Claude/addon improvements 011 cun2oh u fo gz d5 fy yvzd1 q#13
Open
Claude/addon improvements 011 cun2oh u fo gz d5 fy yvzd1 q#13
Conversation
Conducted thorough security analysis of LootMonitor addon: - Identified 9 security vulnerabilities (0 critical, 3 medium, 6 low) - Reviewed input validation, resource management, and data storage - Provided detailed recommendations with code examples - Documented positive security findings and code quality observations Key findings: - Quantity integer overflow risk - Unlimited item name length - SavedVariables type confusion - OnUpdate frame resource exhaustion - Position value validation missing Overall risk: LOW-MEDIUM Recommendation: APPROVE with suggested fixes Generated with Claude Code (https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Fixed all 9 vulnerabilities identified in security audit:
1. Quantity Integer Overflow (MEDIUM)
- Added bounds checking (max 999) in ExtractQuantityFromMessage()
- Cap values exceeding limit to prevent overflow
2. Unlimited Item Name Length (MEDIUM)
- Limit item names to 100 characters in AddLootItem()
- Truncate with "..." for longer names
3. Saved Variable Type Confusion (MEDIUM)
- Added type validation in OnLoad()
- Validate all saved variable types match defaults
- Validate nested position table structure
4. Unconstrained Position Values (LOW)
- Added range validation (-2000 to 2000) in CreateNotificationFrame()
- Prevent off-screen frame positioning
5. Rate Limiting on Message Processing (LOW)
- Added 50ms throttle to all message processing functions
- ProcessLootMessage, ProcessMoneyMessage, ProcessSystemMessage
6. Resource Exhaustion via OnUpdate Frames (MEDIUM)
- Added global OnUpdate frame limit (max 15)
- Track active frames and enforce limit
- Decrement counter on cleanup
- Applied to all OnUpdate creating functions:
* ScheduleQuestItemCheck
* ScheduleTotalCountUpdate
* ScheduleIconSearch
* StartGlowAnimation
* StartNotificationAnimation
7. Color Code Parsing Validation (LOW)
- Added validation to prevent nil arithmetic in UpdateNotificationText()
- Check tonumber() results before division
8. getglobal() Bounds Checking (LOW)
- Added validation (1-30) to numLines in IsQuestItem()
- Prevent unsafe getglobal usage with invalid indices
9. Pattern Injection Prevention (LOW)
- Already mitigated with pre-compiled patterns
- No additional changes needed
All fixes include inline security comments marking changes.
Overall security posture improved from LOW-MEDIUM to LOW.
Generated with Claude Code (https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Security fixes have been implemented directly in code. Audit documentation no longer needed in repository. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Implemented comprehensive enhancements to the addon:
## New Features:
1. **Item Quality Filtering**
- Filter notifications by item quality (Poor to Legendary)
- Minimum quality threshold setting
- Per-quality toggle controls
- GetItemQuality() helper function
2. **Sound Notifications**
- Quality-based sound effects
- Volume control
- Uses vanilla 1.12.1 sound files
- Different sounds for Epic/Rare/Uncommon items
3. **Blacklist/Whitelist System**
- Hide specific items (blacklist)
- Always show specific items (whitelist)
- Whitelist overrides quality filters
- ShouldFilterItem() filtering logic
4. **Loot History & Statistics**
- Track all looted items with timestamps
- Session statistics (items looted, session time)
- Configurable history size (default 100 items)
- Persistent storage via LootMonitorHistory
5. **Click Interactions**
- Hover to show item tooltip
- Click to insert item link in chat
- Mouse-enabled notification frames
- GameTooltip integration
6. **Minimap Button**
- Draggable position on minimap
- Quick access to settings
- Tooltip with session stats
- Can be hidden via settings
7. **Animation Styles**
- Three animation types: fade, slide, bounce
- Bounce includes overshoot effect
- Configurable per-notification
- Smooth transitions
8. **Enhanced Data Management**
- DeepCopy() function for nested tables
- Improved SavedVariables validation
- Better type checking on load
- Support for color/table settings
## Technical Improvements:
- Expanded defaults with 20+ new settings
- Better OnLoad() initialization
- Session tracking system
- Quality-based filtering pipeline
- Sound playback system
- History management with size limits
## Files Modified:
- LootMonitor.lua: +500 lines of new functionality
- LootMonitor.toc: Updated to v2.0, added LootMonitorHistory
## Settings Added:
- minQuality, qualityFilter{}
- soundEnabled, soundVolume, qualitySounds
- blacklist{}, whitelist{}, useWhitelist
- trackHistory, historyMaxItems
- clickToLink, clickTooltip
- fontFace, fontSize, fontOutline
- backgroundColor{}, borderColor{}
- animationStyle, stackDirection
- minimapButton{}
All features maintain vanilla 1.12.1 API compatibility.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
This PR is being reviewed by Cursor BugbotDetailsYou are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle. To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial. |
Bug: Minimap Button Drag Error in Lua 5.0The minimap button's drag logic uses |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.