Closed Jan200101 closed 3 years ago
Jan200101
commented
3 years ago according to https://github.com/PazerOP/tf2_bot_detector/issues/308 this seems to be a known issue really there should be better safeguards for this because this essentially weaponizes TF2 players for bots
iraizo
commented
3 years ago Professional code yet again
andy013
commented
3 years ago this essentially weaponizes TF2 players for bots
How? Doesn't this just determine who sends a chat message? It's hardly the end of the world if the app doesn't send a chat message because a bot is spamming.
ClusterConsultant
commented
3 years ago Jan200101
commented
3 years ago Simply marking someone as a Cheater wont remove them from the list of people using the tool
Users that send a message that fits a specific regex are put in the pool even if that user is a cheater
https://github.com/PazerOP/tf2_bot_detector/blob/e516ab4cce5159d0e7cb8c2b5640c5cb32447477/tf2_bot_detector/ModeratorLogic.cpp#L232-L240
the call to SetUserRunningTool will add the user to the m_PlayersRunningTool set
https://github.com/PazerOP/tf2_bot_detector/blob/e516ab4cce5159d0e7cb8c2b5640c5cb32447477/tf2_bot_detector/ModeratorLogic.cpp#L724-L730
later the contents of the set are checked if they contain a player
https://github.com/PazerOP/tf2_bot_detector/blob/e516ab4cce5159d0e7cb8c2b5640c5cb32447477/tf2_bot_detector/ModeratorLogic.cpp#L720-L723
any malicious player or bot can abuse the fact and get potentially mark themselves as a leader https://github.com/PazerOP/tf2_bot_detector/blob/e516ab4cce5159d0e7cb8c2b5640c5cb32447477/tf2_bot_detector/ModeratorLogic.cpp#L692-L705
I have seen a bot already take advantage of this by spamming the chat with false reports followed by votekick calls