[PATCH] [security] small security fixes in advtrains_luaautomation/
Export this patch
- fixed file permissions of advtrains_luaautomation/README.md (755->644)
- fixed file permissions of advtrains_luaautomation/environment.lua (755->644)
- prevented LuaATC section_occupancy() from having direct access to the interlocking section id occupancy table
---
advtrains_luaautomation/README.md | 0
advtrains_luaautomation/environment.lua | 2 + -
2 files changed, 1 insertion(+), 1 deletion(-)
mode change 100755 => 100644 advtrains_luaautomation/README.md
mode change 100755 => 100644 advtrains_luaautomation/environment.lua
diff --git a/advtrains_luaautomation/README.md b/advtrains_luaautomation/README.md
old mode 100755
new mode 100644
diff --git a/advtrains_luaautomation/environment.lua b/advtrains_luaautomation/environment.lua
old mode 100755
new mode 100644
index 6b1a283..fddcc8e
--- a/advtrains_luaautomation/environment.lua
+++ b/advtrains_luaautomation/environment.lua
@@ -232,7 +232,7 @@ if advtrains.interlocking then
if response == nil then
return false
else
- return response.trains
+ return table.copy(response.trains or {})
end
Would it make sense to check the response using `not response` instead
of `response == nil`? That would avoid the `or {}` part in the modified
line.
This is not introduced by the patch, but does it make any (significant)
difference whether the track section ID is falsy (false or nil) or
refers to a non-existent track section? Otherwise I don't see why the
former case returns nil while the latter returns false.
The patch looks good otherwise.
end
end
--
2.38.0
[PATCH v2] [security] small security fixes in advtrains_luaautomation/
Export this patch
- fixed file permissions of advtrains_luaautomation/README.md (755->644)
- fixed file permissions of advtrains_luaautomation/environment.lua (755->644)
- prevented LuaATC section_occupancy() from having direct access to the interlocking section id occupancy table
- simplify section_occupancy() logic
---
advtrains_luaautomation/README.md | 0
advtrains_luaautomation/environment.lua | 7 ++ -----
2 files changed, 2 insertions(+), 5 deletions(-)
mode change 100755 => 100644 advtrains_luaautomation/README.md
mode change 100755 => 100644 advtrains_luaautomation/environment.lua
diff --git a/advtrains_luaautomation/README.md b/advtrains_luaautomation/README.md
old mode 100755
new mode 100644
diff --git a/advtrains_luaautomation/environment.lua b/advtrains_luaautomation/environment.lua
old mode 100755
new mode 100644
index 6b1a283..d85bedc
--- a/advtrains_luaautomation/environment.lua
+++ b/advtrains_luaautomation/environment.lua
@@ -229,11 +229,8 @@ if advtrains.interlocking then
if not ts_id then return nil end
ts_id = tostring(ts_id)
local response = advtrains.interlocking.db.get_ts(ts_id)
- if response == nil then
- return false
- else
- return response.trains
- end
+ if not response then return false end
+ return table.copy(response.trains)
end
end
--
2.38.0