Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tweak(gamestate/server): allow blocking of ScriptEntityStateChangeEvent #2556

Merged
merged 1 commit into from
Jun 13, 2024
Merged

tweak(gamestate/server): allow blocking of ScriptEntityStateChangeEvent #2556

merged 1 commit into from
Jun 13, 2024

Conversation

tens0rfl0w
Copy link
Contributor

@tens0rfl0w tens0rfl0w commented May 21, 2024
edited

Goal of this PR

  • This game event is sent when a client tries to change state values on a remotely owned entity.
  • Allow to block this game event from being routed to target clients to prevent potential abusive uses.

How is this PR achieving the goal

Introducing a new ConVar called 'sv_enableNetworkedScriptEntityStates' that allows blocking of the 'SCRIPT_ENTITY_STATE_CHANGE_EVENT' game event (routing is enabled by default).

This PR applies to the following area(s)

FiveM, RedM, Server

Successfully tested on

Game builds: 2699

Platforms: Windows

Checklist

  • Code compiles and has been tested successfully.
  • Code explains itself well and/or is documented.
  • My commit message explains what the changes do and what they are for.
  • No extra compilation warnings are added by these changes.

Fixes issues

fixes #2553

@github-actions github-actions bot added RedM Issues/PRs related to RedM triage Needs a preliminary assessment to determine the urgency and required action labels May 21, 2024
@tens0rfl0w tens0rfl0w force-pushed the feat/parse-SCRIPT_ENTITY_STATE_CHANGE_EVENT branch from 53640ec to 6fc9b0f Compare May 22, 2024 16:56
@gottfriedleibniz
Copy link
Contributor

gottfriedleibniz commented May 30, 2024
edited

Under no circumstances should we be blocking events outright when there is the potential for legitimate use cases. That would also be a compatbility break.

@tens0rfl0w tens0rfl0w force-pushed the feat/parse-SCRIPT_ENTITY_STATE_CHANGE_EVENT branch from 6fc9b0f to f9895c5 Compare May 31, 2024 05:36
@tens0rfl0w tens0rfl0w changed the title tweak(gamestate/server): Parse and block SCRIPT_ENTITY_STATE_CHANGE_EVENT (type 9) tweak(gamestate/server): Parse SCRIPT_ENTITY_STATE_CHANGE_EVENT May 31, 2024
@tens0rfl0w tens0rfl0w force-pushed the feat/parse-SCRIPT_ENTITY_STATE_CHANGE_EVENT branch from f9895c5 to 534d698 Compare May 31, 2024 06:05
@tens0rfl0w
Copy link
Contributor Author

Right, I didn't think about potential valid use cases or breaking backwards compatibility.

I am aware that providing an event handler for the parsed event data is no longer really appreciated, but I didn't feel confident providing a single ConVar for blocking this event, as this is used on a lot of network stuff and several state types are abusable (but not all).

@tens0rfl0w
Copy link
Contributor Author

tens0rfl0w commented Jun 1, 2024
edited

In case anyone wants to review this, I created a resource to trigger every state change type:
test.zip

Command is state [0-9].

(This ofc needs two online players to work + script assumes population is deactivated.)

@Pedro-Lucas14
Copy link

@gottfriedleibniz Hello, is there a date for this fix to go into production, a lot of hacks are using this flaw?

@tens0rfl0w tens0rfl0w force-pushed the feat/parse-SCRIPT_ENTITY_STATE_CHANGE_EVENT branch from 534d698 to b3b2a0f Compare June 9, 2024 23:59
@tens0rfl0w
tweak(gamestate/server): allow blocking of ScriptEntityStateChangeEvent
6c977fa 
This introduces a new ConVar called 'sv_enableNetworkedScriptEntityStates' that allows blocking of the 'SCRIPT_ENTITY_STATE_CHANGE_EVENT' game event (routing is enabled by default).
@tens0rfl0w tens0rfl0w force-pushed the feat/parse-SCRIPT_ENTITY_STATE_CHANGE_EVENT branch from b3b2a0f to 6c977fa Compare June 10, 2024 00:03
@tens0rfl0w tens0rfl0w changed the title tweak(gamestate/server): Parse SCRIPT_ENTITY_STATE_CHANGE_EVENT tweak(gamestate/server): allow blocking of ScriptEntityStateChangeEvent Jun 10, 2024
@tens0rfl0w
Copy link
Contributor Author

As discussed, this now allows to block routing of the game event with a ConVar.

Tested with the script resource provided above.

@gottfriedleibniz gottfriedleibniz added ready-to-merge This PR is enqueued for merging and removed triage Needs a preliminary assessment to determine the urgency and required action RedM Issues/PRs related to RedM labels Jun 10, 2024
@github-actions github-actions bot added the triage Needs a preliminary assessment to determine the urgency and required action label Jun 10, 2024
@prikolium-cfx prikolium-cfx merged commit c7f3418 into citizenfx:master Jun 13, 2024
8 of 12 checks passed
@tens0rfl0w tens0rfl0w deleted the feat/parse-SCRIPT_ENTITY_STATE_CHANGE_EVENT branch June 13, 2024 13:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FabianTerhorst FabianTerhorst FabianTerhorst approved these changes

@gottfriedleibniz gottfriedleibniz gottfriedleibniz approved these changes

Assignees
No one assigned
Labels
ready-to-merge This PR is enqueued for merging triage Needs a preliminary assessment to determine the urgency and required action
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Exploit using "SetVehicleExclusiveDriver_2"
5 participants
@tens0rfl0w @gottfriedleibniz @Pedro-Lucas14 @FabianTerhorst @prikolium-cfx