From 24020e4880906d44f86387bc90aad588eaf3e774 Mon Sep 17 00:00:00 2001 From: "v.alyamkin" Date: Mon, 2 Apr 2018 16:44:41 +0300 Subject: [PATCH 1/7] Extended log config initial --- Source/VaRestPlugin/Classes/VaRestSettings.h | 16 +++++++ Source/VaRestPlugin/Private/VaRestPlugin.cpp | 42 +++++++++++++++++++ .../VaRestPlugin/Private/VaRestSettings.cpp | 9 ++++ 3 files changed, 67 insertions(+) create mode 100644 Source/VaRestPlugin/Classes/VaRestSettings.h create mode 100644 Source/VaRestPlugin/Private/VaRestSettings.cpp diff --git a/Source/VaRestPlugin/Classes/VaRestSettings.h b/Source/VaRestPlugin/Classes/VaRestSettings.h new file mode 100644 index 00000000..0e1dbc59 --- /dev/null +++ b/Source/VaRestPlugin/Classes/VaRestSettings.h @@ -0,0 +1,16 @@ +// Copyright 2018 Vladimir Alyamkin. All Rights Reserved. + +#pragma once + +#include "VaRestSettings.generated.h" + +UCLASS(config = Engine, defaultconfig) +class UVaRestSettings : public UObject +{ + GENERATED_UCLASS_BODY() + +public: + /** */ + UPROPERTY(Config, EditAnywhere) + bool bExtendedLog; +}; diff --git a/Source/VaRestPlugin/Private/VaRestPlugin.cpp b/Source/VaRestPlugin/Private/VaRestPlugin.cpp index f6386199..9444b543 100644 --- a/Source/VaRestPlugin/Private/VaRestPlugin.cpp +++ b/Source/VaRestPlugin/Private/VaRestPlugin.cpp @@ -1,11 +1,19 @@ // Copyright 2014 Vladimir Alyamkin. All Rights Reserved. #include "VaRestPlugin.h" +#include "VaRestSettings.h" #include "VaRestJsonObject.h" #include "VaRestJsonValue.h" #include "VaRestRequestJSON.h" #include "VaRestPluginPrivatePCH.h" +//#include "UObject/Package.h" +//#include "Misc/ConfigCacheIni.h" + +#include "ISettingsModule.h" + +#define LOCTEXT_NAMESPACE "VaRest" + class FVaRestPlugin : public IVaRestPlugin { /** IModuleInterface implementation */ @@ -15,14 +23,48 @@ class FVaRestPlugin : public IVaRestPlugin UVaRestJsonObject::StaticClass(); UVaRestJsonValue::StaticClass(); UVaRestRequestJSON::StaticClass(); + + KitSettings = NewObject(GetTransientPackage(), "VaRestSettings", RF_Standalone); + KitSettings->AddToRoot(); + + // We need to manually load the config properties here, as this module is loaded before the UObject system is setup to do this + GConfig->GetBool(TEXT("/Script/VaRest.VaRestSettings"), TEXT("ExtendedLog"), KitSettings->bExtendedLog, GEngineIni); + + // Register settings + if (ISettingsModule* SettingsModule = FModuleManager::GetModulePtr("Settings")) + { + SettingsModule->RegisterSettings("Project", "Plugins", "VaRest", + LOCTEXT("RuntimeSettingsName", "VaRest Kit"), + LOCTEXT("RuntimeSettingsDescription", "Configure API keys for VaRest"), + KitSettings + ); + } } virtual void ShutdownModule() override { + if (ISettingsModule* SettingsModule = FModuleManager::GetModulePtr("Settings")) + { + SettingsModule->UnregisterSettings("Project", "Plugins", "VaRest"); + } + if (!GExitPurge) + { + // If we're in exit purge, this object has already been destroyed + KitSettings->RemoveFromRoot(); + } + else + { + KitSettings = nullptr; + } } + + /** Holds the plugin settings */ + UVaRestSettings* KitSettings; }; IMPLEMENT_MODULE( FVaRestPlugin, VaRestPlugin ) DEFINE_LOG_CATEGORY(LogVaRest); + +#undef