refactor(security): address code review feedback on extension validation

Author: bobtista

Core/GameEngine/Include/Common/FileSystem.h

@@ -161,7 +161,6 @@ class FileSystem : public SubsystemInterface
 
 	static AsciiString normalizePath(const AsciiString& path);	///< normalizes a file path. The path can refer to a directory. File path must be absolute, but does not need to exist. Returns an empty string on failure.
 	static Bool isPathInDirectory(const AsciiString& testPath, const AsciiString& basePath);	///< determines if a file path is within a base path. Both paths must be absolute, but do not need to exist.
-	static Bool hasValidTransferFileExtension(const AsciiString& filePath);	///< validates that a file path has an approved extension for map transfer operations. Returns true if extension is whitelisted (.map, .ini, .str, .wak, .tga, .txt), false otherwise. TheSuperHackers @security bobtista 06/11/2025
 
 protected:
 #if ENABLE_FILESYSTEM_EXISTENCE_CACHE

Core/GameEngine/Source/Common/System/FileSystem.cpp

@@ -457,47 +457,3 @@ Bool FileSystem::isPathInDirectory(const AsciiString& testPath, const AsciiStrin
 
 	return true;
 }
-
-//============================================================================
-// FileSystem::hasValidTransferFileExtension
-//============================================================================
-// TheSuperHackers @security bobtista 06/11/2025
-// Validates file extensions for map transfer operations to prevent arbitrary
-// file types from being transferred over the network or loaded from save games.
-// This is a security measure to mitigate arbitrary file write vulnerabilities.
-//============================================================================
-Bool FileSystem::hasValidTransferFileExtension(const AsciiString& filePath)
-{
-	static const char* validExtensions[] = {
-		".map",
-		".ini",
-		".str",
-		".wak",
-		".tga",
-		".txt"
-	};
-	static const Int numValidExtensions = sizeof(validExtensions) / sizeof(validExtensions[0]);
-
-	const char* lastDot = strrchr(filePath.str(), '.');
-
-	if (lastDot == NULL || lastDot[1] == '\0')
-	{
-		DEBUG_LOG(("File path '%s' has no extension.", filePath.str()));
-		return false;
-	}
-
-	for (Int i = 0; i < numValidExtensions; ++i)
-	{
-#ifdef _WIN32
-		if (_stricmp(lastDot, validExtensions[i]) == 0)
-#else
-		if (strcasecmp(lastDot, validExtensions[i]) == 0)
-#endif
-		{
-			return true;
-		}
-	}
-
-	DEBUG_LOG(("File path '%s' has invalid extension '%s' for transfer operations.", filePath.str(), lastDot));
-	return false;
-}

Generals/Code/GameEngine/Source/Common/System/SaveGame/GameState.cpp

@@ -933,13 +933,6 @@ AsciiString GameState::portableMapPathToRealMapPath(const AsciiString& in) const
 		return AsciiString::TheEmptyString;
 	}
 
-	// TheSuperHackers @security bobtista 06/11/2025 Validate file extension to prevent arbitrary file types
-	if (!FileSystem::hasValidTransferFileExtension(prefix))
-	{
-		DEBUG_LOG(("File path '%s' has invalid extension for map transfer operations.", prefix.str()));
-		return AsciiString::TheEmptyString;
-	}
-
 	prefix.toLower();
 	return prefix;
 }

GeneralsMD/Code/GameEngine/Source/Common/System/SaveGame/GameState.cpp

@@ -933,13 +933,6 @@ AsciiString GameState::portableMapPathToRealMapPath(const AsciiString& in) const
 		return AsciiString::TheEmptyString;
 	}
 
-	// TheSuperHackers @security bobtista 06/11/2025 Validate file extension to prevent arbitrary file types
-	if (!FileSystem::hasValidTransferFileExtension(prefix))
-	{
-		DEBUG_LOG(("File path '%s' has invalid extension for map transfer operations.", prefix.str()));
-		return AsciiString::TheEmptyString;
-	}
-
 	prefix.toLower();
 	return prefix;
 }