TotalFreedomMC/VulnerabilityPatcher
1
0
Fork 0
mirror of https://github.com/TotalFreedomMC/VulnerabilityPatcher.git synced 2025-02-05 06:12:46 +00:00
Code Issues Projects Releases Wiki Activity

Commit v1.9

Browse source 
Added a fix to a serious vulnerability in an NBT tag (thanks to Discord user 4785#8781).
Also made sure to only clear specificly large items instead of entire containers directly.
This commit is contained in:
William Bergh 2020-08-15 14:49:51 +02:00
parent cb079cf483
commit 560dc36667
14 changed files with 101 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.idea/compiler.xml
View file

@ -2,6 +2,7 @@
<project version="4">
<component name="CompilerConfiguration">
<bytecodeTargetLevel>
<module name="me.cooljwb.vulnerabilitypatcher.VulnerabilityPatcher" target="1.8" />
<module name="me.cooljwb.vulnerabilitypatcher.VulnerabilityPatcher.main" target="1.8" />
<module name="me.cooljwb.vulnerabilitypatcher.VulnerabilityPatcher.test" target="1.8" />
<module name="VulnerabilityPatcher.main" target="1.8" />

30
.idea/jarRepositories.xml Normal file
View file

@ -0,0 +1,30 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="RemoteRepositoriesConfiguration">
<remote-repository>
<option name="id" value="central" />
<option name="name" value="Maven Central repository" />
<option name="url" value="https://repo1.maven.org/maven2" />
</remote-repository>
<remote-repository>
<option name="id" value="jboss.community" />
<option name="name" value="JBoss Community repository" />
<option name="url" value="https://repository.jboss.org/nexus/content/repositories/public/" />
</remote-repository>
<remote-repository>
<option name="id" value="MavenRepo" />
<option name="name" value="MavenRepo" />
<option name="url" value="https://repo.maven.apache.org/maven2/" />
</remote-repository>
<remote-repository>
<option name="id" value="destroystokyo-repo" />
<option name="name" value="destroystokyo-repo" />
<option name="url" value="https://repo.destroystokyo.com/repository/maven-public/" />
</remote-repository>
<remote-repository>
<option name="id" value="sonatype" />
<option name="name" value="sonatype" />
<option name="url" value="https://oss.sonatype.org/content/groups/public/" />
</remote-repository>
</component>
</project>

3
.idea/libraries/Gradle__junit_junit_4_10.xml
View file

@ -1,5 +1,8 @@
<component name="libraryTable">
<library name="Gradle: junit:junit:4.10">
<ANNOTATIONS>
<root url="jar://$MAVEN_REPOSITORY$/org/jetbrains/externalAnnotations/junit/junit/4.12-an1/junit-4.12-an1-annotations.zip!/" />
</ANNOTATIONS>
<CLASSES>
<root url="jar://$USER_HOME$/.gradle/caches/modules-2/files-2.1/junit/junit/4.10/e4f1766ce7404a08f45d859fb9c226fc9e41a861/junit-4.10.jar!/" />
</CLASSES>

3
.idea/libraries/Gradle__junit_junit_4_12.xml
View file

@ -1,5 +1,8 @@
<component name="libraryTable">
<library name="Gradle: junit:junit:4.12">
<ANNOTATIONS>
<root url="jar://$MAVEN_REPOSITORY$/org/jetbrains/externalAnnotations/junit/junit/4.12-an1/junit-4.12-an1-annotations.zip!/" />
</ANNOTATIONS>
<CLASSES>
<root url="jar://$USER_HOME$/.gradle/caches/modules-2/files-2.1/junit/junit/4.12/2973d150c0dc1fefe998f834810d68f278ea58ec/junit-4.12.jar!/" />
</CLASSES>

3
.idea/libraries/Gradle__org_hamcrest_hamcrest_core_1_1.xml
View file

@ -1,5 +1,8 @@
<component name="libraryTable">
<library name="Gradle: org.hamcrest:hamcrest-core:1.1">
<ANNOTATIONS>
<root url="jar://$MAVEN_REPOSITORY$/org/jetbrains/externalAnnotations/org/hamcrest/hamcrest-core/1.3-an1/hamcrest-core-1.3-an1-annotations.zip!/" />
</ANNOTATIONS>
<CLASSES>
<root url="jar://$USER_HOME$/.gradle/caches/modules-2/files-2.1/org.hamcrest/hamcrest-core/1.1/860340562250678d1a344907ac75754e259cdb14/hamcrest-core-1.1.jar!/" />
</CLASSES>

