Enforce stricter sender type checks across all player-only commands

Previously it was possible to bypass the "ConsoleCommandSender" check by running the command in a command block, and causing the server to throw an exception in console. Exceptions are bad.
This commit is contained in:
Allink 2023-04-02 00:25:41 +01:00
parent d0246790cb
commit 88298b7007
No known key found for this signature in database
7 changed files with 18 additions and 25 deletions

View file

@ -5,7 +5,6 @@ import org.bukkit.Material;
import org.bukkit.command.Command; import org.bukkit.command.Command;
import org.bukkit.command.CommandExecutor; import org.bukkit.command.CommandExecutor;
import org.bukkit.command.CommandSender; import org.bukkit.command.CommandSender;
import org.bukkit.command.ConsoleCommandSender;
import org.bukkit.enchantments.Enchantment; import org.bukkit.enchantments.Enchantment;
import org.bukkit.entity.Player; import org.bukkit.entity.Player;
import org.bukkit.inventory.ItemStack; import org.bukkit.inventory.ItemStack;
@ -17,13 +16,12 @@ public final class CommandEnchantAll implements CommandExecutor {
final @Nonnull Command command, final @Nonnull Command command,
final @Nonnull String label, final @Nonnull String label,
final String[] args) { final String[] args) {
if (sender instanceof ConsoleCommandSender) { if (!(sender instanceof final Player player)) {
sender.sendMessage(Component sender.sendMessage(Component
.text("Command has to be run by a player")); .text("Command has to be run by a player"));
return true; return true;
} }
final Player player = (Player) sender;
final ItemStack item = player.getInventory().getItemInMainHand(); final ItemStack item = player.getInventory().getItemInMainHand();
if (Material.AIR.equals(item.getType())) { if (Material.AIR.equals(item.getType())) {

View file

@ -19,7 +19,12 @@ public final class CommandKaboom implements CommandExecutor {
final @Nonnull Command command, final @Nonnull Command command,
final @Nonnull String label, final @Nonnull String label,
final String[] args) { final String[] args) {
final Player player = (Player) sender; if (!(sender instanceof final Player player)) {
sender.sendMessage(Component
.text("Command has to be run by a player"));
return true;
}
boolean explode = ThreadLocalRandom.current().nextBoolean(); boolean explode = ThreadLocalRandom.current().nextBoolean();
if (explode) { if (explode) {

View file

@ -1,15 +1,15 @@
package pw.kaboom.extras.commands; package pw.kaboom.extras.commands;
import javax.annotation.Nonnull;
import net.kyori.adventure.text.Component; import net.kyori.adventure.text.Component;
import net.kyori.adventure.text.format.NamedTextColor; import net.kyori.adventure.text.format.NamedTextColor;
import org.bukkit.command.Command; import org.bukkit.command.Command;
import org.bukkit.command.CommandExecutor; import org.bukkit.command.CommandExecutor;
import org.bukkit.command.CommandSender; import org.bukkit.command.CommandSender;
import org.bukkit.command.ConsoleCommandSender;
import org.bukkit.entity.Player; import org.bukkit.entity.Player;
import pw.kaboom.extras.modules.player.PlayerPrefix; import pw.kaboom.extras.modules.player.PlayerPrefix;
import javax.annotation.Nonnull;
public final class CommandPrefix implements CommandExecutor { public final class CommandPrefix implements CommandExecutor {
@ -17,14 +17,12 @@ public final class CommandPrefix implements CommandExecutor {
final @Nonnull Command cmd, final @Nonnull Command cmd,
final @Nonnull String label, final @Nonnull String label,
final String[] args) { final String[] args) {
if (sender instanceof ConsoleCommandSender) { if (!(sender instanceof final Player player)) {
sender.sendMessage(Component sender.sendMessage(Component
.text("Command has to be run by a player")); .text("Command has to be run by a player"));
return true; return true;
} }
final Player player = (Player) sender;
if (args.length == 0) { if (args.length == 0) {
player.sendMessage(Component player.sendMessage(Component
.text("Usage: /" + label + " <prefix|off>", .text("Usage: /" + label + " <prefix|off>",

View file

@ -1,17 +1,16 @@
package pw.kaboom.extras.commands; package pw.kaboom.extras.commands;
import java.util.HashMap;
import java.util.Map;
import net.kyori.adventure.text.Component; import net.kyori.adventure.text.Component;
import net.kyori.adventure.text.format.NamedTextColor; import net.kyori.adventure.text.format.NamedTextColor;
import org.bukkit.command.Command; import org.bukkit.command.Command;
import org.bukkit.command.CommandExecutor; import org.bukkit.command.CommandExecutor;
import org.bukkit.command.CommandSender; import org.bukkit.command.CommandSender;
import org.bukkit.command.ConsoleCommandSender;
import org.bukkit.entity.Player; import org.bukkit.entity.Player;
import pw.kaboom.extras.skin.SkinManager; import pw.kaboom.extras.skin.SkinManager;
import javax.annotation.Nonnull; import javax.annotation.Nonnull;
import java.util.HashMap;
import java.util.Map;
public final class CommandSkin implements CommandExecutor { public final class CommandSkin implements CommandExecutor {
private final Map<Player, Long> lastUsedMillis = new HashMap<>(); private final Map<Player, Long> lastUsedMillis = new HashMap<>();
@ -21,13 +20,12 @@ public final class CommandSkin implements CommandExecutor {
final @Nonnull Command command, final @Nonnull Command command,
final @Nonnull String label, final @Nonnull String label,
final String[] args) { final String[] args) {
if (sender instanceof ConsoleCommandSender) { if (!(sender instanceof final Player player)) {
sender.sendMessage(Component sender.sendMessage(Component
.text("Command has to be run by a player")); .text("Command has to be run by a player"));
return true; return true;
} }
final Player player = (Player) sender;
final long millis = lastUsedMillis.getOrDefault(player, 0L); final long millis = lastUsedMillis.getOrDefault(player, 0L);
final long millisDifference = System.currentTimeMillis() - millis; final long millisDifference = System.currentTimeMillis() - millis;

