From 50631d4638253df07c4f1313f7960c33b837c692 Mon Sep 17 00:00:00 2001 From: James Huston Date: Mon, 15 Dec 2025 19:03:10 -0500 Subject: [PATCH] fix: Address Gemini code review security and quality issues Security fixes (HIGH): - Remove NOPASSWD sudo access in Dockerfile - Require secure passwords in docker-compose.yml (no weak defaults) - Replace libboost-all-dev with specific runtime libs in araxia_docs/Dockerfile Code quality fixes (MEDIUM): - Remove weak default password from .env.example - Fix AMS_Server.lua: vendor Smallfolk dependency, add CHAT_CHANNEL_WHISPER constant - Fix AMS_Client.lua: correct misleading comments about channel selection Fixes issues identified by Gemini Code Assist review. --- AGENTS.md | 3 +++ araxiaonline/.env.example | 2 +- araxiaonline/Dockerfile | 4 ++-- araxiaonline/ams/AMS_Client/AMS_Client.lua | 4 ++-- araxiaonline/ams/AMS_Server.lua | 11 +++++++---- araxiaonline/araxia_docs/Dockerfile | 8 +++++++- araxiaonline/araxia_docs/docker-compose.yml | 6 +++--- araxiaonline/client_addons/AMS_Client/AMS_Client.lua | 4 ++-- araxiaonline/lua_scripts/AMS_Server/AMS_Server.lua | 9 ++++++--- 9 files changed, 33 insertions(+), 18 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index bf02531121..df5bd113bc 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -111,3 +111,6 @@ Monitor events with: `python /opt/trinitycore/TrinityCore/src/araxiaonline/tools - Always use the max number of threads when building the server - Always use @araxiaonline/cmake_setup.sh to setup the build environment. Modify it if needed. - Please fix all compile warnings before marking a task as complete. + +### Pushing changes +- Our working branch is `araxia-main` and all branches and PRs should be based on this branch. diff --git a/araxiaonline/.env.example b/araxiaonline/.env.example index bb63bbd8a8..398744e4e7 100644 --- a/araxiaonline/.env.example +++ b/araxiaonline/.env.example @@ -9,7 +9,7 @@ DB_HOST=host.docker.internal DB_PORT=3306 DB_USER=trinity -DB_PASSWORD=trinity +DB_PASSWORD= DB_AUTH=auth DB_CHARACTERS=characters DB_WORLD=world diff --git a/araxiaonline/Dockerfile b/araxiaonline/Dockerfile index 028150818f..130fba2067 100644 --- a/araxiaonline/Dockerfile +++ b/araxiaonline/Dockerfile @@ -60,9 +60,9 @@ ENV LC_ALL=en_US.UTF-8 RUN update-alternatives --install /usr/bin/cc cc /usr/bin/clang 100 && \ update-alternatives --install /usr/bin/c++ c++ /usr/bin/clang++ 100 -# Create trinitycore user with sudo privileges +# Create trinitycore user with sudo privileges (requires password) RUN useradd -m -s /bin/bash -G sudo trinitycore && \ - echo "trinitycore ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers + echo "trinitycore ALL=(ALL) ALL" >> /etc/sudoers # Create necessary directories RUN mkdir -p \ diff --git a/araxiaonline/ams/AMS_Client/AMS_Client.lua b/araxiaonline/ams/AMS_Client/AMS_Client.lua index 788dc14324..59379f3d0f 100644 --- a/araxiaonline/ams/AMS_Client/AMS_Client.lua +++ b/araxiaonline/ams/AMS_Client/AMS_Client.lua @@ -119,7 +119,7 @@ local function SendAddonMessage(message) if #message <= AMS_MAX_MSG_LENGTH then -- Prefix with marker for short message (ID = 0000, parts = 0000, partID = 0000) local packet = NumberToHex(0) .. NumberToHex(0) .. NumberToHex(0) .. message - -- Use PARTY channel for solo players, fallback to