Skip to content

Commit

Permalink
feat: block ScriptEditorService, only unblock when .Source access is …
Browse files Browse the repository at this point in the history 
…permitted and allowed.
  • Loading branch information
@SecondNewtonLaw
SecondNewtonLaw committed Sep 4, 2024
1 parent 27a3930 commit d806b01
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 4 deletions.
3 changes: 3 additions & 0 deletions Communication/Communication.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -358,13 +358,16 @@ bool Communication::CanAccessScriptSource() const { return this->m_bAllowScriptS
logger->PrintWarning(RbxStu::Communication,
"Access to .Source on scripts has been allowed.!");
communication->m_bAllowScriptSourceAccess = sourceAccess;
environmentManager->SetServiceBlocked("ScriptEditorService", false);
} else if (ret == IDNO) {
logger->PrintWarning(RbxStu::Communication,
"Access to .Source on scripts has been kept disabled!");
environmentManager->SetServiceBlocked("ScriptEditorService", true);
}
} else {
logger->PrintWarning(RbxStu::Communication, "Access to .Source has been disabled");
communication->m_bAllowScriptSourceAccess = sourceAccess;
environmentManager->SetServiceBlocked("ScriptEditorService", true);
}

wasSuccess = true;
Expand Down
2 changes: 1 addition & 1 deletion Communication/Communication.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ class Communication final {

std::queue<ExecutionStatus> m_qExecutionReportsQueue;

RBX::DataModelType lCurrentExecutionDataModel = RBX::DataModelType_PlayClient;
RBX::DataModelType lCurrentExecutionDataModel = RBX::DataModelType_Edit; // RBX::DataModelType_PlayClient;

std::string m_szFingerprintHeader = "Solara-Fingerprint"; // Sorry quiving, imma steal it.

Expand Down
15 changes: 12 additions & 3 deletions Environment/EnvironmentManager.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,8 @@ static std::vector<std::string> blockedServices = {"linkingservice",
"sessionservice",
"studioservice",
"platformcloudstorageservice",
"startpageservice"};
"startpageservice",
"scripteditorservice"};

static std::vector<std::string> blockedFunctions = {
"openvideosfolder", "openscreenshotsfolder", "getrobuxbalance",
Expand Down Expand Up @@ -201,7 +202,8 @@ void EnvironmentManager::PushEnvironment(_In_ lua_State *L) {
}
}

if (!Communication::GetSingleton()->CanAccessScriptSource() && loweredIndex.find("source") != std::string::npos) {
if (!Communication::GetSingleton()->CanAccessScriptSource() &&
loweredIndex.find("source") != std::string::npos) {
Utilities::checkInstance(L, 1, "LuaSourceContainer");
lua_pushstring(L, "");
return 1;
Expand Down Expand Up @@ -381,8 +383,10 @@ void EnvironmentManager::PushEnvironment(_In_ lua_State *L) {
Scheduler::GetSingleton()->ScheduleJob(SchedulerJob(
R"(
local insertservice_LoadLocalAsset = clonefunction(cloneref(game.GetService(game, "InsertService")).LoadLocalAsset)
local insertservice_LoadAsset = clonefunction(cloneref(game.GetService(game, "InsertService")).LoadAsset)
local table_insert = clonefunction(table.insert)
local getreg = clonefunction(getreg)
local string_gsub = clonefunction(string.gsub)
local typeof = clonefunction(typeof)
local error = clonefunction(error)
local getfenv = clonefunction(getfenv)
Expand Down Expand Up @@ -505,7 +509,12 @@ end
getgenv().GetObjects = function(assetId)
local oldId = getidentity()
setidentity(8)
local obj = { insertservice_LoadLocalAsset(cloneref(game:GetService("InsertService")), assetId) }
local obj = {}
if (game:GetService("RunService"):IsClient()) then
obj = { insertservice_LoadLocalAsset(cloneref(game:GetService("InsertService")), assetId) }
else
obj = { insertservice_LoadAsset(cloneref(game:GetService("InsertService")), string_gsub(assetId, "rbxassetid://", "")) }
end
setIdentity_c(oldId)
return obj
end
Expand Down

0 comments on commit d806b01

Please sign in to comment.