[Crash] Unchecked ss.config.services.ratelimit.* config chains cause multiple crashes

[coderabbitai]

Summary

Services server crashes in multiple locations when ss.config.services.ratelimit nested config is incomplete.

Affected Code

Multiple locations in server-services/:

1. start-services.js:189

ss.config.services.ratelimit.sensitive.cmds.includes(msg.cmd)
// CRASH if ss.config.services.ratelimit.sensitive.cmds is undefined

2-9. src/ratelimit.js Lines 37, 41, 52, 56, 70, 71, 84, 85

ss.config.services.ratelimit.sensitive.reset_interval
ss.config.services.ratelimit.sensitive.max_count
ss.config.services.ratelimit.regular.reset_interval
ss.config.services.ratelimit.regular.max_count
// All crash if intermediate properties undefined

Vulnerability

If config file is incomplete, missing nested properties, or corrupted.

Impact

• Services server crash on startup or first message
• Complete denial of service

Proof of Concept

Start server with incomplete config missing services.ratelimit.sensitive.

Recommended Fix

Use optional chaining throughout:

// start-services.js:189
ss.config?.services?.ratelimit?.sensitive?.cmds?.includes(msg.cmd)

// ratelimit.js
ss.config?.services?.ratelimit?.sensitive?.reset_interval || 5 * 60
ss.config?.services?.ratelimit?.sensitive?.max_count || 5
ss.config?.services?.ratelimit?.regular?.reset_interval || 60
ss.config?.services?.ratelimit?.regular?.max_count || 10

References

• PR: New Blocks & Ported fancyMuzzle flash #43