From e24206932bd04c6cf25f5f0f11915493c4e60976 Mon Sep 17 00:00:00 2001
From: mathiascode <mail@mathias.is>
Date: Sun, 22 Sep 2019 02:46:15 +0300
Subject: [PATCH] Command checker improvements

---
 .../kaboom/extras/commands/CommandSkin.java   | 19 +++----
 .../extras/commands/CommandUsername.java      | 19 +++----
 .../extras/modules/player/PlayerChat.java     | 17 +++++++
 .../extras/modules/player/PlayerCommand.java  | 38 ++++++++++----
 .../modules/player/PlayerConnection.java      | 23 +++------
 .../extras/modules/server/ServerCommand.java  | 49 ++++++++++++++-----
 6 files changed, 101 insertions(+), 64 deletions(-)

diff --git a/src/main/java/pw/kaboom/extras/commands/CommandSkin.java b/src/main/java/pw/kaboom/extras/commands/CommandSkin.java
index b7ffa3d..8bf15f9 100644
--- a/src/main/java/pw/kaboom/extras/commands/CommandSkin.java
+++ b/src/main/java/pw/kaboom/extras/commands/CommandSkin.java
@@ -38,25 +38,18 @@ class CommandSkin implements CommandExecutor {
 				public void run() {
 					try {
 						final URL skinUrl = new URL("https://api.ashcon.app/mojang/v2/user/" + name);
-						final HttpsURLConnection premiumCheck = (HttpsURLConnection) skinUrl.openConnection();
-						premiumCheck.setConnectTimeout(0);
-						premiumCheck.setRequestMethod("HEAD");
-						premiumCheck.setDefaultUseCaches(false);
-						premiumCheck.setUseCaches(false);
+						final HttpsURLConnection skinConnection = (HttpsURLConnection) skinUrl.openConnection();
+						skinConnection.setConnectTimeout(0);
+						skinConnection.setDefaultUseCaches(false);
+						skinConnection.setUseCaches(false);
 
-						if (premiumCheck.getResponseCode() == HttpsURLConnection.HTTP_OK) {
-							final HttpsURLConnection skinConnection = (HttpsURLConnection) skinUrl.openConnection();
-							skinConnection.setConnectTimeout(0);
-							skinConnection.setDefaultUseCaches(false);
-							skinConnection.setUseCaches(false);
+						if (skinConnection.getResponseCode() == HttpsURLConnection.HTTP_OK) {
 							final InputStreamReader skinStream = new InputStreamReader(skinConnection.getInputStream());
 							final JsonObject response = new JsonParser().parse(skinStream).getAsJsonObject();
-							final String uuid = response.get("uuid").getAsString();
 							final JsonObject rawSkin = response.getAsJsonObject("textures").getAsJsonObject("raw");
 							final String texture = rawSkin.get("value").getAsString();
 							final String signature = rawSkin.get("signature").getAsString();
 							skinStream.close();
-							skinConnection.disconnect();
 
 							final PlayerProfile textureProfile = player.getPlayerProfile();
 							textureProfile.clearProperties();
@@ -72,7 +65,7 @@ class CommandSkin implements CommandExecutor {
 							player.sendMessage("A player with that username doesn't exist");
 						}
 
-						premiumCheck.disconnect();
+						skinConnection.disconnect();
 					} catch (Exception exception) {
 					}
 				}
diff --git a/src/main/java/pw/kaboom/extras/commands/CommandUsername.java b/src/main/java/pw/kaboom/extras/commands/CommandUsername.java
index b40f789..aef2e5f 100644
--- a/src/main/java/pw/kaboom/extras/commands/CommandUsername.java
+++ b/src/main/java/pw/kaboom/extras/commands/CommandUsername.java
@@ -45,28 +45,21 @@ class CommandUsername implements CommandExecutor {
 						final String nameShort = nameColor.substring(0, Math.min(16, nameColor.length()));
 
 						final URL skinUrl = new URL("https://api.ashcon.app/mojang/v2/user/" + nameShort);
-						final HttpsURLConnection premiumCheck = (HttpsURLConnection) skinUrl.openConnection();
-						premiumCheck.setConnectTimeout(0);
-						premiumCheck.setRequestMethod("HEAD");
-						premiumCheck.setDefaultUseCaches(false);
-						premiumCheck.setUseCaches(false);
+						final HttpsURLConnection skinConnection = (HttpsURLConnection) skinUrl.openConnection();
+						skinConnection.setConnectTimeout(0);
+						skinConnection.setDefaultUseCaches(false);
+						skinConnection.setUseCaches(false);
 
