WoWInterface

WoWInterface (https://www.wowinterface.com/forums/index.php)
-   Lua/XML Help (https://www.wowinterface.com/forums/forumdisplay.php?f=16)
-   -   How to deal with taint issues? (https://www.wowinterface.com/forums/showthread.php?t=58021)

maqjav 05-24-20 07:30 AM
How to deal with taint issues?
 
Hello!

I've been the whole morning trying to understand the taint logs and why I'm getting this error in my addon and it doens't make too much sence to me. This is the first time I have to deal with something like this, so I'm a little bit lost.

Here is the log:
Code:
5/24 14:59:11.579  Global variable INTERFACE_ACTION_BLOCKED_SHOWN tainted by RareScanner - Interface\FrameXML\UIParent.lua:5448 DisplayInterfaceActionBlockedMessage()
5/24 14:59:11.579      Interface\FrameXML\UIParent.lua:3282 CheckProtectedFunctionsAllowed()
5/24 14:59:11.579      Interface\FrameXML\UIParent.lua:3294 ShowUIPanel()
5/24 14:59:11.579      Interface\AddOns\Blizzard_EncounterJournal\Blizzard_EncounterJournal.lua:2378 EncounterJournal_OpenJournal()
5/24 14:59:11.579      Interface\AddOns\Blizzard_SharedMapDataProviders\DungeonEntranceDataProvider.lua:33 <unnamed>:OnClick()
5/24 14:59:11.579      Interface\AddOns\Blizzard_MapCanvas\Blizzard_MapCanvas.lua:124
5/24 14:59:11.579  Execution tainted by RareScanner while reading EncounterJournalBossButton1 - Interface\AddOns\Blizzard_EncounterJournal\Blizzard_EncounterJournal.lua:1720 EncounterJournal_ClearDetails()
5/24 14:59:11.579      Interface\AddOns\Blizzard_EncounterJournal\Blizzard_EncounterJournal.lua:692 EncounterJournal_DisplayInstance()
5/24 14:59:11.579      Interface\AddOns\Blizzard_EncounterJournal\Blizzard_EncounterJournal.lua:2381 EncounterJournal_OpenJournal()
5/24 14:59:11.579      Interface\AddOns\Blizzard_SharedMapDataProviders\DungeonEntranceDataProvider.lua:33 <unnamed>:OnClick()
5/24 14:59:11.579      Interface\AddOns\Blizzard_MapCanvas\Blizzard_MapCanvas.lua:124
And according to that stacktrace, the line affected is:
Code:
Interface\AddOns\Blizzard_EncounterJournal\Blizzard_EncounterJournal.lua:1720 EncounterJournal_ClearDetails():

1719: local bossIndex = 1
1720: local bossButton = _G["EncounterJournalBossButton"..bossIndex];
The error occurs while I'm in combat and I try to click on a "raid" or "dungeon" icon on the worldmap.

My addon doesn't use anything from the EncounterJournal, so I imagine this error comes from somewhere else.

Ideas? I'm not asking for the solution, I'm asking for a guide of how can I find the relation between that error and my bug.

Thanks.

Ketho 05-24-20 07:55 AM
Not sure but it might be taint from WorldMapFrame:AddDataProvider() or something else tainting the WorldMapFrame

Which in turn would show an interface action blocked message when calling ShowUIPanel() in combat from now-tainted code

maqjav 05-24-20 08:28 AM
Hey Ketho.

Thanks for your answer.

The first thing I did was to comment the parts of the code where I was using the "WorldMapFrame", which are in 2 places:
- WorldMapFrame:AddDataProvider()
- WorldMapFrame.overlayFrames

I also modified the library HereBeDragons that I use in my addon to stop using the WorldMapFrame. But yet... the error persists.

Cheers.

sylvanaar 05-24-20 08:50 AM
It says that you have tainted EncounterJournalBossButton1 at some point. You will need to look further back in the log to find out where.

Then, during the defualt UI's execution - it read EncounterJournalBossButton1 and tainted itself.

You should post the whole taint log

MunkDev 05-24-20 09:03 AM
Taint is pretty easy to understand, but these forums make it complicated by saying "you can't trust the logs". What you basically need to do is look for any piece of code that modifies existing Blizzard code without using provided widget API. The problem with taint is generally that you replace methods or variables used in secure scopes, or that you call a method/function that has side effects.

What you can't safely do:
Lua Code:
  1. -- this can spread taint if the method has side effects,
  2. -- such as modifying a table or variable which can be accessed by secure code
  3. SomeBlizzardFrame:MethodImplementedInLua(...);
  4. -- this will taint a key in the table SomeBlizzardFrame,
  5. -- because you modified it from insecure code
  6. SomeBlizzardFrame.someTableKeyUsedByBlizzard = someValue;
  7.  
  8. -- this is a bad way of hooking/replacing a method.
  9. -- the only way to do it correctly is to use hooksecurefunc
  10. local oldFunction = SomeBlizzardFrame.FunctionYouWantToHook;
  11. function SomeBlizzardFrame:FunctionYouWantToHook(...)
  12.     -- do something new
  13.     oldFunction(self, ...);
  14. end
  15.  
  16. -- this variable is now tainted, and if it's accessed by secure code,
  17. -- the entire execution path thereafter will also be tainted
  18. A_BLIZZARD_GLOBAL_USED_SOMEWHERE = someValue;

The issue with calling existing methods implemented in pure Lua (if you can find the function definition in the Lua source code, it's risky to call it) can be a bit obscure, but I'll show you an example. Let's say you have a function like this:
Lua Code:
  1. function SomeBlizzardFrame:MethodImplementedInLua(...)
  2.     -- function does a bunch of things, but at the end...
  3.     self.update = true;
  4. end
The last line there will taint the frame if YOU call it, but not if Blizzard calls it. This is a side effect, meaning that the function does not only affect the data you send to it, but also some data that persists after the function call. Generally, methods like this that add things to datasets, or stores them somewhere using a normal table, will spread your taint.

Blizzard has workarounds for some things that addons need to be able to access, and in that case you will find Blizzard using securecall to wrap the function call in a secure closure (meaning taint will not affect the outcome), or the opposite forceinsecure to say "we don't know this next bit of code is going to be safe".

The reason you get a weird reference to something you haven't even touched, is that you touched the code somewhere BEFORE that line was executed, which is when the tainted execution path was discovered. You can't trust the log in that sense, but tracing back from where the error occurred will lead to where you modified something that eventually carried taint to the breaking point.

As a rule of thumb, it's easier to look for places where you used/modified existing code indiscriminately, than it is to follow the stack trace from a taint error.

maqjav 05-24-20 09:58 AM
MunkDev, thank you very much for your guide.
That's actually what I was looking for.

I've been reading about taint in other places and they make it sound so complicated, when actually is fairly simple. Too bad I didn't have this information when I started to develope the addon, now I will have to review all the code to see where I'm doing the things wrong.

Cheers.

Xrystal 05-24-20 01:20 PM
Ditto on that thanks .. it appears nUI's old code used alot of *bad* functionality that was all that was known way back when I assume ... the addon is almost as old as wow rofl.

I'll have to book mark this thread so I can go back to it when I want to go through my addons and make sure that I am not doing anything just as bad myself rofl.


All times are GMT -6. The time now is 10:36 AM.

vBulletin © 2024, Jelsoft Enterprises Ltd
© 2004 - 2022 MMOUI