4
.idea/modules/VulnerabilityPatcher.main.iml
View file

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<module external.linked.project.id="VulnerabilityPatcher:main" external.linked.project.path="$MODULE_DIR$/../.." external.root.project.path="$MODULE_DIR$/../.." external.system.id="GRADLE" external.system.module.group="me.cooljwb.vulnerabilitypatcher" external.system.module.type="sourceSet" external.system.module.version="v1.8" type="JAVA_MODULE" version="4">
<module external.linked.project.id="VulnerabilityPatcher:main" external.linked.project.path="$MODULE_DIR$/../.." external.root.project.path="$MODULE_DIR$/../.." external.system.id="GRADLE" external.system.module.group="me.cooljwb.vulnerabilitypatcher" external.system.module.type="sourceSet" external.system.module.version="v1.9" type="JAVA_MODULE" version="4">
<component name="CheckStyle-IDEA-Module">
<option name="configuration">
<map />
@ -14,7 +14,7 @@
</configuration>
</facet>
</component>
<component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_8">
<component name="NewModuleRootManager">
<output url="file://$MODULE_DIR$/../../build/classes/java/main" />
<exclude-output />
<content url="file://$MODULE_DIR$/../../src/main">

4
.idea/modules/VulnerabilityPatcher.test.iml
View file

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<module external.linked.project.id="VulnerabilityPatcher:test" external.linked.project.path="$MODULE_DIR$/../.." external.root.project.path="$MODULE_DIR$/../.." external.system.id="GRADLE" external.system.module.group="me.cooljwb.vulnerabilitypatcher" external.system.module.type="sourceSet" external.system.module.version="v1.8" type="JAVA_MODULE" version="4">
<module external.linked.project.id="VulnerabilityPatcher:test" external.linked.project.path="$MODULE_DIR$/../.." external.root.project.path="$MODULE_DIR$/../.." external.system.id="GRADLE" external.system.module.group="me.cooljwb.vulnerabilitypatcher" external.system.module.type="sourceSet" external.system.module.version="v1.9" type="JAVA_MODULE" version="4">
<component name="FacetManager">
<facet type="minecraft" name="Minecraft">
<configuration>
@ -9,7 +9,7 @@
</configuration>
</facet>
</component>
<component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_8">
<component name="NewModuleRootManager">
<output-test url="file://$MODULE_DIR$/../../build/classes/java/test" />
<exclude-output />
<content url="file://$MODULE_DIR$/../../src/test">

2
.idea/modules/me.cooljwb.vulnerabilitypatcher.VulnerabilityPatcher.iml
View file

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<module external.linked.project.id="VulnerabilityPatcher" external.linked.project.path="$MODULE_DIR$/../.." external.root.project.path="$MODULE_DIR$/../.." external.system.id="GRADLE" external.system.module.group="me.cooljwb.vulnerabilitypatcher" external.system.module.version="v1.8" type="JAVA_MODULE" version="4">
<module external.linked.project.id="VulnerabilityPatcher" external.linked.project.path="$MODULE_DIR$/../.." external.root.project.path="$MODULE_DIR$/../.." external.system.id="GRADLE" external.system.module.group="me.cooljwb.vulnerabilitypatcher" external.system.module.version="v1.9" type="JAVA_MODULE" version="4">
<component name="CheckStyle-IDEA-Module">
<option name="configuration">
<map />

