Security: Analysis mode bypasses game rules with weak validation #86
Description
Summary
The MoveCheckerDirectly and SetCurrentPlayer endpoints in analysis mode bypass normal game rules with minimal validation, potentially allowing corrupt game states.
Risk Level
MEDIUM
Details
Analysis mode allows direct checker placement and player switching, but validation is incomplete.
Current Validation Gaps
- Checks basic point ranges (0-25)
- Checks that source has a checker
- Checks destination doesn't have opponent checker
- Missing checks:
- Total checker count per player (should be 15)
- Valid board state integrity
- Whether the game mode actually allows direct moves
Affected Code
GameHub.cs:722-758-MoveCheckerDirectly()GameHub.cs:763-793-SetCurrentPlayer()GameHub.cs:1509-IsValidDirectMove()- incomplete validation
// Current validation is insufficient
return CountCheckers(engine, sourceColor.Value) <= 15;
// Doesn't verify both players' totals or board consistencyRecommended Fix
- Verify total checker count for both players after direct moves
- Validate board state consistency (no impossible positions)
- Ensure analysis mode is explicitly enabled before allowing direct moves
- Add board state validation method
Impact
- Could create impossible board positions
- May corrupt game engine state
- Could cause crashes or undefined behavior