From ea1f7ba4515896396705630a7e9e263a8109fe2b Mon Sep 17 00:00:00 2001
From: MiranDMC <Miran4@op.pl>
Date: Sun, 28 Jul 2024 15:16:21 +0200
Subject: [PATCH] Forbidden filesystem opcodes from accessing outside game
 locations. (#168)

---
 CHANGELOG.md                                       | 1 +
 cleo_plugins/Audio/Audio.vcxproj                   | 1 -
 cleo_plugins/Audio/Audio.vcxproj.filters           | 3 ---
 cleo_plugins/DebugUtils/DebugUtils.vcxproj         | 1 -
 cleo_plugins/DebugUtils/DebugUtils.vcxproj.filters | 3 ---
 cleo_plugins/Text/CTextManager.cpp                 | 2 +-
 cleo_plugins/Text/Text.vcxproj                     | 1 -
 cleo_plugins/Text/Text.vcxproj.filters             | 3 ---
 cleo_sdk/CLEO_Utils.h                              | 9 ++++++---
 9 files changed, 8 insertions(+), 16 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1b27249f..22bcf066 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,6 +26,7 @@
   - new opcode **2102 ([log_to_file](https://library.sannybuilder.com/#/sa/debug/2102))**
   - implemented support of opcodes **0662**, **0663** and **0664** (original Rockstar's script debugging opcodes. See DebugUtils.ini)
 - new [FileSystemOperations](https://github.com/cleolibrary/CLEO5/tree/master/cleo_plugins/FileSystemOperations) plugin
+  - forbidden scripts from accessing and changing any files outside game root or game settings directory
   - file related opcodes moved from CLEO core into separated plugin
   - opcode **0A9E ([write_to_file](https://library.sannybuilder.com/#/sa/file/0A9E))** now supports literal numbers and strings
   - fixed bug causing file stream opcodes not working correctly when read-write modes are used
diff --git a/cleo_plugins/Audio/Audio.vcxproj b/cleo_plugins/Audio/Audio.vcxproj
index 045b59e9..7893f49b 100644
--- a/cleo_plugins/Audio/Audio.vcxproj
+++ b/cleo_plugins/Audio/Audio.vcxproj
@@ -148,7 +148,6 @@ xcopy /Y "$(OutDir)$(TargetName).*" "$(GTA_SA_DIR)\cleo\cleo_plugins\" </Command
     <ClCompile Include="$(PLUGIN_SDK_DIR)\plugin_sa\game_sa\CVector.cpp" />
     <ClCompile Include="$(PLUGIN_SDK_DIR)\plugin_sa\game_sa\RenderWare.cpp" />
     <ClCompile Include="$(PLUGIN_SDK_DIR)\plugin_sa\game_sa\CAEAudioHardware.cpp" />
-    <ClCompile Include="$(PLUGIN_SDK_DIR)\plugin_sa\game_sa\CFileMgr.cpp" />
     <ClCompile Include="Audio.cpp" />
     <ClCompile Include="C3DAudioStream.cpp" />
     <ClCompile Include="CAudioStream.cpp" />
diff --git a/cleo_plugins/Audio/Audio.vcxproj.filters b/cleo_plugins/Audio/Audio.vcxproj.filters
index 71b9e853..dfa912cc 100644
--- a/cleo_plugins/Audio/Audio.vcxproj.filters
+++ b/cleo_plugins/Audio/Audio.vcxproj.filters
@@ -41,9 +41,6 @@
     </ClCompile>
     <ClCompile Include="CAudioStream.cpp" />
     <ClCompile Include="C3DAudioStream.cpp" />
-    <ClCompile Include="$(PLUGIN_SDK_DIR)\plugin_sa\game_sa\CFileMgr.cpp">
-      <Filter>plugin_sdk</Filter>
-    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="..\..\cleo_sdk\CLEO_Utils.h">
diff --git a/cleo_plugins/DebugUtils/DebugUtils.vcxproj b/cleo_plugins/DebugUtils/DebugUtils.vcxproj
index 8c4e9332..926927ce 100644
--- a/cleo_plugins/DebugUtils/DebugUtils.vcxproj
+++ b/cleo_plugins/DebugUtils/DebugUtils.vcxproj
@@ -125,7 +125,6 @@ xcopy /Y "$(OutDir)$(TargetName).*" "$(GTA_SA_DIR)\cleo\cleo_plugins\"
     </ResourceCompile>
   </ItemDefinitionGroup>
   <ItemGroup>
-    <ClCompile Include="$(PLUGIN_SDK_DIR)\plugin_sa\game_sa\CFileMgr.cpp" />
     <ClCompile Include="$(PLUGIN_SDK_DIR)\plugin_sa\game_sa\CFont.cpp" />
     <ClCompile Include="$(PLUGIN_SDK_DIR)\plugin_sa\game_sa\RenderWare.cpp" />
     <ClCompile Include="$(PLUGIN_SDK_DIR)\shared\game\CRGBA.cpp" />
diff --git a/cleo_plugins/DebugUtils/DebugUtils.vcxproj.filters b/cleo_plugins/DebugUtils/DebugUtils.vcxproj.filters
index 699e95c5..339e6e43 100644
--- a/cleo_plugins/DebugUtils/DebugUtils.vcxproj.filters
+++ b/cleo_plugins/DebugUtils/DebugUtils.vcxproj.filters
@@ -3,9 +3,6 @@
   <ItemGroup>
     <ClCompile Include="DebugUtils.cpp" />
     <ClCompile Include="ScreenLog.cpp" />
-    <ClCompile Include="$(PLUGIN_SDK_DIR)\plugin_sa\game_sa\CFileMgr.cpp">
-      <Filter>sdk</Filter>
-    </ClCompile>
     <ClCompile Include="$(PLUGIN_SDK_DIR)\shared\game\CRGBA.cpp">
       <Filter>sdk</Filter>
     </ClCompile>
diff --git a/cleo_plugins/Text/CTextManager.cpp b/cleo_plugins/Text/CTextManager.cpp
index 5bb88ba5..06117f9d 100644
--- a/cleo_plugins/Text/CTextManager.cpp
+++ b/cleo_plugins/Text/CTextManager.cpp
@@ -93,7 +93,7 @@ namespace CLEO
     void CTextManager::LoadFxts()
     {
         // create FXT directory if not present yet
-        FS::create_directory(FS::path(CFileMgr::ms_rootDirName).append("cleo\\cleo_text"));
+        FS::create_directory(FS::path(Gta_Root_Dir_Path).append("cleo\\cleo_text"));
 
