mirror of
https://github.com/ppy/osu.git
synced 2024-11-17 12:12:54 +08:00
776fabd77c
Both online and offline using the cache.
The rationale behind this change is that in the current state of
affairs, `TestPartiallyMaliciousSet()` fails in a way that cannot be
reconciled without this sort of change.
The test exercises a scenario where the beatmap being imported has an
online ID in the `.osu` file, but its hash does not match the online
hash of the beatmap. This turns out to be a more frequent scenario than
envisioned because of users doing stupid things with manual file editing
rather than reporting issues properly.
The scenario is realistic only because the behaviour of the endpoint
responsible for looking up beatmaps is such that if multiple parameters
are given (e.g. all three of beatmap MD5, online ID, and filename), it
will try the three in succession:
f6b341813b/app/Http/Controllers/BeatmapsController.php (L260-L266)
and the local metadata cache implementation reflected this
implementation.
Because online ID and filename are inherently unreliable in this
scenario due to being directly manipulable by clueless or malicious
users, neither should not be used as a fallback.
46 lines
1.4 KiB
C#
46 lines
1.4 KiB
C#
// Copyright (c) ppy Pty Ltd <contact@ppy.sh>. Licensed under the MIT Licence.
|
|
// See the LICENCE file in the repository root for full licence text.
|
|
|
|
using System.Globalization;
|
|
using osu.Framework.IO.Network;
|
|
using osu.Game.Beatmaps;
|
|
using osu.Game.Online.API.Requests.Responses;
|
|
|
|
namespace osu.Game.Online.API.Requests
|
|
{
|
|
public class GetBeatmapRequest : APIRequest<APIBeatmap>
|
|
{
|
|
public readonly int OnlineID = -1;
|
|
public readonly string? MD5Hash;
|
|
public readonly string? Filename;
|
|
|
|
public GetBeatmapRequest(IBeatmapInfo beatmapInfo)
|
|
{
|
|
OnlineID = beatmapInfo.OnlineID;
|
|
MD5Hash = beatmapInfo.MD5Hash;
|
|
Filename = (beatmapInfo as BeatmapInfo)?.Path ?? string.Empty;
|
|
}
|
|
|
|
public GetBeatmapRequest(string md5Hash)
|
|
{
|
|
MD5Hash = md5Hash;
|
|
}
|
|
|
|
protected override WebRequest CreateWebRequest()
|
|
{
|
|
var request = base.CreateWebRequest();
|
|
|
|
if (OnlineID > 0)
|
|
request.AddParameter(@"id", OnlineID.ToString(CultureInfo.InvariantCulture));
|
|
if (!string.IsNullOrEmpty(MD5Hash))
|
|
request.AddParameter(@"checksum", MD5Hash);
|
|
if (!string.IsNullOrEmpty(Filename))
|
|
request.AddParameter(@"filename", Filename);
|
|
|
|
return request;
|
|
}
|
|
|
|
protected override string Target => @"beatmaps/lookup";
|
|
}
|
|
}
|