From 8f29d203e23c25811bfa71a08afb31ca448e4210 Mon Sep 17 00:00:00 2001 From: Sekwah Date: Sat, 27 Jul 2024 23:39:33 +0100 Subject: [PATCH] fix!: disable proxy detection to avoid vulnerabilities (see full commit for more info) If you are using 1.12 or lower you are unaffected as the features causing this issue were not implemented back then. Thanks to rooter.rs for notifying me of these issues as well as helping code and test a fix for this. Velocity was unaffected by this issue if you had the plugin on the proxy though due to the likelihood that may not be the case I have decided to disable this for everyone by default If you are on bungee you will 100% want to update to this version right away. For a full writeup by roote.rs see https://roote.rs/posts/advancedportals/ --- build.gradle | 41 ++++++++++++------- .../bukkit/AdvancedPortalsPlugin.java | 14 ++----- .../bukkit/config/ConfigHelper.java | 6 +++ .../bukkit/destinations/Destination.java | 2 - .../listeners/PluginMessageReceiver.java | 40 +++++++++--------- src/main/resources/config.yml | 6 +-- 6 files changed, 60 insertions(+), 49 deletions(-) diff --git a/build.gradle b/build.gradle index 90c82fea..bfcd8b3b 100644 --- a/build.gradle +++ b/build.gradle @@ -17,6 +17,12 @@ import org.apache.http.impl.client.HttpClients import java.util.regex.Matcher import java.util.regex.Pattern +import java.nio.file.Files +import java.nio.file.Paths +import java.nio.file.StandardCopyOption +import java.nio.file.StandardOpenOption + + buildscript { repositories { maven { url "https://plugins.gradle.org/m2/" } @@ -298,24 +304,29 @@ task curseforge { // releaseType = 'release' } -task copyPlugin { +/** + * Will build then copy it to the minecraft server folder for use with the launch task and dev tools plugin + */ +tasks.register('copyPlugin') { + dependsOn(build) doLast { copy { - if (System.env.MC_SERVER_LOC == null) { - throw new Exception('You must set the server location and jar to use') - } - println "$buildDir/libs/Advanced-Portals-${version}.jar" - println "${System.env.MC_SERVER_LOC}/plugins/Advanced-Portals-${version}.jar" - try { - delete fileTree("${System.env.MC_SERVER_LOC}/plugins/") { - include "*.jar" - } - } - catch (RuntimeException e) { - println e.getLocalizedMessage() + def sourceFilePath = Paths.get("$buildDir/libs/Advanced-Portals-${getVersion()}.jar") + def destinationFilePath = Paths.get("$buildDir/MinecraftServer/plugins/Advanced-Portals.jar") + + println "Handling file: $destinationFilePath" + + byte[] newContent = Files.readAllBytes(sourceFilePath) + + if (Files.exists(destinationFilePath)) { + println "File exists. Overwriting with new binary content." + + Files.write(destinationFilePath, newContent, StandardOpenOption.TRUNCATE_EXISTING) + } else { + println "File does not exist. Copying from source." + + Files.copy(sourceFilePath, destinationFilePath, StandardCopyOption.REPLACE_EXISTING) } - from file("$buildDir/libs/Advanced-Portals-${version}.jar") - into file("${System.env.MC_SERVER_LOC}/plugins/") } } } diff --git a/src/main/java/com/sekwah/advancedportals/bukkit/AdvancedPortalsPlugin.java b/src/main/java/com/sekwah/advancedportals/bukkit/AdvancedPortalsPlugin.java index 9295c757..aaba6c5d 100644 --- a/src/main/java/com/sekwah/advancedportals/bukkit/AdvancedPortalsPlugin.java +++ b/src/main/java/com/sekwah/advancedportals/bukkit/AdvancedPortalsPlugin.java @@ -25,9 +25,7 @@ public class AdvancedPortalsPlugin extends JavaPlugin { private Settings settings; - protected boolean isProxyPluginEnabled = false; - - protected boolean forceRegisterProxyChannels = false; + protected boolean registerProxyChannels = false; protected boolean disableProxyWarning = false; private boolean worldEditActive = false; @@ -51,7 +49,7 @@ public void onEnable() { config.saveConfig(); FileConfiguration pluginConfig = config.getConfig(); - forceRegisterProxyChannels = pluginConfig.getBoolean(ConfigHelper.FORCE_ENABLE_PROXY_SUPPORT, false); + registerProxyChannels = pluginConfig.getBoolean(ConfigHelper.ENABLE_PROXY_SUPPORT, false); disableProxyWarning = pluginConfig.getBoolean(ConfigHelper.DISABLE_PROXY_WARNING, false); ConfigAccessor portalConfig = new ConfigAccessor(this, "portals.yml"); @@ -118,15 +116,11 @@ private void setupDataCollector() { private void setupBungee() { // Enables very basic bungee support if not setup right this.getServer().getMessenger().registerOutgoingPluginChannel(this, "BungeeCord"); - if(forceRegisterProxyChannels || this.checkIfBungee()) { + if(registerProxyChannels || this.checkIfBungee()) { this.getServer().getMessenger().registerIncomingPluginChannel(this, "BungeeCord", new BungeeListener(this)); this.getServer().getMessenger().registerOutgoingPluginChannel(this, BungeeMessages.CHANNEL_NAME); this.getServer().getMessenger().registerIncomingPluginChannel(this, BungeeMessages.CHANNEL_NAME, new PluginMessageReceiver(this)); - isProxyPluginEnabled = true; - } - else { - isProxyPluginEnabled = false; } } @@ -135,7 +129,7 @@ public Map getPlayerDestiMap() { } public boolean isProxyPluginEnabled() { - return isProxyPluginEnabled; + return registerProxyChannels; } private boolean checkIfBungee() diff --git a/src/main/java/com/sekwah/advancedportals/bukkit/config/ConfigHelper.java b/src/main/java/com/sekwah/advancedportals/bukkit/config/ConfigHelper.java index edca424c..ecd45527 100644 --- a/src/main/java/com/sekwah/advancedportals/bukkit/config/ConfigHelper.java +++ b/src/main/java/com/sekwah/advancedportals/bukkit/config/ConfigHelper.java @@ -8,6 +8,7 @@ public class ConfigHelper { public static final String COMMAND_LOGS = "CommandLogs"; + public static final String ENABLE_PROXY_SUPPORT = "EnableProxySupport"; public static final String FORCE_ENABLE_PROXY_SUPPORT = "ForceEnableProxySupport"; public static final String DISABLE_PROXY_WARNING = "DisableProxyWarning"; @@ -40,6 +41,11 @@ public void update() { config.set(ConfigHelper.CONFIG_VERSION, "0.5.13"); config.set(ConfigHelper.FORCE_ENABLE_PROXY_SUPPORT, false); config.set(ConfigHelper.PROXY_TELEPORT_DELAY, 0); + update(); + } else if(configVersion.equals("0.5.13")) { + config.set(ConfigHelper.CONFIG_VERSION, "0.5.14"); + config.set(ConfigHelper.FORCE_ENABLE_PROXY_SUPPORT, null); + config.set(ConfigHelper.ENABLE_PROXY_SUPPORT, config.getBoolean(ConfigHelper.FORCE_ENABLE_PROXY_SUPPORT)); } } } diff --git a/src/main/java/com/sekwah/advancedportals/bukkit/destinations/Destination.java b/src/main/java/com/sekwah/advancedportals/bukkit/destinations/Destination.java index b0973b13..6bd988cb 100644 --- a/src/main/java/com/sekwah/advancedportals/bukkit/destinations/Destination.java +++ b/src/main/java/com/sekwah/advancedportals/bukkit/destinations/Destination.java @@ -164,8 +164,6 @@ public static boolean warp(Player player, String dest, AdvancedPortal disp, bool WarpEffects.activateSound(player); } - System.out.println(PORTAL_MESSAGE_DISPLAY); - if (PORTAL_MESSAGE_DISPLAY == 1) { player.sendMessage(""); player.sendMessage(PluginMessages.customPrefix + PluginMessages.getWarpMessage(dest)); diff --git a/src/main/java/com/sekwah/advancedportals/bukkit/listeners/PluginMessageReceiver.java b/src/main/java/com/sekwah/advancedportals/bukkit/listeners/PluginMessageReceiver.java index 693462da..a8fef3de 100644 --- a/src/main/java/com/sekwah/advancedportals/bukkit/listeners/PluginMessageReceiver.java +++ b/src/main/java/com/sekwah/advancedportals/bukkit/listeners/PluginMessageReceiver.java @@ -6,21 +6,29 @@ import com.sekwah.advancedportals.bukkit.config.ConfigAccessor; import com.sekwah.advancedportals.bukkit.config.ConfigHelper; import com.sekwah.advancedportals.bukkit.destinations.Destination; +import com.sekwah.advancedportals.bukkit.PluginMessages; import