Fix exploits (#1)

* Fix distance exploit

* fix forceload on execute

* IDE break or smth idk

* fix auto:2b on fill

* fix auto:2b on fill

* block setblock on execute

* block debug on execute

* block datapack on execute

* block datapack and minecraft:datapack

* block summon on execute

* Remove the ability for entity selectors to be used in /say

* Increase chat delay from 5ms to 50ms

* remove debug

* maven checkstyle bypass

* solve conflicts I think idk if this will work since github

* maven checkstyle

* yes.

* Remove extra whitespace

* patch funny reload commands

* amazing

* whoops

* yet another crash exploit

* added to commands.yml

* convert spaces to tabs

Co-authored-by: arclicious <arclicious@vivaldi.net>
Co-authored-by: Business Goose <44676012+business-goose@users.noreply.github.com>
This commit is contained in:
Apmunute 2020-12-12 15:00:19 -03:00 committed by GitHub
parent 6568b2e87d
commit 7f33a50977
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 42 additions and 27 deletions

View file

@ -28,7 +28,7 @@ public final class PlayerChat implements Listener {
if (PlayerCommand.getCommandMillisList().get(playerUuid) != null) { if (PlayerCommand.getCommandMillisList().get(playerUuid) != null) {
final long millisDifference = System.currentTimeMillis() - PlayerCommand.getCommandMillisList().get(playerUuid); final long millisDifference = System.currentTimeMillis() - PlayerCommand.getCommandMillisList().get(playerUuid);
if (millisDifference < 5) { if (millisDifference < 50) {
event.setCancelled(true); event.setCancelled(true);
} }
} }

View file

@ -9,6 +9,33 @@ import org.bukkit.event.Listener;
import org.bukkit.event.server.ServerCommandEvent; import org.bukkit.event.server.ServerCommandEvent;
public final class ServerCommand implements Listener { public final class ServerCommand implements Listener {
public static boolean checkExecuteCommand(final String cmd) {
return ("execute".equalsIgnoreCase(cmd)
|| "clone".equalsIgnoreCase(cmd)
|| "data".equalsIgnoreCase(cmd)
|| "datapack".equalsIgnoreCase(cmd)
|| "debug".equalsIgnoreCase(cmd)
|| "fill".equalsIgnoreCase(cmd)
|| "forceload".equalsIgnoreCase(cmd)
|| "kick".equalsIgnoreCase(cmd)
|| "me".equalsIgnoreCase(cmd)
|| "msg".equalsIgnoreCase(cmd)
|| "particle".equalsIgnoreCase(cmd)
|| "reload".equalsIgnoreCase(cmd)
|| "save-all".equalsIgnoreCase(cmd)
|| "say".equalsIgnoreCase(cmd)
|| "setblock".equalsIgnoreCase(cmd)
|| "spreadplayers".equalsIgnoreCase(cmd)
|| "stop".equalsIgnoreCase(cmd)
|| "summon".equalsIgnoreCase(cmd)
|| "teammsg".equalsIgnoreCase(cmd)
|| "teleport".equalsIgnoreCase(cmd)
|| "tell".equalsIgnoreCase(cmd)
|| "tellraw".equalsIgnoreCase(cmd)
|| "tm".equalsIgnoreCase(cmd)
|| "tp".equalsIgnoreCase(cmd)
|| "w".equalsIgnoreCase(cmd));
}
public static String checkCommand(final CommandSender sender, final String command, final boolean isConsoleCommand) { public static String checkCommand(final CommandSender sender, final String command, final boolean isConsoleCommand) {
final String[] arr = command.split(" "); final String[] arr = command.split(" ");
String commandName = arr[0].toLowerCase(); String commandName = arr[0].toLowerCase();
@ -27,25 +54,7 @@ public final class ServerCommand implements Listener {
for (int i = 1; i < arr.length; i++) { for (int i = 1; i < arr.length; i++) {
if ("run".equalsIgnoreCase(arr[i])) { if ("run".equalsIgnoreCase(arr[i])) {
if (i + 1 < arr.length) { if (i + 1 < arr.length) {
if ("execute".equalsIgnoreCase(arr[i + 1]) if (checkExecuteCommand(arr[i + 1])) {
|| "clone".equalsIgnoreCase(arr[i + 1])
|| "fill".equalsIgnoreCase(arr[i + 1])
|| "kick".equalsIgnoreCase(arr[i + 1])
|| "me".equalsIgnoreCase(arr[i + 1])
|| "msg".equalsIgnoreCase(arr[i + 1])
|| "particle".equalsIgnoreCase(arr[i + 1])
|| "reload".equalsIgnoreCase(arr[i + 1])
|| "save-all".equalsIgnoreCase(arr[i + 1])
|| "say".equalsIgnoreCase(arr[i + 1])
|| "spreadplayers".equalsIgnoreCase(arr[i + 1])
|| "stop".equalsIgnoreCase(arr[i + 1])
|| "teammsg".equalsIgnoreCase(arr[i + 1])
|| "teleport".equalsIgnoreCase(arr[i + 1])
|| "tell".equalsIgnoreCase(arr[i + 1])
|| "tellraw".equalsIgnoreCase(arr[i + 1])
|| "tm".equalsIgnoreCase(arr[i + 1])
|| "tp".equalsIgnoreCase(arr[i + 1])
|| "w".equalsIgnoreCase(arr[i + 1])) {
return "cancel"; return "cancel";
} else if (i + 3 < arr.length } else if (i + 3 < arr.length
&& "gamerule".equalsIgnoreCase(arr[i + 1])) { && "gamerule".equalsIgnoreCase(arr[i + 1])) {
@ -63,8 +72,7 @@ public final class ServerCommand implements Listener {
break; break;
} }
if ("as".equalsIgnoreCase(arr[i]) if ("as".equalsIgnoreCase(arr[i]) || "at".equalsIgnoreCase(arr[i])) {
|| "at".equalsIgnoreCase(arr[i])) {
asAtCount++; asAtCount++;
} }
} }
@ -76,8 +84,8 @@ public final class ServerCommand implements Listener {
break; break;
case "/minecraft:fill": case "/minecraft:fill":
case "/fill": case "/fill":
if (command.contains("auto:1")) { if (command.contains("auto")) {
return command.replace("auto:1", "auto:0"); return command.replace("auto", "[auto]");
} }
case "/minecraft:gamerule": case "/minecraft:gamerule":
case "/gamerule": case "/gamerule":
@ -115,7 +123,6 @@ public final class ServerCommand implements Listener {
if (Double.parseDouble(arr[4]) > 50) { if (Double.parseDouble(arr[4]) > 50) {
arr[4] = "50"; arr[4] = "50";
} }
return String.join(" ", arr); return String.join(" ", arr);
} }
break; break;
@ -130,6 +137,14 @@ public final class ServerCommand implements Listener {
return "cancel"; return "cancel";
} }
break; break;
case "/minecraft:say":
case "/say":
for (int i = 0; i < arr.length; i++) {
if (arr[i].toLowerCase().contains("@")) {
return "cancel";
}
}
break;
default: default:
break; break;
} }
@ -137,8 +152,8 @@ public final class ServerCommand implements Listener {
// Do nothing // Do nothing
} }
if (command.contains("[distance=")) { if (command.contains("distance")) {
return command.replace("[distance=", "["); return command.replace("distance=", "").replace("\"distance\"=", "").replace("'distance'=", "");
} }
return null; return null;