-						if (premiumCheck.getResponseCode() == HttpsURLConnection.HTTP_OK) {
-							final HttpsURLConnection skinConnection = (HttpsURLConnection) skinUrl.openConnection();
-							skinConnection.setConnectTimeout(0);
-							skinConnection.setDefaultUseCaches(false);
-							skinConnection.setUseCaches(false);
+						if (skinConnection.getResponseCode() == HttpsURLConnection.HTTP_OK) {
 							final InputStreamReader skinStream = new InputStreamReader(skinConnection.getInputStream());
 							final JsonObject response = new JsonParser().parse(skinStream).getAsJsonObject();
-							final String uuid = response.get("uuid").getAsString();
 							final JsonObject rawSkin = response.getAsJsonObject("textures").getAsJsonObject("raw");
 							texture = rawSkin.get("value").getAsString();
 							signature = rawSkin.get("signature").getAsString();
 							skinStream.close();
-							skinConnection.disconnect();
 						}
 
-						premiumCheck.disconnect();
+						skinConnection.disconnect();
 
 						final PlayerProfile profile = player.getPlayerProfile();
 						profile.setName(nameShort);
diff --git a/src/main/java/pw/kaboom/extras/modules/player/PlayerChat.java b/src/main/java/pw/kaboom/extras/modules/player/PlayerChat.java
index 7e3d885..835ea0f 100644
--- a/src/main/java/pw/kaboom/extras/modules/player/PlayerChat.java
+++ b/src/main/java/pw/kaboom/extras/modules/player/PlayerChat.java
@@ -1,5 +1,7 @@
 package pw.kaboom.extras;
 
+import java.util.UUID;
+
 import org.bukkit.ChatColor;
 
 import org.bukkit.entity.Player;
@@ -18,6 +20,21 @@ class PlayerChat implements Listener {
 	@EventHandler
 	void onAsyncPlayerChat(AsyncPlayerChatEvent event) {
 		final Player player = event.getPlayer();
+		final UUID playerUuid = event.getPlayer().getUniqueId();
+		
+		if (main.commandMillisList.get(playerUuid) != null) {
+			final long millisDifference = System.currentTimeMillis() - main.commandMillisList.get(playerUuid);
+	
+			if (millisDifference < 20) {
+				event.setCancelled(true);
+			}
+		}
+		
+		main.commandMillisList.put(playerUuid, System.currentTimeMillis());
+		
+		if (event.isCancelled()) {
+			return;
+		}
 
