Fix major security bugs (3 brushes + superpickaxe)! (#1213)

* Fix major security bugs (3 brushes + superpickaxe)!
- Due to some recent changes, FAWE could edit everything in the world, no matter other plugin protections such as PS or WG.
- Fix superpickaxe allow to bypass protections => Fix SurvivalModeExtent not taking into account protections plugins due to breaking blocks naturally to get drops.

* Adress requests
- Revert some unsuitabe changes
- Add FAWE diff comments

* Clean imports

* Adress requests

Co-authored-by: NotMyFault <mc.cache@web.de>
This commit is contained in:
Aurélien 2021-08-07 11:09:33 +02:00 committed by GitHub
parent 14b3fd2085
commit abaa347ad4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 61 additions and 11 deletions

View File

@ -67,12 +67,14 @@ import org.bukkit.inventory.InventoryHolder;
import java.lang.ref.WeakReference;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Collection;
import java.util.EnumMap;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import static com.google.common.base.Preconditions.checkNotNull;
@ -470,6 +472,14 @@ public class BukkitWorld extends AbstractWorld {
getWorld().getBlockAt(pt.getBlockX(), pt.getBlockY(), pt.getBlockZ()).breakNaturally();
}
//FAWE start
@Override
public Collection<BaseItemStack> getBlockDrops(BlockVector3 position) {
return getWorld().getBlockAt(position.getBlockX(), position.getBlockY(), position.getBlockZ()).getDrops().stream()
.map(BukkitAdapter::adapt).collect(Collectors.toList());
}
//FAWE end
@Override
public boolean canPlaceAt(BlockVector3 position, com.sk89q.worldedit.world.block.BlockState blockState) {
BukkitImplAdapter adapter = WorldEditPlugin.getInstance().getBukkitImplAdapter();

View File

@ -39,6 +39,7 @@ import com.sk89q.worldedit.world.block.BlockType;
import com.sk89q.worldedit.world.weather.WeatherType;
import javax.annotation.Nullable;
import java.util.Collection;
import java.util.List;
import java.util.Set;
@ -240,6 +241,13 @@ public class WorldWrapper extends AbstractWorld {
});
}
//FAWE start
@Override
public Collection<BaseItemStack> getBlockDrops(final BlockVector3 position) {
return TaskManager.IMP.sync(() -> parent.getBlockDrops(position));
}
//FAWE end
@Override
public boolean regenerate(Region region, EditSession session) {
return parent.regenerate(region, session);

View File

@ -90,8 +90,6 @@ public class BlockDataCyler implements DoubleActionBlockTool {
BlockState newBlock = block.with(objProp, currentProperty.getValues().get(index));
try (EditSession editSession = session.createEditSession(player)) {
editSession.disableBuffering();
try {
editSession.setBlock(blockPoint, newBlock);
player.print(Caption.of(

View File

@ -65,7 +65,6 @@ public class BlockReplacer implements DoubleActionBlockTool {
try (EditSession editSession = session.createEditSession(player)) {
try {
editSession.disableBuffering();
BlockVector3 position = clicked.toVector().toBlockPoint();
editSession.setBlock(position, pattern);
} catch (MaxChangedBlocksException ignored) {

View File

@ -63,11 +63,14 @@ public class SinglePickaxe implements BlockTool {
}
try (EditSession editSession = session.createEditSession(player)) {
try {
editSession.getSurvivalExtent().setToolUse(config.superPickaxeDrop);
editSession.setBlock(blockPoint, BlockTypes.AIR.getDefaultState());
session.remember(editSession);
} catch (MaxChangedBlocksException e) {
player.print(Caption.of("worldedit.tool.max-block-changes"));
} finally {
session.remember(editSession);
}
}
return true;

View File

@ -63,7 +63,6 @@ public class StackTool implements BlockTool {
BlockStateHolder<?> block = editSession.getFullBlock(clicked.toVector().toBlockPoint());
try {
editSession.disableBuffering();
BlockVector3 position = clicked.toVector().toBlockPoint();
for (int i = 0; i < range; i++) {
position = position.add(face.toBlockVector());

View File

@ -19,7 +19,10 @@
package com.sk89q.worldedit.extent.world;
import com.fastasyncworldedit.core.util.TaskManager;
import com.fastasyncworldedit.core.util.task.RunnableVal;
import com.sk89q.worldedit.WorldEditException;
import com.sk89q.worldedit.blocks.BaseItemStack;
import com.sk89q.worldedit.extent.AbstractDelegateExtent;
import com.sk89q.worldedit.extent.Extent;
import com.sk89q.worldedit.math.BlockVector3;
@ -27,6 +30,8 @@ import com.sk89q.worldedit.util.nbt.CompoundBinaryTag;
import com.sk89q.worldedit.world.World;
import com.sk89q.worldedit.world.block.BlockStateHolder;
import java.util.Collection;
import static com.google.common.base.Preconditions.checkNotNull;
/**
@ -91,8 +96,22 @@ public class SurvivalModeExtent extends AbstractDelegateExtent {
@Override
public <B extends BlockStateHolder<B>> boolean setBlock(BlockVector3 location, B block) throws WorldEditException {
if (toolUse && block.getBlockType().getMaterial().isAir()) {
world.simulateBlockMine(location);
Collection<BaseItemStack> drops = world.getBlockDrops(location);
boolean canSet = super.setBlock(location, block);
if (canSet) {
TaskManager.IMP.sync(new RunnableVal<>() {
@Override
public void run(Object value) {
for (BaseItemStack stack : drops) {
world.dropItem(location.toVector3(), stack);
}
}
});
return true;
} else {
return false;
}
} else {
// Can't be an inlined check due to inconsistent generic return type
if (stripNbt) {

View File

@ -50,6 +50,8 @@ import com.sk89q.worldedit.world.weather.WeatherType;
import javax.annotation.Nullable;
import java.nio.file.Path;
import java.util.Collection;
import java.util.Collections;
import java.util.Locale;
import java.util.Set;
@ -218,6 +220,18 @@ public interface World extends Extent, Keyed, IChunkCache<IChunkGet> {
*/
void simulateBlockMine(BlockVector3 position);
//FAWE start
/**
* Return items that may drop by destroying this block.
*
* @param position the position
* @return Block drops
*/
default Collection<BaseItemStack> getBlockDrops(BlockVector3 position) {
return Collections.emptyList();
}
//FAWE end
/**
* Gets whether the given {@link BlockState} can be placed here.
*