API tools faq
paste
Advertisement
Gamebuster

Untitled

Gamebuster
Aug 23rd, 2024
80
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Java 2.27 KB | None | 0 0
raw download clone embed print report
  1. package com.wildermods.wilderforge.mixins.vanillafixes;
  2.  
  3. import java.io.IOException;
  4.  
  5. import org.spongepowered.asm.mixin.Debug;
  6. import org.spongepowered.asm.mixin.Mixin;
  7. import org.spongepowered.asm.mixin.Unique;
  8. import org.spongepowered.asm.mixin.injection.At;
  9. import org.spongepowered.asm.mixin.injection.Inject;
  10. import org.spongepowered.asm.mixin.injection.callback.CallbackInfo;
  11.  
  12. import com.wildermods.wilderforge.launch.WilderForge;
  13. import com.wildermods.wilderforge.launch.logging.LogLevel;
  14. import com.wildermods.wilderforge.launch.logging.Logger;
  15. import com.worldwalkergames.util.OSUtil;
  16.  
  17. /**
  18.  * Patches arbitrary code execution vulnerabilities in OSUtil
  19.  */
  20. @Debug(export = true)
  21. @Mixin(OSUtil.class)
  22. public class OSUtilSecurityFixMixin {
  23.  
  24.     private static final @Unique Logger LOGGER = WilderForge.LOGGER;
  25.    
  26.     @Inject(
  27.         method = "*", //ALL METHODS
  28.         at = {
  29.             @At(
  30.                 value = "INVOKE",
  31.                 target = "Ljava/lang/Runtime;exec("
  32.                             + "Ljava/lang/String;"
  33.                         + ")Ljava/lang/Process;"
  34.             ),
  35.             @At(
  36.                 value = "INVOKE",
  37.                 target = "Ljava/lang/Runtime;exec("
  38.                             + "[Ljava/lang/String;"
  39.                         + ")Ljava/lang/Process;"
  40.             ),
  41.             @At(
  42.                 value = "INVOKE",
  43.                 target = "Ljava/lang/Runtime;exec("
  44.                             + "Ljava/lang/String;"
  45.                             + "[Ljava/lang/String;"
  46.                         + ")Ljava/lang/Process;"
  47.             ),
  48.             @At(
  49.                 value = "INVOKE",
  50.                 target = "Ljava/lang/Runtime;exec("
  51.                             + "[Ljava/lang/String;"
  52.                             + "[Ljava/lang/String;"
  53.                         + ")Ljava/lang/Process;"
  54.             ),
  55.             @At(
  56.                 value = "INVOKE",
  57.                 target = "Ljava/lang/Runtime;exec("
  58.                             + "Ljava/lang/String;"
  59.                             + "[Ljava/lang/String;"
  60.                             + "Ljava/io/File;"
  61.                         + ")Ljava/lang/Process;"
  62.             ),
  63.             @At(
  64.                 value = "INVOKE",
  65.                 target = "Ljava/lang/Runtime;exec("
  66.                             + "[Ljava/lang/String;"
  67.                             + "[Ljava/lang/String;"
  68.                             + "Ljava/io/File;"
  69.                         + ")Ljava/lang/Process;"
  70.             )
  71.         },
  72.         require = -1 //If this gets patched in the game, we don't need to crash
  73.     )
  74.     private static final void logNoExec(CallbackInfo c) throws IOException {
  75.         LOGGER.log(LogLevel.WARN, "Refusing to execute vulnerable code!", "Security");
  76.         throw new IOException( //game code only catches IOException
  77.                 new SecurityException("Refusing to execute vulnerable code!")
  78.         );
  79.     }
  80. }
  81.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!