 		if (main.getConfig().getString(player.getUniqueId().toString()) != null) {
 			final String prefix = ChatColor.translateAlternateColorCodes(
diff --git a/src/main/java/pw/kaboom/extras/modules/player/PlayerCommand.java b/src/main/java/pw/kaboom/extras/modules/player/PlayerCommand.java
index ecc242d..1ea93f6 100644
--- a/src/main/java/pw/kaboom/extras/modules/player/PlayerCommand.java
+++ b/src/main/java/pw/kaboom/extras/modules/player/PlayerCommand.java
@@ -42,17 +42,35 @@ class PlayerCommand implements Listener {
 		if (("/minecraft:execute".equals(arr[0].toLowerCase()) ||
 			"/execute".equals(arr[0].toLowerCase())) &&
 			arr.length >= 2) {
-			final StringBuilder stringBuilder = new StringBuilder();
-
 			for (int i = 1; i < arr.length; i++) {
-				stringBuilder.append(arr[i]).append(" ");
-			}
-			if (stringBuilder.toString().toLowerCase().contains("run execute") ||
-				stringBuilder.toString().toLowerCase().contains("run gamerule randomtickspeed") ||
-				stringBuilder.toString().toLowerCase().contains("run particle") ||
-				stringBuilder.toString().toLowerCase().contains("run save-off") ||
-				stringBuilder.toString().toLowerCase().contains("run stop")) {
-				event.setCancelled(true);
+				if ("as".equalsIgnoreCase(arr[i]) ||
+					"at".equalsIgnoreCase(arr[i])) {
+					for (int i2 = i+1; i2 < arr.length; i2++) {
+						if ("at".equalsIgnoreCase(arr[i2]) ||
+							"as".equalsIgnoreCase(arr[i2])) {
+							Command.broadcastCommandMessage(event.getPlayer(), "Forbidden execute pattern detected");
+							event.setCancelled(true);
+							break;
+						}
+					}
+				} else if (i+1 < arr.length &&
+					"run".equalsIgnoreCase(arr[i])) {
+					if ("execute".equalsIgnoreCase(arr[i+1]) ||
+						"particle".equalsIgnoreCase(arr[i+1]) ||
+						"save-off".equalsIgnoreCase(arr[i+1]) ||
+						"stop".equalsIgnoreCase(arr[i+1])) {
+						Command.broadcastCommandMessage(event.getPlayer(), "Forbidden execute command detected");
+						event.setCancelled(true);
+						break;
+					} else if (i+3 < arr.length &&
+						"gamerule".equalsIgnoreCase(arr[i+1])) {
+						if ("randomTickSpeed".equalsIgnoreCase(arr[i+2]) &&
+							Double.parseDouble(arr[i+3]) > 6) {
+							event.setMessage(command.replaceFirst("(?i)" + "randomTickSpeed " + arr[i+3], "randomTickSpeed 6"));
+							break;
+						}
+					}
+				}
 			}
 		} else if (("/minecraft:gamerule".equalsIgnoreCase(arr[0]) ||
 			"/gamerule".equalsIgnoreCase(arr[0])) &&
diff --git a/src/main/java/pw/kaboom/extras/modules/player/PlayerConnection.java b/src/main/java/pw/kaboom/extras/modules/player/PlayerConnection.java
index 29432f4..1c9dda1 100644
--- a/src/main/java/pw/kaboom/extras/modules/player/PlayerConnection.java
+++ b/src/main/java/pw/kaboom/extras/modules/player/PlayerConnection.java
@@ -50,7 +50,7 @@ class PlayerConnection implements Listener {
 			return;
 		}
 
-		for (final World world : Bukkit.getWorlds()) {
+		/*for (final World world : Bukkit.getWorlds()) {
 			for (final Chunk chunk : world.getLoadedChunks()) {
 				try {
 					chunk.getTileEntities(false);
@@ -62,7 +62,7 @@ class PlayerConnection implements Listener {
 					}.runTask(main);
 				}
 			}
-		}
+		}*/
 	}
 
 	@EventHandler
@@ -127,25 +127,18 @@ class PlayerConnection implements Listener {
 			public void run() {
 				try {
 					final URL skinUrl = new URL("https://api.ashcon.app/mojang/v2/user/" + player.getName());
-					final HttpsURLConnection premiumCheck = (HttpsURLConnection) skinUrl.openConnection();
-					premiumCheck.setConnectTimeout(0);
-					premiumCheck.setRequestMethod("HEAD");
-					premiumCheck.setDefaultUseCaches(false);
-					premiumCheck.setUseCaches(false);
+					final HttpsURLConnection skinConnection = (HttpsURLConnection) skinUrl.openConnection();
+					skinConnection.setConnectTimeout(0);
+					skinConnection.setDefaultUseCaches(false);
+					skinConnection.setUseCaches(false);
 
-					if (premiumCheck.getResponseCode() == HttpsURLConnection.HTTP_OK) {
-						final HttpsURLConnection skinConnection = (HttpsURLConnection) skinUrl.openConnection();
-						skinConnection.setConnectTimeout(0);
-						skinConnection.setDefaultUseCaches(false);
-						skinConnection.setUseCaches(false);
+					if (skinConnection.getResponseCode() == HttpsURLConnection.HTTP_OK) {
 						final InputStreamReader skinStream = new InputStreamReader(skinConnection.getInputStream());
 						final JsonObject response = new JsonParser().parse(skinStream).getAsJsonObject();
-						final String uuid = response.get("uuid").getAsString();
 						final JsonObject rawSkin = response.getAsJsonObject("textures").getAsJsonObject("raw");
 						final String texture = rawSkin.get("value").getAsString();
 						final String signature = rawSkin.get("signature").getAsString();
 						skinStream.close();
-						skinConnection.disconnect();
 
 						final PlayerProfile textureProfile = player.getPlayerProfile();
 						textureProfile.clearProperties();
@@ -158,7 +151,7 @@ class PlayerConnection implements Listener {
 						}.runTask(main);
 					}
 