WHISPER if in party + -- Use WHISPER channel for solo players, PARTY if in a group local channel = IsInGroup() and "PARTY" or "WHISPER" local target = channel == "WHISPER" and UnitName("player") or nil Debug("Sending via channel:", channel, "target:", target or "none", "prefix:", AMS_PREFIX) @@ -134,7 +134,7 @@ local function SendAddonMessage(message) Debug("Splitting message ID", msgID, "into", totalParts, "parts") - -- Use PARTY channel for solo players, fallback to WHISPER if in party + -- Use WHISPER channel for solo players, PARTY if in a group local channel = IsInGroup() and "PARTY" or "WHISPER" local target = channel == "WHISPER" and UnitName("player") or nil diff --git a/araxiaonline/ams/AMS_Server.lua b/araxiaonline/ams/AMS_Server.lua index 0ad1f7100b..57b734b411 100644 --- a/araxiaonline/ams/AMS_Server.lua +++ b/araxiaonline/ams/AMS_Server.lua @@ -42,8 +42,11 @@ local AMS_MSG_MAX_ID = 65535 -- 16-bit ID -- Dependencies -- ============================================================================ --- Smallfolk for serialization (already in AIO deps) -local Smallfolk = require("AIO_Server.Dep_Smallfolk.smallfolk") +-- Smallfolk for serialization (vendored in AMS_Server directory) +local Smallfolk = require("AMS_Server.smallfolk") + +-- Chat channel constants for clarity +local CHAT_CHANNEL_WHISPER = 7 -- CHAT_MSG_WHISPER -- ============================================================================ -- Core AMS Table @@ -120,7 +123,7 @@ local function SendAddonMessage(player, message) if #message <= AMS_MAX_MSG_LENGTH then -- Prefix with marker for short message (ID = 0000, parts = 0000, partID = 0000) local packet = NumberToHex(0) .. NumberToHex(0) .. NumberToHex(0) .. message - player:SendAddonMessage(AMS_PREFIX, packet, 7, player) + player:SendAddonMessage(AMS_PREFIX, packet, CHAT_CHANNEL_WHISPER, player) return end @@ -142,7 +145,7 @@ local function SendAddonMessage(player, message) NumberToHex(partID) local packet = header .. chunk - player:SendAddonMessage(AMS_PREFIX, packet, 7, player) + player:SendAddonMessage(AMS_PREFIX, packet, CHAT_CHANNEL_WHISPER, player) end end diff --git a/araxiaonline/araxia_docs/Dockerfile b/araxiaonline/araxia_docs/Dockerfile index 8e43d9a64e..32b0207a7d 100644 --- a/araxiaonline/araxia_docs/Dockerfile +++ b/araxiaonline/araxia_docs/Dockerfile @@ -74,7 +74,13 @@ RUN apt-get update && apt-get install -y \ libbz2-1.0 \ libreadline8t64 \ libncurses6 \ - libboost-all-dev \ + libboost-system1.83.0 \ + libboost-filesystem1.83.0 \ + libboost-thread1.83.0 \ + libboost-program-options1.83.0 \ + libboost-iostreams1.83.0 \ + libboost-regex1.83.0 \ + libboost-locale1.83.0 \ ca-certificates \ && rm -rf /var/lib/apt/lists/* diff --git a/araxiaonline/araxia_docs/docker-compose.yml b/araxiaonline/araxia_docs/docker-compose.yml index b3539f1248..8f9cf09cb2 100644 --- a/araxiaonline/araxia_docs/docker-compose.yml +++ b/araxiaonline/araxia_docs/docker-compose.yml @@ -6,10 +6,10 @@ services: image: mysql:8.0 container_name: trinitycore-mysql environment: - MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD:-trinity} + MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD:?Please set MYSQL_ROOT_PASSWORD in .env} MYSQL_DATABASE: ${MYSQL_AUTH_DATABASE:-auth} MYSQL_USER: ${MYSQL_USER:-trinity} - MYSQL_PASSWORD: ${MYSQL_PASSWORD:-trinity} + MYSQL_PASSWORD: ${MYSQL_PASSWORD:?Please set MYSQL_PASSWORD in .env} volumes: - mysql-data:/var/lib/mysql - ./sql:/docker-entrypoint-initdb.d:ro @@ -19,7 +19,7 @@ services: - trinitycore command: --default-authentication-plugin=mysql_native_password --max_allowed_packet=512M healthcheck: - test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "root", "-p${MYSQL_ROOT_PASSWORD:-trinity}"] + test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "root", "-p${MYSQL_ROOT_PASSWORD}"] interval: 10s timeout: 5s retries: 5 diff --git a/araxiaonline/client_addons/AMS_Client/AMS_Client.lua b/araxiaonline/client_addons/AMS_Client/AMS_Client.lua index 581050e434..0bd8c4a7ea 100644 --- a/araxiaonline/client_addons/AMS_Client/AMS_Client.lua +++ b/araxiaonline/client_addons/AMS_Client/AMS_Client.lua @@ -119,7 +119,7 @@ local function SendAddonMessage(message) if #message <= AMS_MAX_MSG_LENGTH then -- Prefix with marker for short message (ID = 0000, parts = 0000, partID = 0000) local packet = NumberToHex(0) .. NumberToHex(0) .. NumberToHex(0) .. message - -- Use PARTY channel for solo players, fallback to WHISPER if in party + -- Use WHISPER channel for solo players, PARTY if in a group local channel = IsInGroup() and "PARTY" or "WHISPER" local target = channel == "WHISPER" and UnitName("player") or nil Debug("Sending via channel:", channel, "target:", target or "none", "prefix:", AMS_PREFIX) @@ -134,7 +134,7 @@ local function SendAddonMessage(message) Debug("Splitting message ID", msgID, "into", totalParts, "parts") - -- Use PARTY channel for solo players, fallback to WHISPER if in party + -- Use WHISPER channel for solo players, PARTY if in a group local channel = IsInGroup() and "PARTY" or "WHISPER" local target = channel == "WHISPER" and UnitName("player") or nil diff --git a/araxiaonline/lua_scripts/AMS_Server/AMS_Server.lua b/araxiaonline/lua_scripts/AMS_Server/AMS_Server.lua index c3693269a5..8daa30539e 100644 --- a/araxiaonline/lua_scripts/AMS_Server/AMS_Server.lua +++ b/araxiaonline/lua_scripts/AMS_Server/AMS_Server.lua @@ -42,9 +42,12 @@ local AMS_MSG_MAX_ID = 65535 -- 16-bit ID -- Dependencies -- ============================================================================ --- Smallfolk for serialization +-- Smallfolk for serialization (vendored in AMS_Server directory) local Smallfolk = require("AMS_Server.smallfolk") +-- Chat channel constants for clarity +local CHAT_CHANNEL_WHISPER = 7 -- CHAT_MSG_WHISPER + -- ============================================================================ -- Core AMS Table -- ============================================================================ @@ -124,7 +127,7 @@ local function SendAddonMessage(player, message) if #message <= AMS_MAX_MSG_LENGTH then -- Prefix with marker for short message (ID = 0000, parts = 0000, partID = 0000) local packet = NumberToHex(0) .. NumberToHex(0) .. NumberToHex(0) .. message - player:SendAddonMessage(AMS_PREFIX, packet, 7, player) + player:SendAddonMessage(AMS_PREFIX, packet, CHAT_CHANNEL_WHISPER, player) return end @@ -146,7 +149,7 @@ local function SendAddonMessage(player, message) NumberToHex(partID) local packet = header .. chunk - player:SendAddonMessage(AMS_PREFIX, packet, 7, player) + player:SendAddonMessage(AMS_PREFIX, packet, CHAT_CHANNEL_WHISPER, player) end end