From f7fdd723dca045761f5993b6036d992f1d57f256 Mon Sep 17 00:00:00 2001
From: gsd <mamu@ebal.net>
Date: Tue, 26 Mar 2024 20:18:13 +0300
Subject: [PATCH] allowlist

---
 src/main/java/app/controllers/admin/RconController.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/main/java/app/controllers/admin/RconController.java b/src/main/java/app/controllers/admin/RconController.java
index eff6609..e17299e 100644
--- a/src/main/java/app/controllers/admin/RconController.java
+++ b/src/main/java/app/controllers/admin/RconController.java
@@ -22,6 +22,7 @@ public class RconController {
 
     StatsService statsService;
     private List<String> blockList = List.of(new String[]{"sm_ban", "ban", "sm_unban", "unban"});
+    private List<String> allowList = List.of(new String[]{"sm_map", "map"});
 
     @Autowired
     public RconController(StatsService statsService) {
@@ -38,6 +39,10 @@ public class RconController {
                                        @RequestParam String command) {
         if (blockList.contains(Arrays.stream(command.split(" ")).limit(1).findFirst().orElse("")))
             return new ResponseEntity<>("banned", HttpStatus.OK);
+
+        if (!allowList.contains(Arrays.stream(command.split(" ")).limit(1).findFirst().orElse("")))
+            return new ResponseEntity<>("not allowed", HttpStatus.OK);
+
         return new ResponseEntity<>(statsService.rconExecute(srv, command), HttpStatus.OK);
     }
 }