From d1a8ac7942b10710d9efe796eac4ff8ef696df8f Mon Sep 17 00:00:00 2001 From: "Tomachi [ICHIGO]" Date: Tue, 18 Jan 2022 23:14:34 +0900 Subject: [PATCH 1/2] =?UTF-8?q?fix:=20MySQL=E3=82=B5=E3=83=BC=E3=83=90?= =?UTF-8?q?=E3=81=B8=E3=81=AE=E3=83=AD=E3=82=B0=E3=82=A4=E3=83=B3=E8=A8=AD?= =?UTF-8?q?=E5=AE=9A=E7=AD=89=E3=81=8C=E6=9C=AA=E5=AE=9A=E7=BE=A9=E3=81=AE?= =?UTF-8?q?=E5=A0=B4=E5=90=88=E3=81=AB=E3=82=A8=E3=83=A9=E3=83=BC=E3=81=8C?= =?UTF-8?q?=E7=99=BA=E7=94=9F=E3=81=99=E3=82=8B=E5=95=8F=E9=A1=8C=E3=81=AE?= =?UTF-8?q?=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/jaoafa/mymaid4/event/Event_LongTimeNoSee.java | 5 ++++- .../java/com/jaoafa/mymaid4/event/Event_OnlineTimeDB.java | 5 ++++- .../java/com/jaoafa/mymaid4/event/Event_ServerException.java | 5 ++++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/jaoafa/mymaid4/event/Event_LongTimeNoSee.java b/src/main/java/com/jaoafa/mymaid4/event/Event_LongTimeNoSee.java index fd490fae5..c932d407f 100644 --- a/src/main/java/com/jaoafa/mymaid4/event/Event_LongTimeNoSee.java +++ b/src/main/java/com/jaoafa/mymaid4/event/Event_LongTimeNoSee.java @@ -1,7 +1,7 @@ /* * jaoLicense * - * Copyright (c) 2021 jao Minecraft Server + * Copyright (c) 2022 jao Minecraft Server * * The following license applies to this project: jaoLicense * @@ -36,6 +36,9 @@ public String description() { @EventHandler public void OnJoin(PlayerJoinEvent event) { + if (!MyMaidData.isMainDBActive()) { + return; + } Player player = event.getPlayer(); String uuid = player.getUniqueId().toString(); diff --git a/src/main/java/com/jaoafa/mymaid4/event/Event_OnlineTimeDB.java b/src/main/java/com/jaoafa/mymaid4/event/Event_OnlineTimeDB.java index 09ab8f130..a19adf6a7 100644 --- a/src/main/java/com/jaoafa/mymaid4/event/Event_OnlineTimeDB.java +++ b/src/main/java/com/jaoafa/mymaid4/event/Event_OnlineTimeDB.java @@ -1,7 +1,7 @@ /* * jaoLicense * - * Copyright (c) 2021 jao Minecraft Server + * Copyright (c) 2022 jao Minecraft Server * * The following license applies to this project: jaoLicense * @@ -50,6 +50,9 @@ public void OnEvent_LoginDBInsert(PlayerJoinEvent event) { @EventHandler(priority = EventPriority.MONITOR, ignoreCancelled = true) public void OnEvent_QuitDBInsert(PlayerQuitEvent event) { + if (!MyMaidData.isMainDBActive()) { + return; + } Player player = event.getPlayer(); int onlineTime = player.getStatistic(Statistic.PLAY_ONE_MINUTE) / 20; if (!exists(player)) { diff --git a/src/main/java/com/jaoafa/mymaid4/event/Event_ServerException.java b/src/main/java/com/jaoafa/mymaid4/event/Event_ServerException.java index a2217fea8..944a31cc2 100644 --- a/src/main/java/com/jaoafa/mymaid4/event/Event_ServerException.java +++ b/src/main/java/com/jaoafa/mymaid4/event/Event_ServerException.java @@ -1,7 +1,7 @@ /* * jaoLicense * - * Copyright (c) 2021 jao Minecraft Server + * Copyright (c) 2022 jao Minecraft Server * * The following license applies to this project: jaoLicense * @@ -28,6 +28,9 @@ public String description() { @EventHandler public void onServerException(ServerExceptionEvent event) { ServerException exception = event.getException(); + if (Main.getRollbar() == null) { + return; + } Main.getRollbar().critical(exception, "onServerExceptionEvent"); } } From 4501939c23c937ea499d5979095848836aa61910 Mon Sep 17 00:00:00 2001 From: "Tomachi [ICHIGO]" Date: Tue, 18 Jan 2022 23:15:05 +0900 Subject: [PATCH 2/2] =?UTF-8?q?feat:=20CVE-2021-44228=E3=81=AE=E5=AF=BE?