Advertisement
Gamebuster

Untitled

Aug 23rd, 2024
87
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Java 2.27 KB | None | 0 0
  1. package com.wildermods.wilderforge.mixins.vanillafixes;
  2.  
  3. import java.io.IOException;
  4.  
  5. import org.spongepowered.asm.mixin.Debug;
  6. import org.spongepowered.asm.mixin.Mixin;
  7. import org.spongepowered.asm.mixin.Unique;
  8. import org.spongepowered.asm.mixin.injection.At;
  9. import org.spongepowered.asm.mixin.injection.Inject;
  10. import org.spongepowered.asm.mixin.injection.callback.CallbackInfo;
  11.  
  12. import com.wildermods.wilderforge.launch.WilderForge;
  13. import com.wildermods.wilderforge.launch.logging.LogLevel;
  14. import com.wildermods.wilderforge.launch.logging.Logger;
  15. import com.worldwalkergames.util.OSUtil;
  16.  
  17. /**
  18.  * Patches arbitrary code execution vulnerabilities in OSUtil
  19.  */
  20. @Debug(export = true)
  21. @Mixin(OSUtil.class)
  22. public class OSUtilSecurityFixMixin {
  23.  
  24.     private static final @Unique Logger LOGGER = WilderForge.LOGGER;
  25.    
  26.     @Inject(
  27.         method = "*", //ALL METHODS
  28.         at = {
  29.             @At(
  30.                 value = "INVOKE",
  31.                 target = "Ljava/lang/Runtime;exec("
  32.                             + "Ljava/lang/String;"
  33.                         + ")Ljava/lang/Process;"
  34.             ),
  35.             @At(
  36.                 value = "INVOKE",
  37.                 target = "Ljava/lang/Runtime;exec("
  38.                             + "[Ljava/lang/String;"
  39.                         + ")Ljava/lang/Process;"
  40.             ),
  41.             @At(
  42.                 value = "INVOKE",
  43.                 target = "Ljava/lang/Runtime;exec("
  44.                             + "Ljava/lang/String;"
  45.                             + "[Ljava/lang/String;"
  46.                         + ")Ljava/lang/Process;"
  47.             ),
  48.             @At(
  49.                 value = "INVOKE",
  50.                 target = "Ljava/lang/Runtime;exec("
  51.                             + "[Ljava/lang/String;"
  52.                             + "[Ljava/lang/String;"
  53.                         + ")Ljava/lang/Process;"
  54.             ),
  55.             @At(
  56.                 value = "INVOKE",
  57.                 target = "Ljava/lang/Runtime;exec("
  58.                             + "Ljava/lang/String;"
  59.                             + "[Ljava/lang/String;"
  60.                             + "Ljava/io/File;"
  61.                         + ")Ljava/lang/Process;"
  62.             ),
  63.             @At(
  64.                 value = "INVOKE",
  65.                 target = "Ljava/lang/Runtime;exec("
  66.                             + "[Ljava/lang/String;"
  67.                             + "[Ljava/lang/String;"
  68.                             + "Ljava/io/File;"
  69.                         + ")Ljava/lang/Process;"
  70.             )
  71.         },
  72.         require = -1 //If this gets patched in the game, we don't need to crash
  73.     )
  74.     private static final void logNoExec(CallbackInfo c) throws IOException {
  75.         LOGGER.log(LogLevel.WARN, "Refusing to execute vulnerable code!", "Security");
  76.         throw new IOException( //game code only catches IOException
  77.                 new SecurityException("Refusing to execute vulnerable code!")
  78.         );
  79.     }
  80. }
  81.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement