feat: Vulnerable expansions checker
This commit is contained in:
parent
1f57f97c21
commit
a8bbfc2566
|
@ -57,6 +57,13 @@ public final class PlaceholderAPIConfig {
|
||||||
return plugin.getConfig().getBoolean("debug", false);
|
return plugin.getConfig().getBoolean("debug", false);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean checkVulnerableExpansions() {
|
||||||
|
return plugin.getConfig().getBoolean("check_vulnerable_expansions");
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean preventVulnerableExpansions() {
|
||||||
|
return plugin.getConfig().getBoolean("prevent_vulnerable_expansions");
|
||||||
|
}
|
||||||
|
|
||||||
public Optional<ExpansionSort> getExpansionSort() {
|
public Optional<ExpansionSort> getExpansionSort() {
|
||||||
final String option = plugin.getConfig()
|
final String option = plugin.getConfig()
|
||||||
|
@ -90,4 +97,5 @@ public final class PlaceholderAPIConfig {
|
||||||
return plugin.getConfig().getString("boolean.false", "false");
|
return plugin.getConfig().getString("boolean.false", "false");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -38,6 +38,8 @@ import java.util.concurrent.CompletionException;
|
||||||
import java.util.concurrent.ConcurrentHashMap;
|
import java.util.concurrent.ConcurrentHashMap;
|
||||||
import java.util.concurrent.locks.ReentrantLock;
|
import java.util.concurrent.locks.ReentrantLock;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
|
import me.clip.placeholderapi.PlaceholderAPI;
|
||||||
import me.clip.placeholderapi.PlaceholderAPIPlugin;
|
import me.clip.placeholderapi.PlaceholderAPIPlugin;
|
||||||
import me.clip.placeholderapi.events.ExpansionRegisterEvent;
|
import me.clip.placeholderapi.events.ExpansionRegisterEvent;
|
||||||
import me.clip.placeholderapi.events.ExpansionUnregisterEvent;
|
import me.clip.placeholderapi.events.ExpansionUnregisterEvent;
|
||||||
|
@ -52,6 +54,7 @@ import me.clip.placeholderapi.expansion.cloud.CloudExpansion;
|
||||||
import me.clip.placeholderapi.util.FileUtil;
|
import me.clip.placeholderapi.util.FileUtil;
|
||||||
import me.clip.placeholderapi.util.Futures;
|
import me.clip.placeholderapi.util.Futures;
|
||||||
import me.clip.placeholderapi.util.Msg;
|
import me.clip.placeholderapi.util.Msg;
|
||||||
|
import me.clip.placeholderapi.util.ValidateUtil;
|
||||||
import org.bukkit.Bukkit;
|
import org.bukkit.Bukkit;
|
||||||
import org.bukkit.command.CommandSender;
|
import org.bukkit.command.CommandSender;
|
||||||
import org.bukkit.configuration.file.FileConfiguration;
|
import org.bukkit.configuration.file.FileConfiguration;
|
||||||
|
@ -175,11 +178,20 @@ public final class LocalExpansionManager implements Listener {
|
||||||
if(expansion == null){
|
if(expansion == null){
|
||||||
return Optional.empty();
|
return Optional.empty();
|
||||||
}
|
}
|
||||||
|
|
||||||
Objects.requireNonNull(expansion.getAuthor(), "The expansion author is null!");
|
Objects.requireNonNull(expansion.getAuthor(), "The expansion author is null!");
|
||||||
Objects.requireNonNull(expansion.getIdentifier(), "The expansion identifier is null!");
|
Objects.requireNonNull(expansion.getIdentifier(), "The expansion identifier is null!");
|
||||||
Objects.requireNonNull(expansion.getVersion(), "The expansion version is null!");
|
Objects.requireNonNull(expansion.getVersion(), "The expansion version is null!");
|
||||||
|
|
||||||
|
if(PlaceholderAPIPlugin.getInstance().getPlaceholderAPIConfig().checkVulnerableExpansions() && ValidateUtil.checkExpansion(expansion)) {
|
||||||
|
Msg.warn("Warning expansion %s contains a security vulnerability!", expansion.getIdentifier());
|
||||||
|
Msg.warn("Please update or remove it to prevent security issues.");
|
||||||
|
Msg.warn("If you think this is an error, disable this warning at config.yml.");
|
||||||
|
if(PlaceholderAPIPlugin.getInstance().getPlaceholderAPIConfig().preventVulnerableExpansions()) {
|
||||||
|
return Optional.empty();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (expansion.getRequiredPlugin() != null && !expansion.getRequiredPlugin().isEmpty()) {
|
if (expansion.getRequiredPlugin() != null && !expansion.getRequiredPlugin().isEmpty()) {
|
||||||
if (!Bukkit.getPluginManager().isPluginEnabled(expansion.getRequiredPlugin())) {
|
if (!Bukkit.getPluginManager().isPluginEnabled(expansion.getRequiredPlugin())) {
|
||||||
Msg.warn("Cannot load expansion %s due to a missing plugin: %s", expansion.getIdentifier(),
|
Msg.warn("Cannot load expansion %s due to a missing plugin: %s", expansion.getIdentifier(),
|
||||||
|
|
|
@ -0,0 +1,57 @@
|
||||||
|
/*
|
||||||
|
* This file is part of PlaceholderAPI
|
||||||
|
*
|
||||||
|
* PlaceholderAPI
|
||||||
|
* Copyright (c) 2015 - 2021 PlaceholderAPI Team
|
||||||
|
*
|
||||||
|
* PlaceholderAPI free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation, either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* PlaceholderAPI is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package me.clip.placeholderapi.util;
|
||||||
|
|
||||||
|
import me.clip.placeholderapi.expansion.PlaceholderExpansion;
|
||||||
|
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
public class ValidateUtil {
|
||||||
|
|
||||||
|
private static final List<String> vulnerableExpansions = Arrays.asList(
|
||||||
|
"JavaScript",
|
||||||
|
"StaffFacilities",
|
||||||
|
"Groopi",
|
||||||
|
"Minepacks",
|
||||||
|
"fetch",
|
||||||
|
"Spigotlobby"
|
||||||
|
);
|
||||||
|
|
||||||
|
private static final List<String> expansionVersions = Arrays.asList(
|
||||||
|
"2.1.2",
|
||||||
|
"1.4.4",
|
||||||
|
"ALL",
|
||||||
|
"1.0.7",
|
||||||
|
"ALL",
|
||||||
|
"ALL"
|
||||||
|
);
|
||||||
|
|
||||||
|
public static boolean checkExpansion(final PlaceholderExpansion expansion) {
|
||||||
|
final String expansionName = expansion.getIdentifier();
|
||||||
|
if(!vulnerableExpansions.contains(expansionName)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
final String expansionVersion = expansionVersions.get(vulnerableExpansions.indexOf(expansionName));
|
||||||
|
return expansionVersion.equals("ALL") || !expansionVersion.equals(expansion.getVersion());
|
||||||
|
}
|
||||||
|
}
|
|
@ -12,6 +12,8 @@ check_updates: true
|
||||||
cloud_enabled: true
|
cloud_enabled: true
|
||||||
cloud_sorting: "name"
|
cloud_sorting: "name"
|
||||||
cloud_allow_unverified_expansions: false
|
cloud_allow_unverified_expansions: false
|
||||||
|
check_vulnerable_expansions: true
|
||||||
|
prevent_vulnerable_expansions: true
|
||||||
boolean:
|
boolean:
|
||||||
'true': 'yes'
|
'true': 'yes'
|
||||||
'false': 'no'
|
'false': 'no'
|
||||||
|
|
Loading…
Reference in New Issue