SVSim/SVSimServer
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

docs(battlenode): document four latent low-tier hygiene hazards

Browse Source 
Comment-only; behavior-preserving; 231 BattleNode tests green.

- OutboundSequencer._archive: name the unbounded-per-match growth + ack-prune point.
- NodeCrypto.BuildAes: SECURITY remarks on key-derived IV reuse + base64 entropy loss;
  warn against caching the session key.
- MatchContext/BattlePlayer: FOOTGUN notes on reference-based record equality over the deck list.
- RecordTokensFrom: TRUST note on isSelf/idx overwrite; name the idx>deckCount guard for
  untrusted peers (not added — trusted-LAN today).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
gamer147
2026-06-05 08:11:13 -04:00
parent 1007cf24d2
commit 9ff8948903
5 changed files with 29 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
SVSim.BattleNode/Sessions/Dispatch/BattleSessionState.cs
View File

@@ -84,6 +84,11 @@ internal sealed class BattleSessionState
/// Echo is mined but never relayed.</summary>
public void RecordTokensFrom(IBattleParticipant from, IBattleParticipant other, object? orderList)
{
// TRUST: isSelf is the SENDER's own perspective flag and idx is unbounded, while RecordToken
// overwrites-on-conflict. A buggy/malicious sender could pass isSelf:0 with a deck-range idx to
// rewrite the OPPONENT's card identity at a seeded slot. Acceptable for the current trusted-LAN
// relay; if peers ever become untrusted, gate on `idx > deckCount` here (generated tokens always
// allocate past the deck) so a sender can't forge over seeded deck cards.
foreach (var (idx, cardId, isSelf) in KnownListBuilder.MineAddOps(orderList))
RecordToken(isSelf == CardOwner.Self ? from : other, idx, cardId);
}