From 88298b7007aa951b7faebf18d4564635fd24b619 Mon Sep 17 00:00:00 2001 From: Allink Date: Sun, 2 Apr 2023 00:25:41 +0100 Subject: [PATCH] Enforce stricter sender type checks across all player-only commands Previously it was possible to bypass the "ConsoleCommandSender" check by running the command in a command block, and causing the server to throw an exception in console. Exceptions are bad. --- .../java/pw/kaboom/extras/commands/CommandEnchantAll.java | 4 +--- .../java/pw/kaboom/extras/commands/CommandKaboom.java | 7 ++++++- .../java/pw/kaboom/extras/commands/CommandPrefix.java | 8 +++----- src/main/java/pw/kaboom/extras/commands/CommandSkin.java | 8 +++----- src/main/java/pw/kaboom/extras/commands/CommandSpawn.java | 4 +--- .../java/pw/kaboom/extras/commands/CommandSpidey.java | 4 +--- .../java/pw/kaboom/extras/commands/CommandUsername.java | 8 +++----- 7 files changed, 18 insertions(+), 25 deletions(-) diff --git a/src/main/java/pw/kaboom/extras/commands/CommandEnchantAll.java b/src/main/java/pw/kaboom/extras/commands/CommandEnchantAll.java index ec04c5f..70e64e2 100644 --- a/src/main/java/pw/kaboom/extras/commands/CommandEnchantAll.java +++ b/src/main/java/pw/kaboom/extras/commands/CommandEnchantAll.java @@ -5,7 +5,6 @@ import org.bukkit.Material; import org.bukkit.command.Command; import org.bukkit.command.CommandExecutor; import org.bukkit.command.CommandSender; -import org.bukkit.command.ConsoleCommandSender; import org.bukkit.enchantments.Enchantment; import org.bukkit.entity.Player; import org.bukkit.inventory.ItemStack; @@ -17,13 +16,12 @@ public final class CommandEnchantAll implements CommandExecutor { final @Nonnull Command command, final @Nonnull String label, final String[] args) { - if (sender instanceof ConsoleCommandSender) { + if (!(sender instanceof final Player player)) { sender.sendMessage(Component .text("Command has to be run by a player")); return true; } - final Player player = (Player) sender; final ItemStack item = player.getInventory().getItemInMainHand(); if (Material.AIR.equals(item.getType())) { diff --git a/src/main/java/pw/kaboom/extras/commands/CommandKaboom.java b/src/main/java/pw/kaboom/extras/commands/CommandKaboom.java index ede8fdc..2a8a22c 100644 --- a/src/main/java/pw/kaboom/extras/commands/CommandKaboom.java +++ b/src/main/java/pw/kaboom/extras/commands/CommandKaboom.java @@ -19,7 +19,12 @@ public final class CommandKaboom implements CommandExecutor { final @Nonnull Command command, final @Nonnull String label, final String[] args) { - final Player player = (Player) sender; + if (!(sender instanceof final Player player)) { + sender.sendMessage(Component + .text("Command has to be run by a player")); + return true; + } + boolean explode = ThreadLocalRandom.current().nextBoolean(); if (explode) { diff --git a/src/main/java/pw/kaboom/extras/commands/CommandPrefix.java b/src/main/java/pw/kaboom/extras/commands/CommandPrefix.java index e62c907..c89d0e4 100644 --- a/src/main/java/pw/kaboom/extras/commands/CommandPrefix.java +++ b/src/main/java/pw/kaboom/extras/commands/CommandPrefix.java @@ -1,15 +1,15 @@ package pw.kaboom.extras.commands; -import javax.annotation.Nonnull; import net.kyori.adventure.text.Component; import net.kyori.adventure.text.format.NamedTextColor; import org.bukkit.command.Command; import org.bukkit.command.CommandExecutor; import org.bukkit.command.CommandSender; -import org.bukkit.command.ConsoleCommandSender; import org.bukkit.entity.Player; import pw.kaboom.extras.modules.player.PlayerPrefix; +import javax.annotation.Nonnull; + public final class CommandPrefix implements CommandExecutor { @@ -17,14 +17,12 @@ public final class CommandPrefix implements CommandExecutor { final @Nonnull Command cmd, final @Nonnull String label, final String[] args) { - if (sender instanceof ConsoleCommandSender) { + if (!(sender instanceof final Player player)) { sender.sendMessage(Component .text("Command has to be run by a player")); return true; } - final Player player = (Player) sender; - if (args.length == 0) { player.sendMessage(Component .text("Usage: /" + label + " ", diff --git a/src/main/java/pw/kaboom/extras/commands/CommandSkin.java b/src/main/java/pw/kaboom/extras/commands/CommandSkin.java index 204f7a2..09f6fd6 100644 --- a/src/main/java/pw/kaboom/extras/commands/CommandSkin.java +++ b/src/main/java/pw/kaboom/extras/commands/CommandSkin.java @@ -1,17 +1,16 @@ package pw.kaboom.extras.commands; -import java.util.HashMap; -import java.util.Map; import net.kyori.adventure.text.Component; import net.kyori.adventure.text.format.NamedTextColor; import org.bukkit.command.Command; import org.bukkit.command.CommandExecutor; import org.bukkit.command.CommandSender; -import org.bukkit.command.ConsoleCommandSender; import org.bukkit.entity.Player; import pw.kaboom.extras.skin.SkinManager; import javax.annotation.Nonnull; +import java.util.HashMap; +import java.util.Map; public final class CommandSkin implements CommandExecutor { private final Map lastUsedMillis = new HashMap<>(); @@ -21,13 +20,12 @@ public final class CommandSkin implements CommandExecutor { final @Nonnull Command command, final @Nonnull String label, final String[] args) { - if (sender instanceof ConsoleCommandSender) { + if (!