From 3ee38d7b6d3d65c5a4f033589f05f2965cbde478 Mon Sep 17 00:00:00 2001
From: Kristian <Kristian@192.168.0.190>
Date: Sun, 7 Apr 2013 15:57:01 +0200
Subject: [PATCH] Arbitrary code execution is very dangerous. Limit to debug
 mode.

The filter command allows users with sufficient permission (or OPs) to
execute arbitrary JavaScript (no sandboxing). This is fine for a
debug and testing, but could potentially be exploited in a
production environment.

Instead, we disable this command by default and force users to enable it
specifically in the configuration file (not through commands). If
someone has access to the config.yml file, they probably also have
access to the plugins/ folder and thus the ability to install plugins
with arbitrary code execution as well.
---
 .../com/comphenix/protocol/CommandFilter.java | 13 ++++++++++--
 .../comphenix/protocol/ProtocolConfig.java    | 20 +++++++++++++++++++
 .../comphenix/protocol/ProtocolLibrary.java   |  7 ++++++-
 ProtocolLib/src/main/resources/config.yml     |  5 ++++-
 4 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/ProtocolLib/src/main/java/com/comphenix/protocol/CommandFilter.java b/ProtocolLib/src/main/java/com/comphenix/protocol/CommandFilter.java
index de13c50a..6f60277e 100644
--- a/ProtocolLib/src/main/java/com/comphenix/protocol/CommandFilter.java
+++ b/ProtocolLib/src/main/java/com/comphenix/protocol/CommandFilter.java
@@ -221,12 +221,16 @@ public class CommandFilter extends CommandBase {
 	// Owner plugin
 	private final Plugin plugin;
 	
+	// Whether or not the command is enabled
+	private ProtocolConfig config;
+	
 	// Script engine
 	private ScriptEngine engine;
 	
-	public CommandFilter(ErrorReporter reporter, Plugin plugin) {
+	public CommandFilter(ErrorReporter reporter, Plugin plugin, ProtocolConfig config) {
 		super(reporter, CommandBase.PERMISSION_ADMIN, NAME, 2);
 		this.plugin = plugin;
+		this.config = config;
 		
 		// Start the engine
 		initalizeScript();
@@ -264,13 +268,18 @@ public class CommandFilter extends CommandBase {
 		// Pass!
 		return true;
 	}
-	
+
 	/*
 	 * Description: Adds or removes a simple packet listener.
        Usage:       /<command> add|remove name [packet IDs]
 	 */
 	@Override
 	protected boolean handleCommand(CommandSender sender, String[] args) {
+		if (!config.isDebug()) {
+			sender.sendMessage(ChatColor.RED + "Debug mode must be enabled in the configuration first!");
+			return true;
+		}
+		
 		final SubCommand command = parseCommand(args, 0);
 		final String name = args[1];
 		
diff --git a/ProtocolLib/src/main/java/com/comphenix/protocol/ProtocolConfig.java b/ProtocolLib/src/main/java/com/comphenix/protocol/ProtocolConfig.java
index 87e5b523..4ce0bf06 100644
--- a/ProtocolLib/src/main/java/com/comphenix/protocol/ProtocolConfig.java
+++ b/ProtocolLib/src/main/java/com/comphenix/protocol/ProtocolConfig.java
@@ -40,6 +40,8 @@ class ProtocolConfig {
 	private static final String IGNORE_VERSION_CHECK = "ignore version check";	
 	private static final String BACKGROUND_COMPILER_ENABLED = "background compiler";
 
+	private static final String DEBUG_MODE_ENABLED = "debug";
+	
 	private static final String INJECTION_METHOD = "injection method";
 	
 	private static final String UPDATER_NOTIFY = "notify";
@@ -140,6 +142,24 @@ class ProtocolConfig {
 	public void setAutoDownload(boolean value) {
 		updater.set(UPDATER_DOWNLAD, value);
 	}
+	
+	/**
+	 * Determine whether or not debug mode is enabled.
+	 * <p>
+	 * This grants access to the filter command.
+	 * @return TRUE if it is, FALSE otherwise.
+	 */
+	public boolean isDebug() {
+		return global.getBoolean(DEBUG_MODE_ENABLED, false);
+	}
+	
+	/**
+	 * Set whether or not debug mode is enabled.
+	 * @param value - TRUE if it is enabled, FALSE otherwise.
+	 */
+	public void setDebug(boolean value) {
+		global.set(DEBUG_MODE_ENABLED, value);
+	}
 
 	/**
 	 * Retrieve the amount of time to wait until checking for a new update.
diff --git a/ProtocolLib/src/main/java/com/comphenix/protocol/ProtocolLibrary.java b/ProtocolLib/src/main/java/com/comphenix/protocol/ProtocolLibrary.java
index dcb120c5..7304eabb 100644
--- a/ProtocolLib/src/main/java/com/comphenix/protocol/ProtocolLibrary.java
+++ b/ProtocolLib/src/main/java/com/comphenix/protocol/ProtocolLibrary.java
@@ -130,6 +130,11 @@ public class ProtocolLibrary extends JavaPlugin {
 			}
 		}
 		
+		// Print the state of the debug mode
+		if (config.isDebug()) {
+			logger.warning("Debug mode is enabled!");
+		}
+		
 		try {
 			// Check for other versions
 			checkConflictingVersions();
@@ -162,7 +167,7 @@ public class ProtocolLibrary extends JavaPlugin {
 			
 			// Initialize command handlers
 			commandProtocol = new CommandProtocol(detailedReporter, this, updater, config);
-			commandFilter = new CommandFilter(detailedReporter, this);
+			commandFilter = new CommandFilter(detailedReporter, this, config);
 			commandPacket = new CommandPacket(detailedReporter, this, logger, commandFilter, protocolManager);
 			
 			// Send logging information to player listeners too
diff --git a/ProtocolLib/src/main/resources/config.yml b/ProtocolLib/src/main/resources/config.yml
index 46869ad7..e9185886 100644
--- a/ProtocolLib/src/main/resources/config.yml
+++ b/ProtocolLib/src/main/resources/config.yml
@@ -18,4 +18,7 @@ global:
   ignore version check: 
   
   # Override the starting injecting method
-  injection method: 
\ No newline at end of file
+  injection method: 
+  
+  # Whether or not to enable the filter command
+  debug: false
\ No newline at end of file