Upstream/Plan
1
0
Fork 0
mirror of https://github.com/plan-player-analytics/Plan.git synced 2024-12-29 04:27:53 +01:00
Code Issues Projects Releases Wiki Activity

Fixed Security Vulnerability: #477

Browse Source
This commit is contained in:
Rsl1122 2017-12-16 13:57:28 +02:00
parent 80018df960
commit f7ec19b8b3
8 changed files with 76 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Plan/src/main/java/com/djrapitops/plan/Plan.java
View File

@ -167,7 +167,6 @@ public class Plan extends BukkitPlugin implements IPlan {
serverInfoManager = new BukkitServerInfoManager(this); serverInfoManager = new BukkitServerInfoManager(this);
infoManager = new BukkitInformationManager(this); infoManager = new BukkitInformationManager(this);
WebServerSystem.getInstance().init(); WebServerSystem.getInstance().init();
if (!WebServerSystem.isWebServerEnabled()) { if (!WebServerSystem.isWebServerEnabled()) {
if (Settings.WEBSERVER_DISABLED.isTrue()) { if (Settings.WEBSERVER_DISABLED.isTrue()) {
@ -178,6 +177,7 @@ public class Plan extends BukkitPlugin implements IPlan {
} }
} }
serverInfoManager.updateServerInfo(); serverInfoManager.updateServerInfo();
infoManager.updateConnection();
Benchmark.stop("Enable", "WebServer Initialization"); Benchmark.stop("Enable", "WebServer Initialization");

20
Plan/src/main/java/com/djrapitops/plan/PlanBungee.java
View File

@ -8,6 +8,8 @@ import com.djrapitops.plugin.BungeePlugin;
import com.djrapitops.plugin.StaticHolder; import com.djrapitops.plugin.StaticHolder;
import com.djrapitops.plugin.api.Benchmark; import com.djrapitops.plugin.api.Benchmark;
import com.djrapitops.plugin.api.config.Config; import com.djrapitops.plugin.api.config.Config;
import com.djrapitops.plugin.api.systems.TaskCenter;
import com.djrapitops.plugin.api.utility.log.DebugLog;
import com.djrapitops.plugin.api.utility.log.Log; import com.djrapitops.plugin.api.utility.log.Log;
import com.djrapitops.plugin.settings.ColorScheme; import com.djrapitops.plugin.settings.ColorScheme;
import com.djrapitops.plugin.task.RunnableFactory; import com.djrapitops.plugin.task.RunnableFactory;
@ -53,6 +55,8 @@ public class PlanBungee extends BungeePlugin implements IPlan {
private ProcessingQueue processingQueue; private ProcessingQueue processingQueue;
private boolean setupAllowed = false;
@Override @Override
public void onEnable() { public void onEnable() {
super.onEnable(); super.onEnable();
@ -72,8 +76,6 @@ public class PlanBungee extends BungeePlugin implements IPlan {
Theme.getInstance().init(); Theme.getInstance().init();
DBSystem.getInstance().init(); DBSystem.getInstance().init();
registerCommand("planbungee", new PlanBungeeCommand(this));
String ip = variableHolder.getIp(); String ip = variableHolder.getIp();
if ("0.0.0.0".equals(ip)) { if ("0.0.0.0".equals(ip)) {
Log.error("IP setting still 0.0.0.0 - Configure AlternativeIP/IP that connects to the Proxy server."); Log.error("IP setting still 0.0.0.0 - Configure AlternativeIP/IP that connects to the Proxy server.");
@ -103,8 +105,8 @@ public class PlanBungee extends BungeePlugin implements IPlan {
} catch (Exception e) { } catch (Exception e) {
Log.error("Plugin Failed to Initialize Correctly."); Log.error("Plugin Failed to Initialize Correctly.");
Log.toLog(this.getClass().getName(), e); Log.toLog(this.getClass().getName(), e);
onDisable();
} }
registerCommand("planbungee", new PlanBungeeCommand(this));
} }
public static PlanBungee getInstance() { public static PlanBungee getInstance() {
@ -122,7 +124,9 @@ public class PlanBungee extends BungeePlugin implements IPlan {
} }
systems.close(); systems.close();
Log.info(Locale.get(Msg.DISABLED).toString()); Log.info(Locale.get(Msg.DISABLED).toString());
super.onDisable(); Benchmark.pluginDisabled(PlanBungee.class);
DebugLog.pluginDisabled(PlanBungee.class);
TaskCenter.cancelAllKnownTasks(PlanBungee.class);
} }
@Override @Override
@ -200,4 +204,12 @@ public class PlanBungee extends BungeePlugin implements IPlan {
public Systems getSystems() { public Systems getSystems() {
return systems; return systems;
} }
public boolean isSetupAllowed() {
return setupAllowed;
}
public void setSetupAllowed(boolean setupAllowed) {
this.setupAllowed = setupAllowed;
}
} }