LOCTEXT_NAMESPACE diff --git a/Source/VaRestPlugin/Private/VaRestSettings.cpp b/Source/VaRestPlugin/Private/VaRestSettings.cpp new file mode 100644 index 00000000..0f8c7e2c --- /dev/null +++ b/Source/VaRestPlugin/Private/VaRestSettings.cpp @@ -0,0 +1,9 @@ +// Copyright 2018 Vladimir Alyamkin. All Rights Reserved. + +#include "VaRestSettings.h" + +UVaRestSettings::UVaRestSettings(const FObjectInitializer& ObjectInitializer) + : Super(ObjectInitializer) +{ + +} From e810c5b22ab59586e11d4aa13cc397873408ecd2 Mon Sep 17 00:00:00 2001 From: "v.alyamkin" Date: Mon, 2 Apr 2018 17:32:03 +0300 Subject: [PATCH 2/7] Make logs secure by default #133 --- Source/VaRestPlugin/Classes/VaRestSettings.h | 2 +- Source/VaRestPlugin/Private/VaRestPlugin.cpp | 21 +--------------- .../Private/VaRestRequestJSON.cpp | 24 +++++++++++++++++-- 3 files changed, 24 insertions(+), 23 deletions(-) diff --git a/Source/VaRestPlugin/Classes/VaRestSettings.h b/Source/VaRestPlugin/Classes/VaRestSettings.h index 0e1dbc59..ffa4bc75 100644 --- a/Source/VaRestPlugin/Classes/VaRestSettings.h +++ b/Source/VaRestPlugin/Classes/VaRestSettings.h @@ -5,7 +5,7 @@ #include "VaRestSettings.generated.h" UCLASS(config = Engine, defaultconfig) -class UVaRestSettings : public UObject +class VARESTPLUGIN_API UVaRestSettings : public UObject { GENERATED_UCLASS_BODY() diff --git a/Source/VaRestPlugin/Private/VaRestPlugin.cpp b/Source/VaRestPlugin/Private/VaRestPlugin.cpp index 9444b543..85963a34 100644 --- a/Source/VaRestPlugin/Private/VaRestPlugin.cpp +++ b/Source/VaRestPlugin/Private/VaRestPlugin.cpp @@ -24,19 +24,13 @@ class FVaRestPlugin : public IVaRestPlugin UVaRestJsonValue::StaticClass(); UVaRestRequestJSON::StaticClass(); - KitSettings = NewObject(GetTransientPackage(), "VaRestSettings", RF_Standalone); - KitSettings->AddToRoot(); - - // We need to manually load the config properties here, as this module is loaded before the UObject system is setup to do this - GConfig->GetBool(TEXT("/Script/VaRest.VaRestSettings"), TEXT("ExtendedLog"), KitSettings->bExtendedLog, GEngineIni); - // Register settings if (ISettingsModule* SettingsModule = FModuleManager::GetModulePtr("Settings")) { SettingsModule->RegisterSettings("Project", "Plugins", "VaRest", LOCTEXT("RuntimeSettingsName", "VaRest Kit"), LOCTEXT("RuntimeSettingsDescription", "Configure API keys for VaRest"), - KitSettings + GetMutableDefault() ); } } @@ -47,20 +41,7 @@ class FVaRestPlugin : public IVaRestPlugin { SettingsModule->UnregisterSettings("Project", "Plugins", "VaRest"); } - - if (!GExitPurge) - { - // If we're in exit purge, this object has already been destroyed - KitSettings->RemoveFromRoot(); - } - else - { - KitSettings = nullptr; - } } - - /** Holds the plugin settings */ - UVaRestSettings* KitSettings; }; IMPLEMENT_MODULE( FVaRestPlugin, VaRestPlugin ) diff --git a/Source/VaRestPlugin/Private/VaRestRequestJSON.cpp b/Source/VaRestPlugin/Private/VaRestRequestJSON.cpp index 5f4e3faa..d61aab72 100644 --- a/Source/VaRestPlugin/Private/VaRestRequestJSON.cpp +++ b/Source/VaRestPlugin/Private/VaRestRequestJSON.cpp @@ -3,6 +3,7 @@ #include "VaRestRequestJSON.h" #include "VaRestJsonObject.h" #include "VaRestLibrary.h" +#include "VaRestSettings.h" #include "VaRestPluginPrivatePCH.h" #include "CoreMisc.h" @@ -278,6 +279,9 @@ void UVaRestRequestJSON::ExecuteProcessRequest() void UVaRestRequestJSON::ProcessRequest() { + // Cache default settings for extended logs + const UVaRestSettings* DefaultSettings = GetDefault(); + // Set verb switch (RequestVerb) { @@ -339,7 +343,15 @@ void UVaRestRequestJSON::ProcessRequest() HttpRequest->SetContentAsString(StringRequestContent); } - UE_LOG(LogVaRest, Log, TEXT("Request (urlencoded): %s %s %s"), *HttpRequest->GetVerb(), *HttpRequest->GetURL(), *UrlParams, *StringRequestContent); + // Check extended log to avoid security vulnerability (#133) + if (DefaultSettings->bExtendedLog) + { + UE_LOG(LogVaRest, Log, TEXT("%s: Request (urlencoded): %s %s %s %s"), *VA_FUNC_LINE, *HttpRequest->GetVerb(), *HttpRequest->GetURL(), *UrlParams, *StringRequestContent); + } + else + { + UE_LOG(LogVaRest, Log, TEXT("%s: Request (urlencoded): %s %s (check bExtendedLog for additional data)"), *VA_FUNC_LINE, *HttpRequest->GetVerb(), *HttpRequest->GetURL()); + } break; } @@ -368,7 +380,15 @@ void UVaRestRequestJSON::ProcessRequest() // Apply params HttpRequest->SetContentAsString(UrlParams); - UE_LOG(LogVaRest, Log, TEXT("Request (url body): %s %s %s"), *HttpRequest->GetVerb(), *HttpRequest->GetURL(), *UrlParams); + // Check extended log to avoid security vulnerability (#133) + if (DefaultSettings->bExtendedLog) + { + UE_LOG(LogVaRest, Log, TEXT("%s: Request (url body): %s %s %s"), *VA_FUNC_LINE, *HttpRequest->GetVerb(), *HttpRequest->GetURL(), *UrlParams); + } + else + { + UE_LOG(LogVaRest, Log, TEXT("%s: Request (url body): %s %s (check bExtendedLog for additional data)"), *VA_FUNC_LINE, *HttpRequest->GetVerb(), *HttpRequest->GetURL()); + } break; } From 081afbd7660ab94251f8b859313cedb6cc2d2fe2 Mon Sep 17 00:00:00 2001 From: "v.alyamkin" Date: Thu, 26 Apr 2018 11:08:57 +0300 Subject: [PATCH 3/7] Fix includes for nativization (cherry picked from commit 3d4556e38ea867541197701681b45a71038bc5f7) --- Source/VaRestPlugin/Private/VaRestPlugin.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Source/VaRestPlugin/Private/VaRestPlugin.cpp b/Source/VaRestPlugin/Private/VaRestPlugin.cpp index 85963a34..dc31ac78 100644 --- a/Source/VaRestPlugin/Private/VaRestPlugin.cpp +++ b/Source/VaRestPlugin/Private/VaRestPlugin.cpp @@ -10,7 +10,7 @@ //#include "UObject/Package.h" //#include "Misc/ConfigCacheIni.h" -#include "ISettingsModule.h" +#include "Developer/Settings/Public/ISettingsModule.h" #define LOCTEXT_NAMESPACE "VaRest" From 55ac1a43ac3317bc760ee81bc733c576a998dee0 Mon Sep 17 00:00:00 2001 From: "v.alyamkin" Date: Mon, 7 May 2018 13:39:21 +0300 Subject: [PATCH 4/7] Fix Missing Category #165 --- Source/VaRestPlugin/Classes/VaRestSettings.