Merge pull request #14 from lMartin3/3.2.0

Merge 3.1.3

build.gradle

@@ -4,7 +4,7 @@ plugins {
 }
 
 group 'dev.martinl'
-version '3.1.2'
+version '3.1.3'
 
 tasks.withType(JavaCompile) {
     options.encoding = 'UTF-8'

src/main/java/dev/martinl/bsbrewritten/BSBRewritten.java

@@ -9,6 +9,7 @@
 import dev.martinl.bsbrewritten.util.Metrics;
 import dev.martinl.bsbrewritten.util.UpdateChecker;
 import lombok.Getter;
+import lombok.Setter;
 import org.bukkit.Bukkit;
 import org.bukkit.ChatColor;
 import org.bukkit.plugin.java.JavaPlugin;
@@ -20,6 +21,8 @@ public class BSBRewritten extends JavaPlugin {
     private ShulkerManager shulkerManager;
     private ConfigurationParser configurationParser;
     private UpdateChecker updateChecker;
+    @Setter
+    private boolean lockFeatures = false;
 
 
     @Override
@@ -32,6 +35,8 @@ public void onEnable() {
         new MainCommand(this);
 
         updateChecker = new UpdateChecker(this, 58837);
+        updateChecker.setupVulnerableVersionCheck(!configurationParser.isDisableVulnerableVersionProtection());
+
 
         Bukkit.getScheduler().runTaskAsynchronously(this, () -> {
             if (updateChecker.checkForUpdates()) {

src/main/java/dev/martinl/bsbrewritten/commands/MainCommand.java

@@ -41,6 +41,13 @@ public boolean onCommand(CommandSender sender, Command command, String label, St
                 } else {
                     sender.sendMessage(ChatColor.YELLOW + "[BSB] " + ChatColor.GRAY + "You are running the latest version of BetterShulkerBoxes.");
                 }
+                if(instance.getUpdateChecker().isRunningVulnerableVersion()) {
+                    sender.sendMessage(ChatColor.RED +
+                            "WARNING! You a re currently using a vulnerable version of Better Shulker Boxes!\n" +
+                            "The plugin " + (instance.isLockFeatures() ? "disabled the features to prevent exploitation"
+                            : "did NOT disable anything because of the configuration"));
+                    sender.sendMessage(""+ChatColor.GOLD + ChatColor.BOLD + ChatColor.UNDERLINE + "Please update the plugin as soon as possible!");
+                }
             });
         }
         return false;

src/main/java/dev/martinl/bsbrewritten/listeners/PlayerJoinListener.java

@@ -2,6 +2,10 @@
 
 import dev.martinl.bsbrewritten.BSBRewritten;
 import dev.martinl.bsbrewritten.util.BSBPermission;
+import org.bukkit.Bukkit;
+import org.bukkit.ChatColor;
+import org.bukkit.Sound;
+import org.bukkit.entity.Player;
 import org.bukkit.event.EventHandler;
 import org.bukkit.event.Listener;
 import org.bukkit.event.player.PlayerJoinEvent;
@@ -17,9 +21,17 @@ public PlayerJoinListener(BSBRewritten instance) {
     @EventHandler
     public void onPlayerJoin(PlayerJoinEvent e) {
         if (!e.getPlayer().hasPermission(BSBPermission.ADMIN.toString())) return;
-        if (!instance.getUpdateChecker().isNewerVersionAvailable()) return;
-        for (String msg : instance.getUpdateChecker().getUpdateMessages()) {
-            e.getPlayer().sendMessage(msg);
+        if (instance.getUpdateChecker().isNewerVersionAvailable()) {
+            for (String msg : instance.getUpdateChecker().getUpdateMessages()) {
+                e.getPlayer().sendMessage(msg);
+            }
+        }
+        if(instance.getUpdateChecker().isRunningVulnerableVersion()) {
+            e.getPlayer().sendMessage(ChatColor.RED +
+                    "WARNING! You a re currently using a vulnerable version of Better Shulker Boxes!\n" +
+                    "The plugin " + (instance.isLockFeatures() ? "disabled the features to prevent exploitation"
+                    : "did NOT disable anything because of the configuration"));
+            e.getPlayer().sendMessage(""+ChatColor.GOLD + ChatColor.BOLD + ChatColor.UNDERLINE + "Please update the plugin as soon as possible!");
         }
     }
 }

src/main/java/dev/martinl/bsbrewritten/manager/ShulkerManager.java

@@ -32,7 +32,7 @@ public ShulkerManager(BSBRewritten instance) {
 
 
     public void openShulkerBoxInventory(Player player, ItemStack shulkerStack) {
-
+        if(instance.isLockFeatures()) return;
         //permission check
         if (instance.getConfigurationParser().isRequiresPermission()&&
                 !player.hasPermission(BSBPermission.OPEN_SHULKER.toString())) {

src/main/java/dev/martinl/bsbrewritten/util/ConfigurationParser.java

@@ -22,6 +22,7 @@ public class ConfigurationParser {
     private boolean enableInventoryClickOpen;
     private boolean enableStatistics;
     private boolean disableMovementCheck;
+    private boolean disableVulnerableVersionProtection;
 
     private String prefix;
     private String inventoryName;
@@ -42,6 +43,7 @@ public void parseConfiguration() {
         enableInventoryClickOpen = fileConfiguration.getBoolean("enable_inventory_click_open");
         enableStatistics = fileConfiguration.getBoolean("enable_statistics");
         disableMovementCheck = fileConfiguration.getBoolean("disable_movement_check");
+        disableVulnerableVersionProtection = fileConfiguration.getBoolean("disable_vulnerable_version_protection");
 