(sender instanceof final Player player)) { sender.sendMessage(Component .text("Command has to be run by a player")); return true; } - final Player player = (Player) sender; final long millis = lastUsedMillis.getOrDefault(player, 0L); final long millisDifference = System.currentTimeMillis() - millis; diff --git a/src/main/java/pw/kaboom/extras/commands/CommandSpawn.java b/src/main/java/pw/kaboom/extras/commands/CommandSpawn.java index 6d9456f..c0b5b0e 100644 --- a/src/main/java/pw/kaboom/extras/commands/CommandSpawn.java +++ b/src/main/java/pw/kaboom/extras/commands/CommandSpawn.java @@ -9,7 +9,6 @@ import org.bukkit.block.BlockFace; import org.bukkit.command.Command; import org.bukkit.command.CommandExecutor; import org.bukkit.command.CommandSender; -import org.bukkit.command.ConsoleCommandSender; import org.bukkit.entity.Player; import javax.annotation.Nonnull; @@ -19,13 +18,12 @@ public final class CommandSpawn implements CommandExecutor { final @Nonnull Command command, final @Nonnull String label, final String[] args) { - if (sender instanceof ConsoleCommandSender) { + if (!(sender instanceof final Player player)) { sender.sendMessage(Component .text("Command has to be run by a player")); return true; } - final Player player = (Player) sender; final World defaultWorld = Bukkit.getWorld("world"); final World world = (defaultWorld == null) ? Bukkit.getWorlds().get(0) : defaultWorld; final Location spawnLocation = world.getSpawnLocation(); diff --git a/src/main/java/pw/kaboom/extras/commands/CommandSpidey.java b/src/main/java/pw/kaboom/extras/commands/CommandSpidey.java index bb48e99..f2e1159 100644 --- a/src/main/java/pw/kaboom/extras/commands/CommandSpidey.java +++ b/src/main/java/pw/kaboom/extras/commands/CommandSpidey.java @@ -6,7 +6,6 @@ import org.bukkit.World; import org.bukkit.command.Command; import org.bukkit.command.CommandExecutor; import org.bukkit.command.CommandSender; -import org.bukkit.command.ConsoleCommandSender; import org.bukkit.entity.Player; import org.bukkit.util.BlockIterator; import org.bukkit.util.Vector; @@ -18,13 +17,12 @@ public final class CommandSpidey implements CommandExecutor { final @Nonnull Command command, final @Nonnull String label, final String[] args) { - if (sender instanceof ConsoleCommandSender) { + if (!(sender instanceof final Player player)) { sender.sendMessage(Component .text("Command has to be run by a player")); return true; } - final Player player = (Player) sender; final World world = player.getWorld(); final Vector start = player.getEyeLocation().toVector(); final Vector direction = player.getEyeLocation().getDirection(); diff --git a/src/main/java/pw/kaboom/extras/commands/CommandUsername.java b/src/main/java/pw/kaboom/extras/commands/CommandUsername.java index 4c9de77..6a0ee6a 100644 --- a/src/main/java/pw/kaboom/extras/commands/CommandUsername.java +++ b/src/main/java/pw/kaboom/extras/commands/CommandUsername.java @@ -1,8 +1,6 @@ package pw.kaboom.extras.commands; import com.destroystokyo.paper.profile.PlayerProfile; -import java.util.HashMap; -import java.util.Map; import net.kyori.adventure.text.Component; import net.kyori.adventure.text.format.NamedTextColor; import org.bukkit.Bukkit; @@ -10,10 +8,11 @@ import org.bukkit.ChatColor; import org.bukkit.command.Command; import org.bukkit.command.CommandExecutor; import org.bukkit.command.CommandSender; -import org.bukkit.command.ConsoleCommandSender; import org.bukkit.entity.Player; import javax.annotation.Nonnull; +import java.util.HashMap; +import java.util.Map; public final class CommandUsername implements CommandExecutor { private final Map lastUsedMillis = new HashMap<>(); @@ -23,13 +22,12 @@ public final class CommandUsername implements CommandExecutor { final @Nonnull Command command, final @Nonnull String label, final String[] args) { - if (sender instanceof ConsoleCommandSender) { + if (!(sender instanceof final Player player)) { sender.sendMessage(Component .text("Command has to be run by a player")); return true; } - final Player player = (Player) sender; final String nameColor = ChatColor.translateAlternateColorCodes( '&', String.join(" ", args)); final String name = nameColor.substring(0, Math.min(16, nameColor.length()));