[lua] Ask for permission to open a WebSocket from scripts

dacap · dacap · commit 6e84bb5443da · 2021-10-07T19:37:10.000-03:00
diff --git a/data/strings/en.ini b/data/strings/en.ini
@@ -1377,11 +1377,13 @@ title = Security
 script_label = The following script:
 file_label = wants to access to this file:
 command_label = wants to execute the following command:
+websocket_label = wants to open a WebSocket connection to this URL:
 dont_show_for_this_access = Don't show this specific alert again for this script
 dont_show_for_this_script = Give full trust to this script
 allow_execute_access = &Allow Execute Access
 allow_write_access = &Allow Write Access
 allow_read_access = &Allow Read Access
+allow_open_conn_access = &Allow to Open Connections
 give_full_access = Give Script Full &Access
 stop_script = &Stop Script
 
diff --git a/src/app/script/security.cpp b/src/app/script/security.cpp
@@ -136,6 +136,8 @@ bool ask_access(lua_State* L,
       return true;
 
     std::string allowButtonText =
+      mode == FileAccessMode::OpenSocket ?
+        Strings::script_access_allow_open_conn_access():
       mode == FileAccessMode::Execute ?
         Strings::script_access_allow_execute_access():
       mode == FileAccessMode::Write ?
@@ -150,6 +152,7 @@ bool ask_access(lua_State* L,
       switch (resourceType) {
         case ResourceType::File: label = Strings::script_access_file_label(); break;
         case ResourceType::Command: label = Strings::script_access_command_label(); break;
+        case ResourceType::WebSocket: label = Strings::script_access_websocket_label(); break;
       }
       dlg.fileLabel()->setText(label);
     }
diff --git a/src/app/script/security.h b/src/app/script/security.h
@@ -23,11 +23,13 @@ namespace script {
     Write = 2,
     Read = 4,
     Full = 7,
+    OpenSocket = 8,
   };
 
   enum class ResourceType {
     File,
     Command,
+    WebSocket,
   };
 
   int secure_io_open(lua_State* L);
diff --git a/src/app/script/websocket_class.cpp b/src/app/script/websocket_class.cpp
@@ -1,6 +1,5 @@
 // Aseprite
-// Copyright (C) 2018-2020  Igara Studio S.A.
-// Copyright (C) 2018  David Capello
+// Copyright (C) 2021  Igara Studio S.A.
 //
 // This program is distributed under the terms of
 // the End-User License Agreement for Aseprite.
@@ -13,6 +12,7 @@
 #include "app/console.h"
 #include "app/script/engine.h"
 #include "app/script/luacpp.h"
+#include "app/script/security.h"
 #include "ui/system.h"
 
 #include <ixwebsocket/IXNetSystem.h>
@@ -39,6 +39,9 @@ int WebSocket_new(lua_State* L)
   if (lua_istable(L, 1)) {
     lua_getfield(L, 1, "url");
     if (const char* s = lua_tostring(L, -1)) {
+      if (!ask_access(L, s, FileAccessMode::OpenSocket, ResourceType::WebSocket))
+        return luaL_error(L, "the script doesn't have access to create a WebSocket for '%s'", s);
+
       ws->setUrl(s);
     }
     lua_pop(L, 1);
@@ -180,7 +183,7 @@ const Property WebSocket_properties[] = {
   { nullptr, nullptr, nullptr }
 };
 
-} // namespace { }
+} // anonymous namespace
 
 using WebSocket = ix::WebSocket;
 DEF_MTNAME(WebSocket);
