OSC configuration file path traversal
Opened this issue · 0 comments
Functions in A3EOSCConfiguration are used to access the OSC configuration files from within the VRChat user directory. I do think it would be worth revisiting this code to make sure it is accessing these files at the appropriate time (only when OSC is enabled in the emulator) and using the correct paths / APIs.
Original feedback from vrchat-community/vpm-listing-curated#5
Runtime\Scripts\A3EOSCConfiguration.cs
/*???:*/ System.IO.Path.Combine()The Combine() function does not compensate for directory traversal and relies on System.IO.File and System.IO.Directory classes to handle traversal, which they do not do universally.
/*128:*/ return JsonUtility.FromJson<OuterJson>(System.IO.File.ReadAllText(full_file_path)); /*132:*/ System.IO.File.WriteAllLines(filename, System.Text.RegularExpressions.Regex.Replace("\ufeff" + /*162:*/ System.IO.Directory.CreateDirectory(vrcOSCPath); /*170:*/ foreach (string file in System.IO.Directory.GetDirectories(vrcOSCPath, "*", System.IO.SearchOption.TopDirectoryOnly)) { /*172:*/ DateTime thisdt = System.IO.File.GetLastWriteTime(file); /*187:*/ System.IO.Directory.CreateDirectory(avatarDirectory);These functions do not compensate for directory traversal. While this is a small issue in the current implementation, it is unclear if future feature enhancements might be a problem.