5
Plan/src/main/java/com/djrapitops/plan/command/PlanBungeeCommand.java
View File

@ -27,7 +27,7 @@ public class PlanBungeeCommand extends TreeCommand<PlanBungee> {
* @param plugin Current instance of Plan * @param plugin Current instance of Plan
*/ */
public PlanBungeeCommand(PlanBungee plugin) { public PlanBungeeCommand(PlanBungee plugin) {
super(plugin, "planbungee", CommandType.CONSOLE, "", "", "planbungee"); super(plugin, "planbungee", CommandType.CONSOLE, Permissions.MANAGE.getPermission(), "", "planbungee");
super.setDefaultCommand("help"); super.setDefaultCommand("help");
super.setColorScheme(plugin.getColorScheme()); super.setColorScheme(plugin.getColorScheme());
} }
@ -42,7 +42,8 @@ public class PlanBungeeCommand extends TreeCommand<PlanBungee> {
add( add(
new ReloadCommand(plugin), new ReloadCommand(plugin),
new StatusCommand<>(plugin, Permissions.MANAGE.getPermission(), plugin.getColorScheme()), new StatusCommand<>(plugin, Permissions.MANAGE.getPermission(), plugin.getColorScheme()),
new ListCommand() new ListCommand(),
new BungeeSetupToggleCommand(plugin)
); );
RegisterCommand registerCommand = new RegisterCommand(plugin); RegisterCommand registerCommand = new RegisterCommand(plugin);
add( add(

39
Plan/src/main/java/com/djrapitops/plan/command/commands/BungeeSetupToggleCommand.java Normal file
View File

@ -0,0 +1,39 @@
/*
* Licence is provided in the jar as license.yml also here:
* https://github.com/Rsl1122/Plan-PlayerAnalytics/blob/master/Plan/src/main/resources/license.yml
*/
package main.java.com.djrapitops.plan.command.commands;
import com.djrapitops.plugin.command.CommandType;
import com.djrapitops.plugin.command.ISender;
import com.djrapitops.plugin.command.SubCommand;
import main.java.com.djrapitops.plan.PlanBungee;
import main.java.com.djrapitops.plan.settings.Permissions;
/**
* //TODO Class Javadoc Comment
*
* @author Rsl1122
*/
public class BungeeSetupToggleCommand extends SubCommand {
private final PlanBungee plugin;
public BungeeSetupToggleCommand(PlanBungee plugin) {
super("setup", CommandType.ALL, Permissions.MANAGE.getPermission(), "Toggle Setup mode for Bungee");
this.plugin = plugin;
}
@Override
public boolean onCommand(ISender sender, String s, String[] strings) {
boolean setupAllowed = plugin.isSetupAllowed();
if (setupAllowed) {
plugin.setSetupAllowed(false);
} else {
plugin.setSetupAllowed(true);
}
String msg = !setupAllowed ? "§aSet-up is now Allowed" : "§cSet-up is now Forbidden";
sender.sendMessage(msg);
return true;
}
}