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Source/VaRestPlugin/Classes/VaRestSettings.h b/Source/VaRestPlugin/Classes/VaRestSettings.h index ffa4bc75..487ef98b 100644 --- a/Source/VaRestPlugin/Classes/VaRestSettings.h +++ b/Source/VaRestPlugin/Classes/VaRestSettings.h @@ -11,6 +11,6 @@ class VARESTPLUGIN_API UVaRestSettings : public UObject public: /** */ - UPROPERTY(Config, EditAnywhere) + UPROPERTY(Config, EditAnywhere, Category = "VaRest") bool bExtendedLog; }; From 4c19727793872b4ec31087d7463c0d79275a5ba2 Mon Sep 17 00:00:00 2001 From: "v.alyamkin" Date: Wed, 30 May 2018 12:06:54 +0300 Subject: [PATCH 5/7] Extended log variable explained --- Source/VaRestPlugin/Classes/VaRestSettings.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Source/VaRestPlugin/Classes/VaRestSettings.h b/Source/VaRestPlugin/Classes/VaRestSettings.h index 487ef98b..1352f763 100644 --- a/Source/VaRestPlugin/Classes/VaRestSettings.h +++ b/Source/VaRestPlugin/Classes/VaRestSettings.h @@ -10,7 +10,8 @@ class VARESTPLUGIN_API UVaRestSettings : public UObject GENERATED_UCLASS_BODY() public: - /** */ + /** You can disable request content logging to avoid security vulnerability */ UPROPERTY(Config, EditAnywhere, Category = "VaRest") bool bExtendedLog; + }; From e24ca5865409806e8c50abd1687f6af805d1b80c Mon Sep 17 00:00:00 2001 From: "v.alyamkin" Date: Wed, 30 May 2018 12:07:43 +0300 Subject: [PATCH 6/7] Don't cleanup response content for invalid json strings. #166 WIP --- Source/VaRestPlugin/Private/VaRestRequestJSON.cpp | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/Source/VaRestPlugin/Private/VaRestRequestJSON.cpp b/Source/VaRestPlugin/Private/VaRestRequestJSON.cpp index d61aab72..5e88324f 100644 --- a/Source/VaRestPlugin/Private/VaRestRequestJSON.cpp +++ b/Source/VaRestPlugin/Private/VaRestRequestJSON.cpp @@ -546,8 +546,15 @@ bool UVaRestRequestJSON::HasTag(FName Tag) const FString UVaRestRequestJSON::GetResponseContentAsString(bool bCacheResponseContent) { - // Check we have valide response - if (!bIsValidJsonResponse || !ResponseJsonObj || !ResponseJsonObj->IsValidLowLevel()) + // Check we have valid json response + if (!bIsValidJsonResponse) + { + // We've cached response content in OnProcessRequestComplete() + return ResponseContent; + } + + // Check we have valid response object + if (!ResponseJsonObj || !ResponseJsonObj->IsValidLowLevel()) { // Discard previous cached string if we had one ResponseContent = DeprecatedResponseString; From 901154439e5a631cb0f9ca006569e9fa6721e0b7 Mon Sep 17 00:00:00 2001 From: "v.alyamkin" Date: Wed, 30 May 2018 12:56:23 +0300 Subject: [PATCH 7/7] Update version info --- README.md | 2 +- VaRestPlugin.uplugin | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 7b5dcbf7..5eba15a0 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Key features: Check the [Wiki](https://hiazma.atlassian.net/wiki/display/VAR) for plugin usage examples and installation notes. -Current version: **1.1 R 21** (UE 4.18-4.19) +Current version: **1.1 R 22** (UE 4.18-4.19) ![SCREENSHOT](SCREENSHOT.jpg) diff --git a/VaRestPlugin.uplugin b/VaRestPlugin.uplugin index db9603e5..c72dedd7 100644 --- a/VaRestPlugin.uplugin +++ b/VaRestPlugin.uplugin @@ -2,8 +2,8 @@ "FileVersion" : 3, "FriendlyName" : "VaRest", - "Version" : 21, - "VersionName" : "1.1-r21", + "Version" : 22, + "VersionName" : "1.1-r22", "CreatedBy" : "Vladimir Alyamkin", "CreatedByURL" : "http://alyamkin.com", "EngineVersion" : "4.19.0",