         prefix = translateCC(strFromConfig("prefix"));
         prefix = (prefix.isEmpty() ? "" : prefix + ChatColor.RESET + " ");

src/main/java/dev/martinl/bsbrewritten/util/UpdateChecker.java

@@ -4,6 +4,7 @@
 import lombok.Getter;
 import org.bukkit.Bukkit;
 import org.bukkit.ChatColor;
+import org.bukkit.scheduler.BukkitTask;
 
 import java.io.BufferedReader;
 import java.io.IOException;
@@ -20,10 +21,12 @@ public class UpdateChecker {
     private final int project;
     private URL checkURL;
     private URL changelogURL;
+    private URL vlnVersionListURL;
+    private BukkitTask vlnVersionCheckTask;
     private boolean newerVersionAvailable = false;
     private String newVersion;
     private ArrayList<String> latestChangelog = new ArrayList<>();
-
+    private boolean runningVulnerableVersion = false;
 
     public UpdateChecker(BSBRewritten instance, int projectID) {
         this.instance = instance;
@@ -32,6 +35,7 @@ public UpdateChecker(BSBRewritten instance, int projectID) {
         try {
             this.checkURL = new URL("https://api.spigotmc.org/legacy/update.php?resource=" + projectID);
             this.changelogURL = new URL("https://raw.githubusercontent.com/lMartin3/BetterShulkerBoxesRewritten/master/changelog.txt");
+            this.vlnVersionListURL = new URL("https://raw.githubusercontent.com/lMartin3/BetterShulkerBoxesRewritten/master/vulnerable_versions.txt");
         } catch (MalformedURLException localMalformedURLException) {
             Bukkit.getServer().getConsoleSender().sendMessage("Error: MalformedURLException, please send this to the developer");
         }
@@ -62,11 +66,36 @@ public boolean checkForUpdates() {
         }
     }
 
-    //GET request to a (raw) file on the github repo
+    public void setupVulnerableVersionCheck(boolean disableOnDetection) {
+        vlnVersionCheckTask = Bukkit.getScheduler().runTaskTimerAsynchronously(instance, ()->{
+            List<String> vulnerableVersions = getVulnerableVersionList();
+            if(vulnerableVersions.contains(instance.getDescription().getVersion())) {
+                instance.getServer().getConsoleSender().sendMessage(ChatColor.RED +
+                        "WARNING! You a re currently using a vulnerable version of Better Shulker Boxes!\n" +
+                        "The plugin " + (instance.isLockFeatures() ? "disabled the features to prevent exploitation"
+                        : "did NOT disable anything because of the configuration\n"+
+                        ChatColor.GOLD + ChatColor.BOLD + ChatColor.UNDERLINE + "Please update the plugin as soon as possible!"));
+                runningVulnerableVersion = true;
+                instance.setLockFeatures(true);
+                instance.getShulkerManager().closeAllInventories(false);
+                vlnVersionCheckTask.cancel();
+            }
+        }, 20, 20*60*30);
+    }
+
     public ArrayList<String> getChangelog() {
+        return getStringListFromURL(changelogURL);
+    }
+
+    public ArrayList<String> getVulnerableVersionList() {
+        return getStringListFromURL(vlnVersionListURL);
+    }
+
+    //GET request to a (raw) file on the github repo
+    public ArrayList<String> getStringListFromURL(URL url) {
         ArrayList<String> lines = new ArrayList<>();
         try {
-            URLConnection con = this.changelogURL.openConnection();
+            URLConnection con = url.openConnection();
             InputStreamReader inSR = new InputStreamReader(con.getInputStream());
             BufferedReader bufferedReader = new BufferedReader(inSR);
             String inputLine;

src/main/resources/config.yml

@@ -11,7 +11,7 @@
 # Discord server: https://discord.com/invite/DnAHWMG
 
 #Please do not modify this
-config-version: 3.1.2
+config-version: 3.1.3
 
 # Open and close sounds, use sound names from this list https://hub.spigotmc.org/javadocs/bukkit/org/bukkit/Sound.html
 open_sound: 'BLOCK_SHULKER_BOX_OPEN'
@@ -24,6 +24,12 @@ enable_right_click_open: true # Boolean - Set this to false if you do not want t
 enable_inventory_click_open: true # Boolean - Set this to false if you do not want to allow players to open a shulker by shift clicking in their inventories
 disable_movement_check: false # Boolean - Set this to true if you want players to be able to open shulkerboxes using the plugin while moving
 
+# With the vulnerable version protection enabled, Better Shulker Boxes will disable itself if it detects its
+# running a vulnerable version.
+# It is recommended to leave this on, it could prevent duplication glitches that would otherwise happen until you
+# update or remove the  plugin. If you want, you can still turn it off by setting the following field to true
+disable_vulnerable_version_protection: false
+
 #Messages
 prefix: '&b[&eBSB&b]' # String - Chat prefix, do not add a space or any other characters after it
 inventory_name: '< %shulker_name% >' # String - Text to be displayed as the inventory title, use %shulker_name% to display the item name

src/main/resources/plugin.yml

@@ -1,5 +1,5 @@
 name: 'BetterShulkerBoxes'
-version: 3.1.2
+version: 3.1.3
 main: dev.martinl.bsbrewritten.BSBRewritten
 author: 'Rektb (lMartin3#1975)'
 api-version: '1.13'