Arbitrary code execution is very dangerous. Limit to debug mode.

The filter command allows users with sufficient permission (or OPs) to
execute arbitrary JavaScript (no sandboxing). This is fine for a
debug and testing, but could potentially be exploited in a
production environment. 

Instead, we disable this command by default and force users to enable it
specifically in the configuration file (not through commands). If
someone has access to the config.yml file, they probably also have
access to the plugins/ folder and thus the ability to install plugins
with arbitrary code execution as well.

ProtocolLib/src/main/java/com/comphenix/protocol/CommandFilter.java

@@ -221,12 +221,16 @@ public class CommandFilter extends CommandBase {
 	// Owner plugin
 	private final Plugin plugin;
 	
+	// Whether or not the command is enabled
+	private ProtocolConfig config;
+	
 	// Script engine
 	private ScriptEngine engine;
 	
-	public CommandFilter(ErrorReporter reporter, Plugin plugin) {
+	public CommandFilter(ErrorReporter reporter, Plugin plugin, ProtocolConfig config) {
 		super(reporter, CommandBase.PERMISSION_ADMIN, NAME, 2);
 		this.plugin = plugin;
+		this.config = config;
 		
 		// Start the engine
 		initalizeScript();
@@ -264,13 +268,18 @@ public class CommandFilter extends CommandBase {
 		// Pass!
 		return true;
 	}
-	
+
 	/*
 	 * Description: Adds or removes a simple packet listener.
        Usage:       /<command> add|remove name [packet IDs]
 	 */
 	@Override
 	protected boolean handleCommand(CommandSender sender, String[] args) {
+		if (!config.isDebug()) {
+			sender.sendMessage(ChatColor.RED + "Debug mode must be enabled in the configuration first!");
+			return true;
+		}
+		
 		final SubCommand command = parseCommand(args, 0);
 		final String name = args[1];
 		

ProtocolLib/src/main/java/com/comphenix/protocol/ProtocolConfig.java

@@ -40,6 +40,8 @@ class ProtocolConfig {
 	private static final String IGNORE_VERSION_CHECK = "ignore version check";	
 	private static final String BACKGROUND_COMPILER_ENABLED = "background compiler";
 
+	private static final String DEBUG_MODE_ENABLED = "debug";
+	
 	private static final String INJECTION_METHOD = "injection method";
 	
 	private static final String UPDATER_NOTIFY = "notify";
@@ -140,6 +142,24 @@ class ProtocolConfig {
 	public void setAutoDownload(boolean value) {
 		updater.set(UPDATER_DOWNLAD, value);
 	}
+	
+	/**
+	 * Determine whether or not debug mode is enabled.
+	 * <p>
+	 * This grants access to the filter command.
+	 * @return TRUE if it is, FALSE otherwise.
+	 */
+	public boolean isDebug() {
+		return global.getBoolean(DEBUG_MODE_ENABLED, false);
+	}
+	
+	/**
+	 * Set whether or not debug mode is enabled.
+	 * @param value - TRUE if it is enabled, FALSE otherwise.
+	 */
+	public void setDebug(boolean value) {
+		global.set(DEBUG_MODE_ENABLED, value);
+	}
 
 	/**
 	 * Retrieve the amount of time to wait until checking for a new update.

ProtocolLib/src/main/java/com/comphenix/protocol/ProtocolLibrary.java

@@ -130,6 +130,11 @@ public class ProtocolLibrary extends JavaPlugin {
 			}
 		}
 		
+		// Print the state of the debug mode
+		if (config.isDebug()) {
+			logger.warning("Debug mode is enabled!");
+		}
+		
 		try {
 			// Check for other versions
 			checkConflictingVersions();
@@ -162,7 +167,7 @@ public class ProtocolLibrary extends JavaPlugin {
 			
 			// Initialize command handlers
 			commandProtocol = new CommandProtocol(detailedReporter, this, updater, config);
-			commandFilter = new CommandFilter(detailedReporter, this);
+			commandFilter = new CommandFilter(detailedReporter, this, config);
 			commandPacket = new CommandPacket(detailedReporter, this, logger, commandFilter, protocolManager);
 			
 			// Send logging information to player listeners too

ProtocolLib/src/main/resources/config.yml

@@ -18,4 +18,7 @@ global:
   ignore version check: 
   
   # Override the starting injecting method
-  injection method: 
+  injection method: 
+  
+  # Whether or not to enable the filter command
+  debug: false