71
.idea/workspace.xml
View file

@ -2,24 +2,21 @@
<project version="4">
<component name="ChangeListManager">
<list default="true" id="4038a6e9-7d52-4dd0-91ef-d9a12aa1c1b2" name="Default Changelist" comment="Added a fix to the new item name exploit that makes it possible to make clickable text and, made the chest patch work for all containers and so that books are cleared properly...">
<change afterPath="$PROJECT_DIR$/src/main/java/me/cooljwb/vulnerabilitypatcher/patches/Item_Names.java" afterDir="false" />
<change afterPath="$PROJECT_DIR$/.idea/jarRepositories.xml" afterDir="false" />
<change beforePath="$PROJECT_DIR$/.idea/compiler.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/compiler.xml" afterDir="false" />
<change beforePath="$PROJECT_DIR$/.idea/libraries/Gradle__junit_junit_4_10.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/libraries/Gradle__junit_junit_4_10.xml" afterDir="false" />
<change beforePath="$PROJECT_DIR$/.idea/libraries/Gradle__junit_junit_4_12.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/libraries/Gradle__junit_junit_4_12.xml" afterDir="false" />
<change beforePath="$PROJECT_DIR$/.idea/libraries/Gradle__org_hamcrest_hamcrest_core_1_1.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/libraries/Gradle__org_hamcrest_hamcrest_core_1_1.xml" afterDir="false" />
<change beforePath="$PROJECT_DIR$/.idea/modules/VulnerabilityPatcher.main.iml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/modules/VulnerabilityPatcher.main.iml" afterDir="false" />
<change beforePath="$PROJECT_DIR$/.idea/modules/VulnerabilityPatcher.test.iml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/modules/VulnerabilityPatcher.test.iml" afterDir="false" />
<change beforePath="$PROJECT_DIR$/.idea/modules/me.cooljwb.vulnerabilitypatcher.VulnerabilityPatcher.iml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/modules/me.cooljwb.vulnerabilitypatcher.VulnerabilityPatcher.iml" afterDir="false" />
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
<change beforePath="$PROJECT_DIR$/gradle.properties" beforeDir="false" afterPath="$PROJECT_DIR$/gradle.properties" afterDir="false" />
<change beforePath="$PROJECT_DIR$/src/main/java/me/cooljwb/vulnerabilitypatcher/VulnerabilityPatcher.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/me/cooljwb/vulnerabilitypatcher/VulnerabilityPatcher.java" afterDir="false" />
<change beforePath="$PROJECT_DIR$/src/main/java/me/cooljwb/vulnerabilitypatcher/modifiers/NBTModifier_1_13_2.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/me/cooljwb/vulnerabilitypatcher/modifiers/NBTModifier_1_13_2.java" afterDir="false" />
<change beforePath="$PROJECT_DIR$/src/main/java/me/cooljwb/vulnerabilitypatcher/modifiers/NBTModifier_1_14.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/me/cooljwb/vulnerabilitypatcher/modifiers/NBTModifier_1_14.java" afterDir="false" />
<change beforePath="$PROJECT_DIR$/src/main/java/me/cooljwb/vulnerabilitypatcher/modifiers/NBTModifier_1_15.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/me/cooljwb/vulnerabilitypatcher/modifiers/NBTModifier_1_15.java" afterDir="false" />
<change beforePath="$PROJECT_DIR$/src/main/java/me/cooljwb/vulnerabilitypatcher/modifiers/NBTModifier_1_16.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/me/cooljwb/vulnerabilitypatcher/modifiers/NBTModifier_1_16.java" afterDir="false" />
<change beforePath="$PROJECT_DIR$/src/main/java/me/cooljwb/vulnerabilitypatcher/patches/Books.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/me/cooljwb/vulnerabilitypatcher/patches/Books.java" afterDir="false" />
<change beforePath="$PROJECT_DIR$/src/main/java/me/cooljwb/vulnerabilitypatcher/patches/Chests.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/me/cooljwb/vulnerabilitypatcher/patches/Containers.java" afterDir="false" />
<change beforePath="$PROJECT_DIR$/src/main/java/me/cooljwb/vulnerabilitypatcher/patches/Patches.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/me/cooljwb/vulnerabilitypatcher/patches/Patches.java" afterDir="false" />
<change beforePath="$PROJECT_DIR$/src/main/resources/config.yml" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/resources/config.yml" afterDir="false" />
<change beforePath="$PROJECT_DIR$/src/main/java/me/cooljwb/vulnerabilitypatcher/patches/Crash_Items.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/me/cooljwb/vulnerabilitypatcher/patches/Crash_Items.java" afterDir="false" />
<change beforePath="$PROJECT_DIR$/src/main/java/me/cooljwb/vulnerabilitypatcher/patches/Disconnect_Items.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/me/cooljwb/vulnerabilitypatcher/patches/Disconnect_Items.java" afterDir="false" />