         // load whole FXT files directory
         auto list = CLEO::CLEO_ListDirectory(nullptr, "cleo\\cleo_text\\*.fxt", false, true);
diff --git a/cleo_plugins/Text/Text.vcxproj b/cleo_plugins/Text/Text.vcxproj
index 86bc04e1..eaada92c 100644
--- a/cleo_plugins/Text/Text.vcxproj
+++ b/cleo_plugins/Text/Text.vcxproj
@@ -129,7 +129,6 @@ xcopy /Y "$(OutDir)$(TargetName).*" "$(GTA_SA_DIR)\cleo\cleo_plugins\"
     <ClCompile Include="$(PLUGIN_SDK_DIR)\shared\DynAddress.cpp" />
     <ClCompile Include="$(PLUGIN_SDK_DIR)\shared\GameVersion.cpp" />
     <ClCompile Include="$(PLUGIN_SDK_DIR)\shared\Patch.cpp" />
-    <ClCompile Include="$(PLUGIN_SDK_DIR)\plugin_sa\game_sa\CFileMgr.cpp" />
     <ClCompile Include="$(PLUGIN_SDK_DIR)\plugin_sa\game_sa\CTheScripts.cpp" />
     <ClCompile Include="$(PLUGIN_SDK_DIR)\shared\game\CRGBA.cpp" />
     <ClCompile Include="crc32.cpp" />
diff --git a/cleo_plugins/Text/Text.vcxproj.filters b/cleo_plugins/Text/Text.vcxproj.filters
index 5543202f..632f5cbf 100644
--- a/cleo_plugins/Text/Text.vcxproj.filters
+++ b/cleo_plugins/Text/Text.vcxproj.filters
@@ -31,9 +31,6 @@
     <ClCompile Include="$(PLUGIN_SDK_DIR)\shared\game\CRGBA.cpp">
       <Filter>plugin_sdk</Filter>
     </ClCompile>
-    <ClCompile Include="$(PLUGIN_SDK_DIR)\plugin_sa\game_sa\CFileMgr.cpp">
-      <Filter>plugin_sdk</Filter>
-    </ClCompile>
     <ClCompile Include="$(PLUGIN_SDK_DIR)\plugin_sa\game_sa\CTheScripts.cpp">
       <Filter>plugin_sdk</Filter>
     </ClCompile>
diff --git a/cleo_sdk/CLEO_Utils.h b/cleo_sdk/CLEO_Utils.h
index 3f50a9e4..0aa22c0a 100644
--- a/cleo_sdk/CLEO_Utils.h
+++ b/cleo_sdk/CLEO_Utils.h
@@ -13,7 +13,6 @@
 