3
Plan/src/main/java/com/djrapitops/plan/command/commands/manage/ManageSetupCommand.java
View File

@ -7,6 +7,7 @@ import com.djrapitops.plugin.command.ISender;
import com.djrapitops.plugin.command.SubCommand; import com.djrapitops.plugin.command.SubCommand;
import main.java.com.djrapitops.plan.Plan; import main.java.com.djrapitops.plan.Plan;
import main.java.com.djrapitops.plan.api.exceptions.WebAPIException; import main.java.com.djrapitops.plan.api.exceptions.WebAPIException;
import main.java.com.djrapitops.plan.api.exceptions.WebAPIForbiddenException;
import main.java.com.djrapitops.plan.settings.Permissions; import main.java.com.djrapitops.plan.settings.Permissions;
import main.java.com.djrapitops.plan.settings.Settings; import main.java.com.djrapitops.plan.settings.Settings;
import main.java.com.djrapitops.plan.settings.locale.Locale; import main.java.com.djrapitops.plan.settings.locale.Locale;
@ -70,6 +71,8 @@ public class ManageSetupCommand extends SubCommand {
// plugin.getWebServer().getWebAPI().getAPI(PingWebAPI.class).sendRequest(address); // plugin.getWebServer().getWebAPI().getAPI(PingWebAPI.class).sendRequest(address);
plugin.getWebServer().getWebAPI().getAPI(RequestSetupWebAPI.class).sendRequest(address); plugin.getWebServer().getWebAPI().getAPI(RequestSetupWebAPI.class).sendRequest(address);
sender.sendMessage("§eConnection successful, Plan may restart in a few seconds, if it doesn't something has gone wrong."); sender.sendMessage("§eConnection successful, Plan may restart in a few seconds, if it doesn't something has gone wrong.");
} catch (WebAPIForbiddenException e) {
sender.sendMessage("§eConnection succeeded, but Bungee has set-up mode disabled - use '/planbungee setup' to enable it.");
} catch (WebAPIException e) { } catch (WebAPIException e) {
Log.toLog(this.getClass().getName(), e); Log.toLog(this.getClass().getName(), e);
sender.sendMessage("§cConnection to Bungee WebServer failed: More info on console"); sender.sendMessage("§cConnection to Bungee WebServer failed: More info on console");

8
Plan/src/main/java/com/djrapitops/plan/systems/info/BukkitInformationManager.java
View File

@ -20,6 +20,7 @@ import main.java.com.djrapitops.plan.systems.info.parsing.AnalysisPageParser;
import main.java.com.djrapitops.plan.systems.info.parsing.InspectPageParser; import main.java.com.djrapitops.plan.systems.info.parsing.InspectPageParser;
import main.java.com.djrapitops.plan.systems.processing.Processor; import main.java.com.djrapitops.plan.systems.processing.Processor;
import main.java.com.djrapitops.plan.systems.webserver.WebServer; import main.java.com.djrapitops.plan.systems.webserver.WebServer;
import main.java.com.djrapitops.plan.systems.webserver.WebServerSystem;
import main.java.com.djrapitops.plan.systems.webserver.pagecache.PageCache; import main.java.com.djrapitops.plan.systems.webserver.pagecache.PageCache;
import main.java.com.djrapitops.plan.systems.webserver.pagecache.PageId; import main.java.com.djrapitops.plan.systems.webserver.pagecache.PageId;
import main.java.com.djrapitops.plan.systems.webserver.response.*; import main.java.com.djrapitops.plan.systems.webserver.response.*;
@ -63,8 +64,7 @@ public class BukkitInformationManager extends InformationManager {
dataCache = new DataCache(plugin); dataCache = new DataCache(plugin);
analysis = new Analysis(plugin); analysis = new Analysis(plugin);
pluginsTabContents = new HashMap<>(); pluginsTabContents = new HashMap<>();
usingAnotherWebServer = false;
updateConnection();
} }
public void updateConnection() { public void updateConnection() {
@ -323,8 +323,7 @@ public class BukkitInformationManager extends InformationManager {
@Override @Override
public boolean attemptConnection() { public boolean attemptConnection() {
WebServer webServer = plugin.getWebServer(); boolean webServerIsEnabled = WebServerSystem.isWebServerEnabled();
boolean webServerIsEnabled = webServer.isEnabled();
boolean previousState = usingAnotherWebServer; boolean previousState = usingAnotherWebServer;
try { try {
@ -350,6 +349,7 @@ public class BukkitInformationManager extends InformationManager {
} finally { } finally {
boolean changedState = previousState != usingAnotherWebServer; boolean changedState = previousState != usingAnotherWebServer;
if (webServerIsEnabled && changedState) { if (webServerIsEnabled && changedState) {
WebServer webServer = WebServerSystem.getInstance().getWebServer();
webServer.stop(); webServer.stop();
webServer.initServer(); webServer.initServer();
} }