= =?UTF-8?q?=E7=AD=96=E7=A2=BA=E8=AA=8D=E5=87=A6=E7=90=86=E8=BF=BD=E5=8A=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../mymaid4/event/Event_CVE_2021_44228.java | 35 +++++ .../mymaid4/tasks/Task_CVE_2021_44228.java | 123 ++++++++++++++++++ 2 files changed, 158 insertions(+) create mode 100644 src/main/java/com/jaoafa/mymaid4/event/Event_CVE_2021_44228.java create mode 100644 src/main/java/com/jaoafa/mymaid4/tasks/Task_CVE_2021_44228.java diff --git a/src/main/java/com/jaoafa/mymaid4/event/Event_CVE_2021_44228.java b/src/main/java/com/jaoafa/mymaid4/event/Event_CVE_2021_44228.java new file mode 100644 index 000000000..9d2dbe0b3 --- /dev/null +++ b/src/main/java/com/jaoafa/mymaid4/event/Event_CVE_2021_44228.java @@ -0,0 +1,35 @@ +/* + * jaoLicense + * + * Copyright (c) 2022 jao Minecraft Server + * + * The following license applies to this project: jaoLicense + * + * Japanese: https://github.com/jaoafa/jao-Minecraft-Server/blob/master/jaoLICENSE.md + * English: https://github.com/jaoafa/jao-Minecraft-Server/blob/master/jaoLICENSE-en.md + */ + +package com.jaoafa.mymaid4.event; + +import com.jaoafa.mymaid4.Main; +import com.jaoafa.mymaid4.lib.EventPremise; +import com.jaoafa.mymaid4.tasks.Task_CVE_2021_44228; +import org.bukkit.event.EventHandler; +import org.bukkit.event.Listener; +import org.bukkit.event.player.PlayerJoinEvent; + +public class Event_CVE_2021_44228 implements Listener, EventPremise { + @Override + public String description() { + return "ログイン時にクライアントがJavaライブラリ「log4j 2」にあった脆弱性 CVE-2021-44228 に対策されているかを確認します。"; + } + + @EventHandler + public void OnJoin(PlayerJoinEvent event) { + if (Main.getMyMaidConfig().isDevelopmentServer()) { + Main.getMyMaidLogger().warning("開発サーバのため、CVE-2021-44228チェックは動作しません。"); + return; + } + new Task_CVE_2021_44228(event.getPlayer()).runTaskAsynchronously(Main.getMain()); + } +} \ No newline at end of file diff --git a/src/main/java/com/jaoafa/mymaid4/tasks/Task_CVE_2021_44228.java b/src/main/java/com/jaoafa/mymaid4/tasks/Task_CVE_2021_44228.java new file mode 100644 index 000000000..aadaedb8f --- /dev/null +++ b/src/main/java/com/jaoafa/mymaid4/tasks/Task_CVE_2021_44228.java @@ -0,0 +1,123 @@ +/* + * jaoLicense + * + * Copyright (c) 2022 jao Minecraft Server + * + * The following license applies to this project: jaoLicense + * + * Japanese: https://github.com/jaoafa/jao-Minecraft-Server/blob/master/jaoLICENSE.md + * English: https://github.com/jaoafa/jao-Minecraft-Server/blob/master/jaoLICENSE-en.md + */ + +package com.jaoafa.mymaid4.tasks; + +import com.jaoafa.mymaid4.Main; +import net.kyori.adventure.text.Component; +import net.kyori.adventure.text.JoinConfiguration; +import net.kyori.adventure.text.event.HoverEvent; +import net.kyori.adventure.text.format.NamedTextColor; +import net.kyori.adventure.text.format.TextDecoration; +import okhttp3.OkHttpClient; +import okhttp3.Request; +import okhttp3.Response; +import okhttp3.ResponseBody; +import org.bukkit.Bukkit; +import org.bukkit.entity.Player; +import org.bukkit.scheduler.BukkitRunnable; +import