Add a test for sliceable cargo bounty exploits (#28357)

2024-06-03 12:24:32 -04:00
parent 619d82ed42
commit b5e8a69622
3 changed files with 101 additions and 1 deletions
--- a/Content.Server/Cargo/Systems/CargoSystem.Bounty.cs
+++ b/Content.Server/Cargo/Systems/CargoSystem.Bounty.cs
@@ -300,6 +300,21 @@ public sealed partial class CargoSystem
        return IsBountyComplete(GetBountyEntities(container), entries, out bountyEntities);
    }

+    /// <summary>
+    /// Determines whether the <paramref name="entity"/> meets the criteria for the bounty <paramref name="entry"/>.
+    /// </summary>
+    /// <returns>true if <paramref name="entity"/> is a valid item for the bounty entry, otherwise false</returns>
+    public bool IsValidBountyEntry(EntityUid entity, CargoBountyItemEntry entry)
+    {
+        if (!_whitelistSys.IsValid(entry.Whitelist, entity))
+            return false;
+
+        if (entry.Blacklist != null && _whitelistSys.IsValid(entry.Blacklist, entity))
+            return false;
+
+        return true;
+    }
+
    public bool IsBountyComplete(HashSet<EntityUid> entities, IEnumerable<CargoBountyItemEntry> entries, out HashSet<EntityUid> bountyEntities)
    {
        bountyEntities = new();
@@ -313,7 +328,7 @@ public sealed partial class CargoSystem
            var temp = new HashSet<EntityUid>();
            foreach (var entity in entities)
            {
-                if (!_whitelistSys.IsValid(entry.Whitelist, entity) || (entry.Blacklist != null && _whitelistSys.IsValid(entry.Blacklist, entity)))
+                if (!IsValidBountyEntry(entity, entry))
                    continue;

                count += _stackQuery.CompOrNull(entity)?.Count ?? 1;