悪意のある入力に対処

bcdice · Apr 12, 2021 · c302300 · c302300
1 parent f932f2a
commit c302300
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 9 deletions.
diff --git a/lib/bcdice/game_system/LogHorizon.rb b/lib/bcdice/game_system/LogHorizon.rb
@@ -244,7 +244,7 @@ def roll(cr, modifier, randomizer)
 
       # 財宝表ロール
       def roll_treasure(command)
-        m = /^TRS(\d+)*([+\-\d]+)?$/.match(command)
+        m = /^TRS(\d+)?([+\-\d]+)?$/.match(command)
         return nil unless m
 
         character_rank = m[1].to_i
@@ -261,7 +261,7 @@ def roll_treasure(command)
 
       ### 財宝表 ###
       def roll_treasure_table(command)
-        m = /^([CMIHG]TRS)(\d+)*([+\-\d]+)?(\$)?$/.match(command)
+        m = /^([CMIHG]TRS)(\d+)?([+\-\d]+)?(\$)?$/.match(command)
         return nil unless m
 
         type = m[1]
@@ -286,7 +286,7 @@ def construct_treasure_table(type)
 
       # 拡張ルール財宝表
       def roll_treasure_table_b2(command)
-        m = /^([CMIO]TRSE)(\d+)*([+\-\d]+)?(\$)?$/.match(command)
+        m = /^([CMIO]TRSE)(\d+)?([+\-\d]+)?(\$)?$/.match(command)
         return nil unless m
 
         type = m[1]

diff --git a/lib/bcdice/game_system/Paradiso.rb b/lib/bcdice/game_system/Paradiso.rb
@@ -25,7 +25,7 @@ class Paradiso < Base
         　例）DC4:【攻撃力】4でダメージチェック　DC5[20]:【攻撃力】5でダメージチェック、うち1つは20mm機銃　DC5[20,30]:【攻撃力】5でダメージチェック、うち1つは20mm機銃、うち1つは30mmガンポッド
       MESSAGETEXT
 
-      register_prefix('(\d+)*D20<=', '(\d+)*CP', 'RMT', 'TOT', 'EXT', 'SUT', 'DC(\d+)')
+      register_prefix('\d*D20<=', '\d*CP', 'RMT', 'TOT', 'EXT', 'SUT', 'DC(\d+)')
 
       def eval_game_system_specific_command(command) # ダイスロールコマンド
         # 通常判定部分をgetJudgeResultコマンドに切り分け
@@ -53,13 +53,13 @@ def eval_game_system_specific_command(command) # ダイスロールコマンド
       # 通常判定
       def getJudgeResult(command)
         case command
-        when /^(\d+)*D20<=(\d+)?(\[(\d+)(,(\d+))?\])?(@(\d+))?$/i
+        when /^(\d+)?D20<=(\d+)?(\[(\d+)(,(\d+))?\])?(@(\d+))?$/i
           number = (Regexp.last_match(1) || 1).to_i # ダイス数。省略時は1
           target = (Regexp.last_match(2) || 14).to_i # 目標値。省略時は14  if 空白 then 14 else 記載の値
           fumble1 = (Regexp.last_match(4) || 21).to_i # 追加ファンブル値。省略時は21
           fumble2 = (Regexp.last_match(6) || 21).to_i # 追加ファンブル値。省略時は21
           critical = (Regexp.last_match(8) || 21).to_i # 追加クリティカル値。省略時は21
-        when /^(\d+)*CP(\d+)?(\[(\d+)(,(\d+))?\])?(@(\d+))?$/i
+        when /^(\d+)?CP(\d+)?(\[(\d+)(,(\d+))?\])?(@(\d+))?$/i
           number = (Regexp.last_match(1) || 1).to_i
           target = (Regexp.last_match(2) || 14).to_i
           fumble1 = (Regexp.last_match(4) || 21).to_i

diff --git a/lib/bcdice/game_system/SterileLife.rb b/lib/bcdice/game_system/SterileLife.rb
@@ -37,8 +37,7 @@ class SterileLife < Base
         　・超未来の宇宙船内　INT
       MESSAGETEXT
 
-      register_prefix('(\d+)*DA.*\[(\d+),(\d+)(,(\d+))?\]', 'VPFT', 'VNFT', 'VNRT', 'AAFT', 'AST', 'RNST', 'RET', 'TRST', 'TRAT', 'TRMT', 'TROT', 'TET', 'ENT', 'CUT', 'NAT', 'INT') # '(\d+)*DA.*\[.*\]'
-
+      register_prefix('\d*DA.*\[(\d+),(\d+)(,(\d+))?\]', 'VPFT', 'VNFT', 'VNRT', 'AAFT', 'AST', 'RNST', 'RET', 'TRST', 'TRAT', 'TRMT', 'TROT', 'TET', 'ENT', 'CUT', 'NAT', 'INT')
       def eval_game_system_specific_command(command) # ダイスロールコマンド
         # 通常判定部分をgetJudgeResultコマンドに切り分け
         output = getJudgeResult(command)
@@ -104,7 +103,7 @@ def eval_game_system_specific_command(command) # ダイスロールコマンド
 
       def getJudgeResult(command)
         case command
-        when /(\d+)*DA([\d+*\-]*\d)?\[(\d+),(\d+)(,(\d+))?\]/i
+        when /(\d+)?DA([\d+*\-]*\d)?\[(\d+),(\d+)(,(\d+))?\]/i
           number = (Regexp.last_match(1) || 1).to_i
           correction = (Regexp.last_match(2) || 0).to_i
           single = (Regexp.last_match(3) || 4).to_i