 #pragma once
 #include "CLEO.h"
-#include "CFileMgr.h" // from GTA Plugin SDK
 #include "CPools.h" // from GTA Plugin SDK
 #include "shellapi.h" // game window minimize/maximize support
 #include <string>
@@ -75,6 +74,9 @@ namespace CLEO
     OPCODE_WRITE_PARAM_PTR(value) // memory address
     */
 
+    static const char* Gta_Root_Dir_Path = (char*)0x00B71AE0;
+    static const char* Gta_User_Dir_Path = (char*)0x00C92368;
+
     static bool IsLegacyScript(CLEO::CRunningScript* thread)
     {
         return CLEO_GetScriptVersion(thread) < CLEO_VER_5;
@@ -83,7 +85,7 @@ namespace CLEO
     // this plugin's config file
     static std::string GetConfigFilename()
     {
-        std::string configFile = CFileMgr::ms_rootDirName;
+        std::string configFile = Gta_Root_Dir_Path;
         if (!configFile.empty() && configFile.back() != '\\') configFile.push_back('\\');
 
         configFile += "cleo\\cleo_plugins\\" TARGET_NAME ".ini";
@@ -546,7 +548,8 @@ namespace CLEO
 
     #define OPCODE_READ_PARAMS_FORMATTED(_format, _varName) char _varName[2 * MAX_STR_LEN + 1]; char* _varName##Ok = CLEO_ReadParamsFormatted(thread, _format, _varName, sizeof(_varName));
 
-    #define OPCODE_READ_PARAM_FILEPATH(_varName) char _buff_##_varName[512]; const char* ##_varName = _readParamText(thread, _buff_##_varName, 512); if(##_varName != nullptr) ##_varName = _buff_##_varName; if(_paramWasString()) CLEO_ResolvePath(thread, _buff_##_varName, 512); else return OpcodeResult::OR_INTERRUPT;
+    #define OPCODE_READ_PARAM_FILEPATH(_varName) char _buff_##_varName[512]; const char* ##_varName = _readParamText(thread, _buff_##_varName, 512); if(##_varName != nullptr) ##_varName = _buff_##_varName; if(_paramWasString()) CLEO_ResolvePath(thread, _buff_##_varName, 512); else return OpcodeResult::OR_INTERRUPT; \
+        if(_strnicmp(##_varName, Gta_Root_Dir_Path, strlen(Gta_Root_Dir_Path)) != 0 && _strnicmp(##_varName, Gta_User_Dir_Path, strlen(Gta_User_Dir_Path)) != 0) { SHOW_ERROR("Forbidden file path '%s' outside game directories in script %s \nScript suspended.", ##_varName, ScriptInfoStr(thread).c_str()); return thread->Suspend(); }
 
     #define OPCODE_READ_PARAM_PTR() _readParam(thread).pParam; \
         if (!_paramWasInt()) { SHOW_ERROR("Input argument %s expected to be integer, got %s in script %s\nScript suspended.", GetParamInfo().c_str(), CLEO::ToKindStr(_lastParamType, _lastParamArrayType), CLEO::ScriptInfoStr(thread).c_str()); return thread->Suspend(); } \