LSL Protocol/Restrained Life Relay/How to Test/Relay Test 04
Objection
Verify that the relay cannot be abused to cause the avatar shout something on public chat.
Note: It is not important what is said or if the attacker can completely control the said text. Just causing the avatar to shout anything is a test failure because it can easily be abused. While it is possible to mute the avatars in SL, it is almost impossible to detect the real griever (the world object).
Instructions
- Go to a place with no one in shout range (100m)
- Rez and Click the box
- Do not say anything during the test
Code
<lsl> integer CHANNEL_RELAY = -1812221819; // Relay Channel integer CHANNEL_PUBLIC = 0;
integer success;
// looks for the confirmation of the last command
handleRelayResponse(string message)
{
list tokens = llParseString2List(message, [","], []); string question = llList2String(tokens, 2); string response = llList2String(tokens, 3); if (response == "") { return; } if (question == "@end=n") {
llSay(CHANNEL_RELAY, "relaytest," + (string) llGetOwner() + ",!release");
} else if (question == "!release") {
// wait a little bit after "!release,ok" to take // network lag from the viewer into account
llSetTimerEvent(10); }
}
// handles avatar chat handleAvatarResponse(string message) { if (llSubStringIndex(message, "crmwqfxdkjfsakdfh") > -1) { llSay(0, "FAIL: Avatar said message on public chat"); success = FALSE; } }
default {
state_entry() { llListen(CHANNEL_RELAY, "", "", ""); llListen(CHANNEL_PUBLIC, "", "", ""); }
on_rez(integer ignored) { llSetText(llGetObjectName(), <1, 1, 1>, 1); }
listen(integer channel, string name, key id, string message) { llOwnerSay(name + ": " + message);
if ((llGetOwnerKey(id) == id) && (channel == CHANNEL_PUBLIC)) { handleAvatarResponse(message); }
if ((llGetOwnerKey(id) == llGetOwner()) && (channel == CHANNEL_RELAY)) { handleRelayResponse(message); } }
touch_start(integer ignored) { if (llDetectedKey(0) != llGetOwner()) { llSay(0, "Hey, " + llDetectedName(0) + " don't mess with me!"); return; }
llSay(0, "Trying to cause unwanted chat on public channel, please wait without saying anything...");
llSetTimerEvent(0);
success = TRUE;
llSay(CHANNEL_RELAY, "relaytest," + (string) llGetOwner() + ",@sendim=n|@crmwqfxdkjfsakdfh=n" + "|@getstatus=0|@getStatus=0|@getStatus:=0" + "|@getstatus=-123|@getStatus=-123|@getStatus:=-123" + "|@getstatus=y|@getStatus=y|@getStatus:=y" + "|@getstatus=n|@getStatus=n|@getStatus:=n"); llSay(CHANNEL_RELAY, "relaytest," + (string) llGetOwner() + ",@version=0|@verSion=0|@verSion:=0" + "|@version=-123|@verSion=-123|@verSion:=-123" + "|@version=y|@verSion=y|@verSion:=y" + "|@version=n|@verSion=n|@verSion:=n"); llSay(CHANNEL_RELAY, "relaytest," + (string) llGetOwner() + ",@findfolder=0|@findFolder=0|@findFolder:=0" + "|@findfolder=-123|@findFolder=-123|@findFolder:=-123" + "|@findfolder=y|@findFolder=y|@findFolder:=y" + "|@findfolder=n|@findFolder=n|@findFolder:=n" + "|@end=n"); }
timer() { if (success)
{ llSay(0, "PASS: No faked chat on public channel."); }
llSetTimerEvent(0); } } </lsl>