com.sekwah.advancedportals.bungee.BungeeMessages; import org.bukkit.entity.Player; import org.bukkit.plugin.messaging.PluginMessageListener; +import org.bukkit.Bukkit; import java.util.UUID; public class PluginMessageReceiver implements PluginMessageListener { + public static final String ENABLE_MESSAGE = PluginMessages.customPrefixFail + "§c Warning! To avoid vulnerabilities we have disabled proxy messages by default. To enable full proxy features, please change §eEnableProxySupport §cin the config.yml and ensure you have the plugin installed on the proxy."; + public static final String WARNING_MESSAGE = PluginMessages.customPrefixFail + "§c Warning! A proxy message was received but proxy plugin support is not enabled. To enable it, please set §eEnableProxySupport §cto true and install the plugin on the proxy. If you do not remember having the proxy plugin, please ignore this message as it may be someone trying to attack your server."; private final AdvancedPortalsPlugin plugin; private final int teleportDelay; + private boolean isNotifiedAboutEnabling = false; public PluginMessageReceiver(AdvancedPortalsPlugin plugin) { this.plugin = plugin; ConfigAccessor config = new ConfigAccessor(plugin, "config.yml"); teleportDelay = config.getConfig().getInt(ConfigHelper.PROXY_TELEPORT_DELAY, 0); + if(!plugin.isProxyPluginEnabled()) { + Bukkit.getConsoleSender().sendMessage(ENABLE_MESSAGE); + } } @Override @@ -30,6 +38,19 @@ public void onPluginMessageReceived(String channel, Player player, byte[] messag return; } + if(!plugin.isProxyPluginEnabled()) { + if(!isNotifiedAboutEnabling) { + for (Player p : Bukkit.getOnlinePlayers()) { + if (!p.isOp()) continue; + p.sendMessage(WARNING_MESSAGE); + } + Bukkit.getConsoleSender().sendMessage(WARNING_MESSAGE); + + isNotifiedAboutEnabling = true; + } + return; + } + ByteArrayDataInput in = ByteStreams.newDataInput(message); String subchannel = in.readUTF(); @@ -65,23 +86,4 @@ public void teleportPlayerToDesti(Player player, String desti, String bungeeUUID ); } } - - /** - * Example forward packet. - * - * Construct like the forge packets. - * - * out.writeUTF("Forward"); // So BungeeCord knows to forward it - out.writeUTF("ALL"); - out.writeUTF("MyChannel"); // The channel name to check if this your data - - ByteArrayOutputStream msgbytes = new ByteArrayOutputStream(); - DataOutputStream msgout = new DataOutputStream(msgbytes); - msgout.writeUTF("Some kind of data here"); // You can do anything you want with msgout - msgout.writeShort(123); - - out.writeShort(msgbytes.toByteArray().length); - out.write(msgbytes.toByteArray()); - * - */ } diff --git a/src/main/resources/config.yml b/src/main/resources/config.yml index 686f2165..cf6f1e18 100644 --- a/src/main/resources/config.yml +++ b/src/main/resources/config.yml @@ -3,7 +3,7 @@ # To set this file back to its default state just delete it and reload the server or restart it! # Will update whenever there is a config update from an older version so may not be the latest plugin version -ConfigVersion: 0.5.13 +ConfigVersion: 0.5.14 # Set to true if you want the normal axes to work normally but the ones given with /portals selector or wand will still work though # It can be useful if people with permission want to use an iron axe on a survival server @@ -76,8 +76,8 @@ CommandLevels: opcb # Should the commands being triggered log in the console? (If you have an active server it may cause a bit of spam) CommandLogs: true -# If you want to use bungee or velocity, and it is not automatically detected (make sure you have advanced portals on the proxy, especially with velocity) -ForceEnableProxySupport: false +# If you want to use bungee or velocity features +EnableProxySupport: false # How many seconds after the proxy event fires should the player be teleported (should help with on spawn plugins and such) # 0 is disabled and anything higher causes a delay.