<change beforePath="$PROJECT_DIR$/src/main/resources/plugin.yml" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/resources/plugin.yml" afterDir="false" />
</list>
<option name="EXCLUDED_CONVERTED_TO_IGNORED" value="true" />
<option name="SHOW_DIALOG" value="false" />
<option name="HIGHLIGHT_CONFLICTS" value="true" />
<option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
@ -43,11 +40,6 @@
<item name="" type="6a2764b6:ExternalProjectsStructure$RootNode" />
<item name="VulnerabilityPatcher" type="f1a62948:ProjectNode" />
</path>
<path>
<item name="" type="6a2764b6:ExternalProjectsStructure$RootNode" />
<item name="VulnerabilityPatcher" type="f1a62948:ProjectNode" />
<item name="Source Sets" type="e897c970:GradleViewContributor$SourceSetsNode" />
</path>
<path>
<item name="" type="6a2764b6:ExternalProjectsStructure$RootNode" />
<item name="VulnerabilityPatcher" type="f1a62948:ProjectNode" />
@ -66,9 +58,6 @@
</state>
</system>
</component>
<component name="FavoritesManager">
<favorites_list name="VulnerabilityPatcher" />
</component>
<component name="FileTemplateManagerImpl">
<option name="RECENT_TEMPLATES">
<list>
@ -87,6 +76,10 @@
</component>
<component name="ProjectId" id="1P6hFDIIQNwz5laK1QMMQH1wCha" />
<component name="ProjectLevelVcsManager" settingsEditedManually="true" />
<component name="ProjectViewState">
<option name="hideEmptyMiddlePackages" value="true" />
<option name="showLibraryContents" value="true" />
</component>
<component name="PropertiesComponent">
<property name="SHARE_PROJECT_CONFIGURATION_FILES" value="true" />
<property name="com.android.tools.idea.instantapp.provision.ProvisionBeforeRunTaskProvider.myTimeStamp" value="1565016144369" />
@ -101,18 +94,6 @@
<recent name="D:\DATA\Användare\Skrivbord\Programering\VulnerabilityPatcher\libs" />
</key>
</component>
<component name="RunDashboard">
<option name="ruleStates">
<list>
<RuleState>
<option name="name" value="ConfigurationTypeDashboardGroupingRule" />
</RuleState>
<RuleState>
<option name="name" value="StatusDashboardGroupingRule" />
</RuleState>
</list>
</option>
</component>
<component name="RunManager">
<configuration name="VulnerabilityPatcher build" type="GradleRunConfiguration" factoryName="Gradle">
<ExternalSystemSettings>
@ -145,6 +126,13 @@
<option name="presentableId" value="Default" />
<updated>1557533923338</updated>
</task>
<task id="LOCAL00001" summary="Added a fix to the new item name exploit that makes it possible to make clickable text and, made the chest patch work for all containers and so that books are cleared properly...">
<created>1595202547911</created>
<option name="number" value="LOCAL00001" />
<option name="presentableId" value="LOCAL00001" />
<updated>1595202547911</updated>
</task>
<option name="localTasksCounter" value="2" />
<servers />
</component>
<component name="Vcs.Log.Tabs.Properties">
@ -152,16 +140,33 @@
<map>
<entry key="MAIN">
<value>
<State>
<option name="COLUMN_ORDER" />
</State>
<State />
</value>
</entry>
</map>
</option>
<option name="oldMeFiltersMigrated" value="true" />
</component>
<component name="VcsManagerConfiguration">
<MESSAGE value="Added a fix to the new item name exploit that makes it possible to make clickable text and, made the chest patch work for all containers and so that books are cleared properly..." />
<option name="LAST_COMMIT_MESSAGE" value="Added a fix to the new item name exploit that makes it possible to make clickable text and, made the chest patch work for all containers and so that books are cleared properly..." />
</component>
<component name="WindowStateProjectService">
<state width="1877" height="234" key="GridCell.Tab.0.bottom" timestamp="1597494377255">
<screen x="0" y="0" width="1920" height="1040" />
</state>
<state width="1877" height="234" key="GridCell.Tab.0.bottom/0.0.1920.1040/1920.0.1920.1040@0.0.1920.1040" timestamp="1597494377255" />
<state width="1877" height="234" key="GridCell.Tab.0.center" timestamp="1597494377254">
<screen x="0" y="0" width="1920" height="1040" />
</state>
<state width="1877" height="234" key="GridCell.Tab.0.center/0.0.1920.1040/1920.0.1920.1040@0.0.1920.1040" timestamp="1597494377254" />
<state width="1877" height="234" key="GridCell.Tab.0.left" timestamp="1597494377254">
<screen x="0" y="0" width="1920" height="1040" />
</state>
<state width="1877" height="234" key="GridCell.Tab.0.left/0.0.1920.1040/1920.0.1920.1040@0.0.1920.1040" timestamp="1597494377254" />
<state width="1877" height="234" key="GridCell.Tab.0.right" timestamp="1597494377255">
<screen x="0" y="0" width="1920" height="1040" />
</state>
<state width="1877" height="234" key="GridCell.Tab.0.right/0.0.1920.1040/1920.0.1920.1040@0.0.1920.1040" timestamp="1597494377255" />
</component>
</project>

