chipmunk.land-kaboomserver/extras
2
0
Fork 0
forked from kaboomserver/extras
Code Issues Pull requests Projects Releases Packages Wiki Activity

Enforce stricter sender type checks across all player-only commands

Browse source 
Previously it was possible to bypass the "ConsoleCommandSender" check by running the command in a command block, and causing the server to throw an exception in console. Exceptions are bad.
This commit is contained in:
Allink 2023-04-02 00:25:41 +01:00
parent d0246790cb
commit 88298b7007
No known key found for this signature in database
7 changed files with 18 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/main/java/pw/kaboom/extras/commands/CommandEnchantAll.java
View file

@ -5,7 +5,6 @@ import org.bukkit.Material;
import org.bukkit.command.Command;
import org.bukkit.command.CommandExecutor;
import org.bukkit.command.CommandSender;
import org.bukkit.command.ConsoleCommandSender;
import org.bukkit.enchantments.Enchantment;
import org.bukkit.entity.Player;
import org.bukkit.inventory.ItemStack;
@ -17,13 +16,12 @@ public final class CommandEnchantAll implements CommandExecutor {
final @Nonnull Command command,
final @Nonnull String label,
final String[] args) {
if (sender instanceof ConsoleCommandSender) {
if (!(sender instanceof final Player player)) {
sender.sendMessage(Component
.text("Command has to be run by a player"));
return true;
}
final Player player = (Player) sender;
final ItemStack item = player.getInventory().getItemInMainHand();
if (Material.AIR.equals(item.getType())) {

7
src/main/java/pw/kaboom/extras/commands/CommandKaboom.java
View file

@ -19,7 +19,12 @@ public final class CommandKaboom implements CommandExecutor {
final @Nonnull Command command,
final @Nonnull String label,
final String[] args) {
final Player player = (Player) sender;
if (!(sender instanceof final Player player)) {
sender.sendMessage(Component
.text("Command has to be run by a player"));
return true;
}
boolean explode = ThreadLocalRandom.current().nextBoolean();
if (explode) {

8
src/main/java/pw/kaboom/extras/commands/CommandPrefix.java
View file

@ -1,15 +1,15 @@
package pw.kaboom.extras.commands;
import javax.annotation.Nonnull;
import net.kyori.adventure.text.Component;
import net.kyori.adventure.text.format.NamedTextColor;
import org.bukkit.command.Command;
import org.bukkit.command.CommandExecutor;
import org.bukkit.command.CommandSender;
import org.bukkit.command.ConsoleCommandSender;
import org.bukkit.entity.Player;
import pw.kaboom.extras.modules.player.PlayerPrefix;
import javax.annotation.Nonnull;
public final class CommandPrefix implements CommandExecutor {
@ -17,14 +17,12 @@ public final class CommandPrefix implements CommandExecutor {
final @Nonnull Command cmd,
final @Nonnull String label,
final String[] args) {
if (sender instanceof ConsoleCommandSender) {
if (!(sender instanceof final Player player)) {
sender.sendMessage(Component
.text("Command has to be run by a player"));
return true;
}
final Player player = (Player) sender;
if (args.length == 0) {
player.sendMessage(Component
.text("Usage: /" + label + " <prefix|off>",

8
src/main/java/pw/kaboom/extras/commands/CommandSkin.java
View file

@ -1,17 +1,16 @@
package pw.kaboom.extras.commands;
import java.util.HashMap;
import java.util.Map;
import net.kyori.adventure.text.Component;
import net.kyori.adventure.text.format.NamedTextColor;
import org.bukkit.command.Command;
import org.bukkit.command.CommandExecutor;
import org.bukkit.command.CommandSender;
import org.bukkit.command.ConsoleCommandSender;
import org.bukkit.entity.Player;
import pw.kaboom.extras.skin.SkinManager;
import javax.annotation.Nonnull;
import java.util.HashMap;
import java.util.Map;
public final class CommandSkin implements CommandExecutor {
private final Map<Player, Long> lastUsedMillis = new HashMap<>();
@ -21,13 +20,12 @@ public final class CommandSkin implements CommandExecutor {
final @Nonnull Command command,
final @Nonnull String label,
final String[] args) {
if (sender instanceof ConsoleCommandSender) {
if (!(sender instanceof final Player player)) {
sender.sendMessage(Component
.text("Command has to be run by a player"));
return true;
}
final Player player = (Player) sender;
final long millis = lastUsedMillis.getOrDefault(player, 0L);
final long millisDifference = System.currentTimeMillis() - millis;

