LSL Protocol/Restrained Life Relay/How to Test/Relay Test 04

From Second Life Wiki
Jump to navigation Jump to search

Objection

Verify that the relay cannot be abused to cause the avatar shout something on public chat.

Note: It is not important what is said or if the attacker can completely control the said text. Just causing the avatar to shout anything is a test failure because it can easily be abused. While it is possible to mute the avatars in SL, it is almost impossible to detect the real griever (the world object).

Instructions

  1. Go to a place with no one in shout range (100m)
  2. Rez and Click the box
  3. Do not say anything during the test

Code

integer CHANNEL_RELAY = -1812221819;  // Relay Channel
integer CHANNEL_PUBLIC = 0;

integer success;


// looks for the confirmation of the last command
handleRelayResponse(string message)
{
    list tokens = llParseString2List(message, [","], []);
    string question = llList2String(tokens, 2);
    string response = llList2String(tokens, 3);
    if (response == "")
    {
    	return;
    }
    if (question == "@end=n")
    {
	    llSay(CHANNEL_RELAY, "relaytest," + (string) llGetOwner() + ",!release");
    }
    else if (question == "!release")
    {
		// wait a little bit after "!release,ok" to take
		// network lag from the viewer into account
    	llSetTimerEvent(10);
    }
}

// handles avatar chat
handleAvatarResponse(string message)
{
	if (llSubStringIndex(message, "crmwqfxdkjfsakdfh") > -1)
	{
		llSay(0, "FAIL: Avatar said message on public chat");
		success = FALSE;
	} 
}

default
{
    state_entry()
    {
        llListen(CHANNEL_RELAY, "", "", "");
        llListen(CHANNEL_PUBLIC, "", "", "");
    }

    on_rez(integer ignored)
    {
        llSetText(llGetObjectName(), <1, 1, 1>, 1);
    }

    listen(integer channel, string name, key id, string message)
    {
        llOwnerSay(name + ": " + message);

        if ((llGetOwnerKey(id) == id) && (channel == CHANNEL_PUBLIC))
        {
            handleAvatarResponse(message);
        }

        if ((llGetOwnerKey(id) == llGetOwner()) && (channel == CHANNEL_RELAY))
        {
            handleRelayResponse(message);
        }
    }

    touch_start(integer ignored)
    {
        if (llDetectedKey(0) != llGetOwner())
        {
            llSay(0, "Hey, " + llDetectedName(0) + " don't mess with me!");
            return;
        }

        llSay(0, "Trying to cause unwanted chat on public channel, please wait without saying anything...");


		llSetTimerEvent(0);
		success = TRUE;

        llSay(CHANNEL_RELAY, "relaytest," + (string) llGetOwner() 
        	+ ",@sendim=n|@crmwqfxdkjfsakdfh=n"
        	+ "|@getstatus=0|@getStatus=0|@getStatus:=0"
        	+ "|@getstatus=-123|@getStatus=-123|@getStatus:=-123"
        	+ "|@getstatus=y|@getStatus=y|@getStatus:=y"
        	+ "|@getstatus=n|@getStatus=n|@getStatus:=n");
        llSay(CHANNEL_RELAY, "relaytest," + (string) llGetOwner() 
        	+ ",@version=0|@verSion=0|@verSion:=0"
        	+ "|@version=-123|@verSion=-123|@verSion:=-123"
        	+ "|@version=y|@verSion=y|@verSion:=y"
        	+ "|@version=n|@verSion=n|@verSion:=n");
        llSay(CHANNEL_RELAY, "relaytest," + (string) llGetOwner() 
        	+ ",@findfolder=0|@findFolder=0|@findFolder:=0"
        	+ "|@findfolder=-123|@findFolder=-123|@findFolder:=-123"
        	+ "|@findfolder=y|@findFolder=y|@findFolder:=y"
        	+ "|@findfolder=n|@findFolder=n|@findFolder:=n"
        	+ "|@end=n");
    }

	timer()
	{
		if (success)
    	{
    		llSay(0, "PASS: No faked chat on public channel.");
    	}
		llSetTimerEvent(0);
	}
}
Retrieved from "https://wiki.secondlife.com/w/index.php?title=LSL_Protocol/Restrained_Life_Relay/How_to_Test/Relay_Test_04&oldid=1195254"