2
Plan/src/main/java/com/djrapitops/plan/systems/webserver/response/ForbiddenResponse.java
View File

@ -13,7 +13,7 @@ public class ForbiddenResponse extends ErrorResponse {
} }
public ForbiddenResponse(String msg) { public ForbiddenResponse(String msg) {
super.setHeader("HTTP/1.1 404 Not Found"); super.setHeader("HTTP/1.1 403 Forbidden");
super.setTitle("403 Forbidden - Access Denied"); super.setTitle("403 Forbidden - Access Denied");
super.setParagraph(msg); super.setParagraph(msg);
super.replacePlaceholders(); super.replacePlaceholders();

11
Plan/src/main/java/com/djrapitops/plan/systems/webserver/webapi/bungee/RequestSetupWebAPI.java
View File

@ -1,4 +1,4 @@
/* /*
* Licence is provided in the jar as license.yml also here: * Licence is provided in the jar as license.yml also here:
* https://github.com/Rsl1122/Plan-PlayerAnalytics/blob/master/Plan/src/main/resources/license.yml * https://github.com/Rsl1122/Plan-PlayerAnalytics/blob/master/Plan/src/main/resources/license.yml
*/ */
@ -13,6 +13,7 @@ import main.java.com.djrapitops.plan.PlanBungee;
import main.java.com.djrapitops.plan.api.IPlan; import main.java.com.djrapitops.plan.api.IPlan;
import main.java.com.djrapitops.plan.api.exceptions.WebAPIException; import main.java.com.djrapitops.plan.api.exceptions.WebAPIException;
import main.java.com.djrapitops.plan.systems.info.server.ServerInfo; import main.java.com.djrapitops.plan.systems.info.server.ServerInfo;
import main.java.com.djrapitops.plan.systems.webserver.response.ForbiddenResponse;
import main.java.com.djrapitops.plan.systems.webserver.response.Response; import main.java.com.djrapitops.plan.systems.webserver.response.Response;
import main.java.com.djrapitops.plan.systems.webserver.webapi.WebAPI; import main.java.com.djrapitops.plan.systems.webserver.webapi.WebAPI;
@ -31,6 +32,11 @@ public class RequestSetupWebAPI extends WebAPI {
if (!Check.isBungeeAvailable()) { if (!Check.isBungeeAvailable()) {
return badRequest("Called a Bukkit server."); return badRequest("Called a Bukkit server.");
} }
if (!((PlanBungee) plugin).isSetupAllowed()) {
return new ForbiddenResponse("Setup mode disabled, use /planbungee setup to enable");
}
String serverUUIDS = variables.get("sender"); String serverUUIDS = variables.get("sender");
String webAddress = variables.get("webAddress"); String webAddress = variables.get("webAddress");
String accessCode = variables.get("accessKey"); String accessCode = variables.get("accessKey");
@ -38,7 +44,8 @@ public class RequestSetupWebAPI extends WebAPI {
return badRequest("Variable was null"); return badRequest("Variable was null");
} }
ServerInfo serverInfo = new ServerInfo(-1, UUID.fromString(serverUUIDS), "", webAddress, 0); ServerInfo serverInfo = new ServerInfo(-1, UUID.fromString(serverUUIDS), "", webAddress, 0);
PlanBungee.getInstance().getServerInfoManager().attemptConnection(serverInfo, accessCode);
((PlanBungee) plugin).getServerInfoManager().attemptConnection(serverInfo, accessCode);
return success(); return success();
} }