-					premiumCheck.disconnect();
+					skinConnection.disconnect();
 				} catch (Exception exception) {
 				}
 			}
diff --git a/src/main/java/pw/kaboom/extras/modules/server/ServerCommand.java b/src/main/java/pw/kaboom/extras/modules/server/ServerCommand.java
index 36c4d53..b3f75d8 100644
--- a/src/main/java/pw/kaboom/extras/modules/server/ServerCommand.java
+++ b/src/main/java/pw/kaboom/extras/modules/server/ServerCommand.java
@@ -8,6 +8,7 @@ import org.bukkit.command.Command;
 import org.bukkit.event.EventHandler;
 import org.bukkit.event.Listener;
 
+import org.bukkit.event.server.RemoteServerCommandEvent;
 import org.bukkit.event.server.ServerCommandEvent;
 
 class ServerCommand implements Listener {
@@ -21,22 +22,44 @@ class ServerCommand implements Listener {
 		final String[] arr = event.getCommand().split(" ");
 		final String command = event.getCommand();
 
-		if (main.consoleCommandBlacklist.contains(arr[0].toLowerCase())) {
-			event.setCancelled(true);
-		} else if (("minecraft:execute".equals(arr[0].toLowerCase()) ||
+		if (event.getSender() instanceof BlockCommandSender) {
+			if (main.consoleCommandBlacklist.contains(arr[0].toLowerCase())) {
+				event.setCancelled(true);
+			}
+		}
+		
+		if (("minecraft:execute".equals(arr[0].toLowerCase()) ||
 			"execute".equals(arr[0].toLowerCase())) &&
 			arr.length >= 2) {
-			final StringBuilder stringBuilder = new StringBuilder();
-
 			for (int i = 1; i < arr.length; i++) {
-				stringBuilder.append(arr[i]).append(" ");
-			}
-			if (stringBuilder.toString().toLowerCase().contains("run execute") ||
-				stringBuilder.toString().toLowerCase().contains("run gamerule randomtickspeed") ||
-				stringBuilder.toString().toLowerCase().contains("run particle") ||
-				stringBuilder.toString().toLowerCase().contains("run save-off") ||
-				stringBuilder.toString().toLowerCase().contains("run stop")) {
-				event.setCancelled(true);
+				if ("as".equalsIgnoreCase(arr[i]) ||
+					"at".equalsIgnoreCase(arr[i])) {
+					for (int i2 = i+1; i2 < arr.length; i2++) {
+						if ("at".equalsIgnoreCase(arr[i2]) ||
+							"as".equalsIgnoreCase(arr[i2])) {
+							Command.broadcastCommandMessage(event.getSender(), "Forbidden execute pattern detected");
+							event.setCancelled(true);
+							break;
+						}
+					}
+				} else if (i+1 < arr.length &&
+					"run".equalsIgnoreCase(arr[i])) {
+					if ("execute".equalsIgnoreCase(arr[i+1]) ||
+						"particle".equalsIgnoreCase(arr[i+1]) ||
+						"save-off".equalsIgnoreCase(arr[i+1]) ||
+						"stop".equalsIgnoreCase(arr[i+1])) {
+						Command.broadcastCommandMessage(event.getSender(), "Forbidden execute command detected");
+						event.setCancelled(true);
+						break;
+					} else if (i+3 < arr.length &&
+						"gamerule".equalsIgnoreCase(arr[i+1])) {
+						if ("randomTickSpeed".equalsIgnoreCase(arr[i+2]) &&
+							Double.parseDouble(arr[i+3]) > 6) {
+							event.setCommand(command.replaceFirst("(?i)" + "randomTickSpeed " + arr[i+3], "randomTickSpeed 6"));
+							break;
+						}
+					}
+				}
 			}
 		} else if (("minecraft:gamerule".equalsIgnoreCase(arr[0]) ||
 			"gamerule".equalsIgnoreCase(arr[0])) &&