2
gradle.properties
View file

@ -1,2 +1,2 @@
pluginGroup=me.cooljwb.vulnerabilitypatcher
pluginVersion=v1.8
pluginVersion=v1.9

4
src/main/java/me/cooljwb/vulnerabilitypatcher/modifiers/NBTModifier_1_16.java
View file

@ -26,6 +26,7 @@ import org.bukkit.projectiles.ProjectileSource;
import java.io.File;
import java.util.HashMap;
import java.util.logging.*;
import java.util.regex.Pattern;
/*
* Copyright 2019 CoolJWB
@ -187,13 +188,14 @@ public class NBTModifier_1_16 {
net.minecraft.server.v1_16_R1.ItemStack nmsItemStack = CraftItemStack.asNMSCopy(item);
if(nmsItemStack.getTag() != null) {
Pattern pattern = Pattern.compile("([^a-z0-9/._-])");
NBTTagCompound blockentitytag = nmsItemStack.getTag().getCompound("BlockEntityTag");
NBTTagList itemlist = blockentitytag.getList("Items", 10);
for(int a = 0; a <= itemlist.size(); a++) {
NBTTagCompound itemtag = itemlist.getCompound(a).getCompound("tag");
if(itemtag.toString().contains("translation.test.invalid")) {
if(itemtag.toString().contains("translation.test.invalid") || pattern.matcher(blockentitytag.getString("LootTable")).find()) {
fired_countermeasure("containsCrashItem");
return true;
}

18
src/main/java/me/cooljwb/vulnerabilitypatcher/patches/Crash_Items.java
View file

@ -50,8 +50,9 @@ public class Crash_Items extends Patches implements Listener {
for(int c = 0; c < container.getInventory().getSize(); c++) {
if(container.getInventory().getItem(c) != null) {
if (container.getInventory().getItem(c).isSimilar(event.getItem()))
if (container.getInventory().getItem(c).isSimilar(event.getItem())) {
container.getInventory().getItem(c).setItemMeta(null);
}
}
}
@ -64,8 +65,9 @@ public class Crash_Items extends Patches implements Listener {
for(int c = 0; c < container.getInventory().getSize(); c++) {
if(container.getInventory().getItem(c) != null) {
if (container.getInventory().getItem(c).isSimilar(event.getItem()))
if (container.getInventory().getItem(c).isSimilar(event.getItem())) {
container.getInventory().getItem(c).setItemMeta(null);
}
}
}
@ -79,7 +81,7 @@ public class Crash_Items extends Patches implements Listener {
public void onPlayerInteractEvent(PlayerInteractEvent event) {
ItemStack item = event.getItem();
if(isCrashItem(item)) {
if(isCrashItem(item) || containsCrashItem(item)) {
event.setCancelled(true);
clearItemMeta(event.getItem());
@ -116,19 +118,23 @@ public class Crash_Items extends Patches implements Listener {
Player player = null;
if(event.getWhoClicked() instanceof Player) {
player = Bukkit.getPlayer(event.getWhoClicked().getUniqueId());
if(!event.getEventName().equals("InventoryCreativeEvent"))
if(!event.getEventName().equals("InventoryCreativeEvent")) {
msg(player, SMG.ITEM.msg);
}
}
if(!event.getEventName().equals("InventoryCreativeEvent"))
if(!event.getEventName().equals("InventoryCreativeEvent")) {
notifyViolation(player, "acquire", "crash item", player.getLocation());
}
BukkitScheduler scheduler = Bukkit.getServer().getScheduler();
scheduler.scheduleSyncDelayedTask(main, new Runnable() {
@Override
public void run() {
if(!event.getSlotType().equals(InventoryType.SlotType.OUTSIDE))
if(!event.getSlotType().equals(InventoryType.SlotType.OUTSIDE)) {
event.getWhoClicked().getInventory().getItem(event.getSlot()).setItemMeta(null);
}
}
}, 0L);
}

2
src/main/java/me/cooljwb/vulnerabilitypatcher/patches/Disconnect_Items.java
View file

@ -223,7 +223,7 @@ public class Disconnect_Items extends Patches implements Listener {
StringBuilder inventoryString = new StringBuilder();
for (ItemStack item : container.getInventory().getContents()) {
if(isDisconnectItem(item)) {
if(isDisconnectItem(item) || itemToString(item).length() >= 65535) {
clearItemMeta(item);
}
inventoryString.append(itemToString(item));

2
src/main/resources/plugin.yml
View file

@ -1,5 +1,5 @@
name: VulnerabilityPatcher
version: "1.8"
version: "1.9"
api-version: 1.13
main: me.cooljwb.vulnerabilitypatcher.VulnerabilityPatcher
authors: [CoolJWB]