4
src/main/java/pw/kaboom/extras/commands/CommandSpawn.java
View file

@ -9,7 +9,6 @@ import org.bukkit.block.BlockFace;
import org.bukkit.command.Command;
import org.bukkit.command.CommandExecutor;
import org.bukkit.command.CommandSender;
import org.bukkit.command.ConsoleCommandSender;
import org.bukkit.entity.Player;
import javax.annotation.Nonnull;
@ -19,13 +18,12 @@ public final class CommandSpawn implements CommandExecutor {
final @Nonnull Command command,
final @Nonnull String label,
final String[] args) {
if (sender instanceof ConsoleCommandSender) {
if (!(sender instanceof final Player player)) {
sender.sendMessage(Component
.text("Command has to be run by a player"));
return true;
}
final Player player = (Player) sender;
final World defaultWorld = Bukkit.getWorld("world");
final World world = (defaultWorld == null) ? Bukkit.getWorlds().get(0) : defaultWorld;
final Location spawnLocation = world.getSpawnLocation();

4
src/main/java/pw/kaboom/extras/commands/CommandSpidey.java
View file

@ -6,7 +6,6 @@ import org.bukkit.World;
import org.bukkit.command.Command;
import org.bukkit.command.CommandExecutor;
import org.bukkit.command.CommandSender;
import org.bukkit.command.ConsoleCommandSender;
import org.bukkit.entity.Player;
import org.bukkit.util.BlockIterator;
import org.bukkit.util.Vector;
@ -18,13 +17,12 @@ public final class CommandSpidey implements CommandExecutor {
final @Nonnull Command command,
final @Nonnull String label,
final String[] args) {
if (sender instanceof ConsoleCommandSender) {
if (!(sender instanceof final Player player)) {
sender.sendMessage(Component
.text("Command has to be run by a player"));
return true;
}
final Player player = (Player) sender;
final World world = player.getWorld();
final Vector start = player.getEyeLocation().toVector();
final Vector direction = player.getEyeLocation().getDirection();

8
src/main/java/pw/kaboom/extras/commands/CommandUsername.java
View file

@ -1,8 +1,6 @@
package pw.kaboom.extras.commands;
import com.destroystokyo.paper.profile.PlayerProfile;
import java.util.HashMap;
import java.util.Map;
import net.kyori.adventure.text.Component;
import net.kyori.adventure.text.format.NamedTextColor;
import org.bukkit.Bukkit;
@ -10,10 +8,11 @@ import org.bukkit.ChatColor;
import org.bukkit.command.Command;
import org.bukkit.command.CommandExecutor;
import org.bukkit.command.CommandSender;
import org.bukkit.command.ConsoleCommandSender;
import org.bukkit.entity.Player;
import javax.annotation.Nonnull;
import java.util.HashMap;
import java.util.Map;
public final class CommandUsername implements CommandExecutor {
private final Map<Player, Long> lastUsedMillis = new HashMap<>();
@ -23,13 +22,12 @@ public final class CommandUsername implements CommandExecutor {
final @Nonnull Command command,
final @Nonnull String label,
final String[] args) {
if (sender instanceof ConsoleCommandSender) {
if (!(sender instanceof final Player player)) {
sender.sendMessage(Component
.text("Command has to be run by a player"));
return true;
}
final Player player = (Player) sender;
final String nameColor = ChatColor.translateAlternateColorCodes(
'&', String.join(" ", args));
final String name = nameColor.substring(0, Math.min(16, nameColor.length()));