View file

@ -9,7 +9,6 @@ import org.bukkit.block.BlockFace;
import org.bukkit.command.Command; import org.bukkit.command.Command;
import org.bukkit.command.CommandExecutor; import org.bukkit.command.CommandExecutor;
import org.bukkit.command.CommandSender; import org.bukkit.command.CommandSender;
import org.bukkit.command.ConsoleCommandSender;
import org.bukkit.entity.Player; import org.bukkit.entity.Player;
import javax.annotation.Nonnull; import javax.annotation.Nonnull;
@ -19,13 +18,12 @@ public final class CommandSpawn implements CommandExecutor {
final @Nonnull Command command, final @Nonnull Command command,
final @Nonnull String label, final @Nonnull String label,
final String[] args) { final String[] args) {
if (sender instanceof ConsoleCommandSender) { if (!(sender instanceof final Player player)) {
sender.sendMessage(Component sender.sendMessage(Component
.text("Command has to be run by a player")); .text("Command has to be run by a player"));
return true; return true;
} }
final Player player = (Player) sender;
final World defaultWorld = Bukkit.getWorld("world"); final World defaultWorld = Bukkit.getWorld("world");
final World world = (defaultWorld == null) ? Bukkit.getWorlds().get(0) : defaultWorld; final World world = (defaultWorld == null) ? Bukkit.getWorlds().get(0) : defaultWorld;
final Location spawnLocation = world.getSpawnLocation(); final Location spawnLocation = world.getSpawnLocation();

View file

@ -6,7 +6,6 @@ import org.bukkit.World;
import org.bukkit.command.Command; import org.bukkit.command.Command;
import org.bukkit.command.CommandExecutor; import org.bukkit.command.CommandExecutor;
import org.bukkit.command.CommandSender; import org.bukkit.command.CommandSender;
import org.bukkit.command.ConsoleCommandSender;
import org.bukkit.entity.Player; import org.bukkit.entity.Player;
import org.bukkit.util.BlockIterator; import org.bukkit.util.BlockIterator;
import org.bukkit.util.Vector; import org.bukkit.util.Vector;
@ -18,13 +17,12 @@ public final class CommandSpidey implements CommandExecutor {
final @Nonnull Command command, final @Nonnull Command command,
final @Nonnull String label, final @Nonnull String label,
final String[] args) { final String[] args) {
if (sender instanceof ConsoleCommandSender) { if (!(sender instanceof final Player player)) {
sender.sendMessage(Component sender.sendMessage(Component
.text("Command has to be run by a player")); .text("Command has to be run by a player"));
return true; return true;
} }
final Player player = (Player) sender;
final World world = player.getWorld(); final World world = player.getWorld();
final Vector start = player.getEyeLocation().toVector(); final Vector start = player.getEyeLocation().toVector();
final Vector direction = player.getEyeLocation().getDirection(); final Vector direction = player.getEyeLocation().getDirection();

View file

@ -1,8 +1,6 @@
package pw.kaboom.extras.commands; package pw.kaboom.extras.commands;
import com.destroystokyo.paper.profile.PlayerProfile; import com.destroystokyo.paper.profile.PlayerProfile;
import java.util.HashMap;
import java.util.Map;
import net.kyori.adventure.text.Component; import net.kyori.adventure.text.Component;
import net.kyori.adventure.text.format.NamedTextColor; import net.kyori.adventure.text.format.NamedTextColor;
import org.bukkit.Bukkit; import org.bukkit.Bukkit;
@ -10,10 +8,11 @@ import org.bukkit.ChatColor;
import org.bukkit.command.Command; import org.bukkit.command.Command;
import org.bukkit.command.CommandExecutor; import org.bukkit.command.CommandExecutor;
import org.bukkit.command.CommandSender; import org.bukkit.command.CommandSender;
import org.bukkit.command.ConsoleCommandSender;
import org.bukkit.entity.Player; import org.bukkit.entity.Player;
import javax.annotation.Nonnull; import javax.annotation.Nonnull;
import java.util.HashMap;
import java.util.Map;
public final class CommandUsername implements CommandExecutor { public final class CommandUsername implements CommandExecutor {
private final Map<Player, Long> lastUsedMillis = new HashMap<>(); private final Map<Player, Long> lastUsedMillis = new HashMap<>();
@ -23,13 +22,12 @@ public final class CommandUsername implements CommandExecutor {
final @Nonnull Command command, final @Nonnull Command command,
final @Nonnull String label, final @Nonnull String label,
final String[] args) { final String[] args) {
if (sender instanceof ConsoleCommandSender) { if (!(sender instanceof final Player player)) {
sender.sendMessage(Component sender.sendMessage(Component
.text("Command has to be run by a player")); .text("Command has to be run by a player"));
return true; return true;
} }
final Player player = (Player) sender;
final String nameColor = ChatColor.translateAlternateColorCodes( final String nameColor = ChatColor.translateAlternateColorCodes(
'&', String.join(" ", args)); '&', String.join(" ", args));
final String name = nameColor.substring(0, Math.min(16, nameColor.length())); final String name = nameColor.substring(0, Math.min(16, nameColor.length()));