From 49898eed468142fa58f22f4f8ae9f8ac66ce966e Mon Sep 17 00:00:00 2001
From: notify <notify-ctrl@qq.com>
Date: Tue, 14 Mar 2023 20:50:36 +0800
Subject: [PATCH] Security (#78)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 禁用了更多Lua函数
- 将计算MD5的过程挪到cpp
---
 lua/freekill.lua      | 15 +++++++++++----
 qml/Logic.js          |  5 +----
 src/ui/qmlbackend.cpp |  8 ++++++--
 src/ui/qmlbackend.h   |  2 +-
 4 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/lua/freekill.lua b/lua/freekill.lua
index 8c437cf6..2e95a516 100644
--- a/lua/freekill.lua
+++ b/lua/freekill.lua
@@ -44,11 +44,18 @@ end
 Config = loadConf()
 
 -- disable dangerous functions
-os.remove = nil
-os.execute = nil
-os.exit = nil
-os.rename = nil
+local _os = {
+  time = os.time,
+  date = os.date,
+  clock = os.clock,
+  difftime = os.difftime,
+  getms = os.getms,
+}
+os = _os
 io = nil
+package = nil
+load = nil
+loadfile = nil
 
 -- load packages
 dofile "lua/fk_ex.lua"
diff --git a/qml/Logic.js b/qml/Logic.js
index f9f4ac7a..7b8f32ad 100644
--- a/qml/Logic.js
+++ b/qml/Logic.js
@@ -27,10 +27,7 @@ callbacks["NetworkDelayTest"] = function(jsonData) {
     cipherText = Backend.pubEncrypt(jsonData, config.password);
   }
   config.cipherText = cipherText;
-  let md5sum = Backend.calcFileMD5();
-  ClientInstance.notifyServer("Setup", JSON.stringify([
-    config.screenName, cipherText, md5sum
-  ]));
+  Backend.replyDelayTest(config.screenName, cipherText);
 }
 
 callbacks["ErrorMsg"] = function(jsonData) {
diff --git a/src/ui/qmlbackend.cpp b/src/ui/qmlbackend.cpp
index f48eb89f..173e0048 100644
--- a/src/ui/qmlbackend.cpp
+++ b/src/ui/qmlbackend.cpp
@@ -219,8 +219,12 @@ void QmlBackend::saveConf(const QString &conf) {
   c.write(conf.toUtf8());
 }
 
-QString QmlBackend::calcFileMD5() {
-  return ::calcFileMD5();
+void QmlBackend::replyDelayTest(const QString &screenName, const QString &cipher) {
+  auto md5 = calcFileMD5();
+
+  QJsonArray arr;
+  arr << screenName << cipher << md5;
+  ClientInstance->notifyServer("Setup", JsonArray2Bytes(arr));
 }
 
 void QmlBackend::playSound(const QString &name, int index) {
diff --git a/src/ui/qmlbackend.h b/src/ui/qmlbackend.h
index 1480defb..cfd9b6ef 100644
--- a/src/ui/qmlbackend.h
+++ b/src/ui/qmlbackend.h
@@ -35,7 +35,7 @@ public:
   Q_INVOKABLE QString loadConf();
   Q_INVOKABLE void saveConf(const QString &conf);
 
-  Q_INVOKABLE QString calcFileMD5();
+  Q_INVOKABLE void replyDelayTest(const QString &screenName, const QString &cipher);
   Q_INVOKABLE void playSound(const QString &name, int index = 0);
 
   Q_INVOKABLE void copyToClipboard(const QString &s);