    /// Mock implementation of IFunctionValidator for testing
+    /// </summary>
+    public class MockFunctionValidator : IFunctionValidator
+    {
+        private readonly Func<string, bool> _isAvailableFunc;
+
+        public MockFunctionValidator(Func<string, bool> isAvailableFunc = null)
+        {
+            _isAvailableFunc = isAvailableFunc ?? (_ => true); // Default to allowing all functions
+        }
+
+        public bool IsFunctionAvailable(string functionName)
+        {
+            return _isAvailableFunc(functionName);
+        }
+    }
+
+    /// <summary>
+    /// Mock implementation of ICodeExecutor for testing
+    /// </summary>
+    public class MockCodeExecutor : ICodeExecutor
+    {
+        private readonly Action<string, string> _executeAction;
+
+        public MockCodeExecutor(Action<string, string> executeAction = null)
+        {
+            _executeAction = executeAction ?? ((f, a) => { }); // Default to no-op
+        }
+
+        public void ExecuteFunction(string functionName, string arguments)
+        {
+            _executeAction(functionName, arguments);
+        }
+    }
+}

octgnFX/Octgn.Library/Octgn.Library.csproj

@@ -262,6 +262,14 @@
         <assemblyIdentity name="Castle.Core" publicKeyToken="407dd0808d44fbdc" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />
       </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="Microsoft.Scripting" publicKeyToken="7f709c5b713576e1" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-1.3.3.0" newVersion="1.3.3.0" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="Microsoft.Dynamic" publicKeyToken="7f709c5b713576e1" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-1.3.3.0" newVersion="1.3.3.0" />
+      </dependentAssembly>
     </assemblyBinding>
   </runtime>
 </configuration>

octgnFX/Octgn.Library/Scripting/ScriptingInterfaces.cs

@@ -115,6 +115,10 @@
     <Reference Include="nunit.framework, Version=3.13.3.0, Culture=neutral, PublicKeyToken=2638cd05610744eb, processorArchitecture=MSIL">
       <HintPath>..\..\packages\NUnit.3.13.3\lib\net45\nunit.framework.dll</HintPath>
     </Reference>
+    <Reference Include="NUnit3.TestAdapter, Version=5.0.0.0, Culture=neutral, PublicKeyToken=4cb40d35494691ac, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\NUnit3TestAdapter.5.0.0\lib\net462\NUnit3.TestAdapter.dll</HintPath>
+      <Private>False</Private>
+    </Reference>
     <Reference Include="System" />
     <Reference Include="System.Configuration" />
     <Reference Include="System.Net" />
@@ -130,11 +134,12 @@
     <Compile Include="Library\Networking\GameBroadcastingTests.cs" />
     <Compile Include="OctgnApp\Play\State\GameSaveTests.cs" />
     <Compile Include="OctgnApp\Play\State\StateSaveTests.cs" />
+    <Compile Include="OctgnApp\Scripting\RemoteCallValidUseCasesTests.cs" />
+    <Compile Include="OctgnApp\Scripting\SecurityTests.cs" />
     <Compile Include="OctgnApp\Scripting\Versioning.cs" />
     <Compile Include="PlayGround.cs" />
     <Compile Include="Server\GameStatusResetTests.cs" />
     <Compile Include="Server\ServerPortReuseTests.cs" />
-
     <Compile Include="Utils\HttpEcho.cs" />
     <Compile Include="VersionTest.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
@@ -168,6 +173,10 @@
       <Project>{6dd203af-5003-4af3-a982-67f10b704d4a}</Project>
       <n>Octgn.Server</n>
     </ProjectReference>
+    <ProjectReference Include="..\Octgn.JodsEngine\Octgn.JodsEngine.csproj">
+      <Project>{74009662-AA58-4A94-97B6-1AD019ECA302}</Project>
+      <n>Octgn.JodsEngine</n>
+    </ProjectReference>
   </ItemGroup>
   <ItemGroup>
     <None Include="App.config" />