From db40260d57a9480b82d850c093aeaf14eefda9fd Mon Sep 17 00:00:00 2001
From: GeckoEidechse <40122905+GeckoEidechse@users.noreply.github.com>
Date: Fri, 22 Nov 2024 15:20:03 +0100
Subject: mods(Safe I/O): Only allow creating files with whitelisted filetypes
 (#682)

Restricts file types that can be created via Safe I/O to a list of whitelisted file types
---
 primedev/mods/modsavefiles.cpp | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'primedev/mods')

diff --git a/primedev/mods/modsavefiles.cpp b/primedev/mods/modsavefiles.cpp
index 13239c99..d73b867c 100644
--- a/primedev/mods/modsavefiles.cpp
+++ b/primedev/mods/modsavefiles.cpp
@@ -74,6 +74,26 @@ template <ScriptContext context> void SaveFileManager::SaveFileAsync(fs::path fi
 	std::thread writeThread(
 		[mutex, file, contents]()
 		{
+			// Check if has extension and return early if not
+			if (!file.has_extension())
+			{
+				spdlog::error("A mod failed to save a file via Safe I/O due to the following error:");
+				spdlog::error("No file extension specified");
+				return;
+			}
+
+			// If there's a file extension missing here that you need, feel free to make a PR adding it
+			static const std::set<std::string> whitelist = {".txt", ".json"};
+
+			// Check if file extension is whitelisted
+			std::string extension = file.extension().string();
+			if (whitelist.find(extension) == whitelist.end())
+			{
+				spdlog::error("A mod failed to save a file via Safe I/O due to the following error:");
+				spdlog::error("Disallowed file extension: {}", extension);
+				return;
+			}
+
 			try
 			{
 				mutex.get().lock();
-- 
cgit v1.2.3