org.json.JSONObject; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.InetSocketAddress; +import java.util.concurrent.TimeUnit; + +public class Task_CVE_2021_44228 extends BukkitRunnable { + Player player; + + public Task_CVE_2021_44228(Player player) { + this.player = player; + } + + @Override + public void run() { + if (!player.isOnline()) { + return; + } + InetSocketAddress isa = player.getAddress(); + if (isa == null) { + return; + } + int beforeFoundCount = getFoundCount(isa.getAddress()); + Main.getMyMaidLogger().info(player.getName() + " beforeFoundCount: " + beforeFoundCount); + player.sendMessage(Component.join( + JoinConfiguration.noSeparators(), + Component.text("[脆弱性テスト] "), + Component.text("${jndi:ldap://zakuro.jaoafa.com:39602}", NamedTextColor.DARK_GRAY, TextDecoration.ITALIC), + Component.text(" (これは何?)", NamedTextColor.DARK_GRAY, TextDecoration.UNDERLINED) + .hoverEvent(HoverEvent.showText( + Component.text("Javaライブラリ「log4j 2」にあった脆弱性 CVE-2021-44228 に対策されているかを確認するものです。") + )) + )); + int afterFoundCount = getFoundCount(isa.getAddress()); + Main.getMyMaidLogger().info(player.getName() + " afterFoundCount: " + afterFoundCount); + + if (afterFoundCount == 0 || afterFoundCount - beforeFoundCount == 0) { + player.sendMessage(Component.join( + JoinConfiguration.noSeparators(), + Component.text("[脆弱性テスト] "), + Component.text("ご協力いただきありがとうございます。あなたのクライアントは脆弱性対策がされているようです。", NamedTextColor.GREEN), + Component.text(" (これは何?)", NamedTextColor.DARK_GRAY, TextDecoration.UNDERLINED) + .hoverEvent(HoverEvent.showText( + Component.text("Javaライブラリ「log4j 2」にあった脆弱性 CVE-2021-44228 に対策されているかを確認するものです。") + )) + )); + } else { + Bukkit.getScheduler().runTask(Main.getJavaPlugin(), () -> player.kick(Component.join( + JoinConfiguration.noSeparators(), + Component.text("[Login Denied! - Reason: CVE-2021-44228]", NamedTextColor.RED), + Component.newline(), + Component.newline(), + Component.text("あなたのクライアントはJavaライブラリ「log4j 2」にあった"), + Component.newline(), + Component.text("脆弱性 CVE-2021-44228 の対策が"), + Component.text("されていない", NamedTextColor.RED, TextDecoration.UNDERLINED), + Component.text("ようです。"), + Component.newline(), + Component.newline(), + Component.text("脆弱性が悪用されることを防ぐため、jao Minecraft Serverでは"), + Component.newline(), + Component.text("本脆弱性への対策がなされていないクライアントからのログインを制限しております。"), + Component.newline(), + Component.newline(), + Component.text("悪意を持ったユーザーがあなたのクライアントを通して不正なコードを実行する"), + Component.newline(), + Component.text("可能性があるため、Forge等のクライアント・Modのアップデートを実施してください。") + ))); + } + } + + int getFoundCount(InetAddress ia) { + try { + String url = "http://127.0.0.1:39602/api/cve-2021-44228.php?ip=" + ia.getHostAddress(); + OkHttpClient client = new OkHttpClient().newBuilder() + .connectTimeout(10, TimeUnit.SECONDS) + .readTimeout(10, TimeUnit.SECONDS) + .build(); + Request request = new Request.Builder().url(url).build(); + + Response response = client.newCall(request).execute(); + ResponseBody body = response.body(); + if (body == null) { + return -1; + } + JSONObject object = new JSONObject(body.string()); + if (!object.has("count")) { + return 0; + } + return object.getInt("count"); + } catch (IOException e) { + e.printStackTrace(); + return -1; + } + } +} \ No newline at end of file