-
-
Notifications
You must be signed in to change notification settings - Fork 26
26.2 #1391
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
+2
−5
Merged
26.2 #1391
Changes from 19 commits
Commits
Show all changes
22 commits
Select commit
Hold shift + click to select a range
0005aea
dependency: Update actions/upload-artifact action to v7
renovate[bot] 4aae41f
Update gradle.yml
Jakubk15 c015e65
dependency: Update actions/checkout action to v7
renovate[bot] a67c7fc
dependency: Update gradle/actions action to v6
renovate[bot] 95462b9
dependency: Update hmarr/auto-approve-action action to v4
renovate[bot] 501256c
dependency: Update actions/cache action to v6
renovate[bot] ebbd343
harden: verify dependency integrity and add download timeouts
Jakubk15 60b141d
security: require distinct permission to enchant another player's item
Jakubk15 140f283
dependency: Update dependency fr.skytasul:glowingentities to v2
renovate[bot] 1c39b68
dependency: Update dependency com.gradleup.shadow:shadow-gradle-plugi…
renovate[bot] ca0b6e3
Merge remote-tracking branch 'origin/renovate/com.gradleup.shadow-sha…
Jakubk15 b02e76b
Merge remote-tracking branch 'origin/renovate/actions-checkout-7.x' i…
Jakubk15 50b004e
Merge remote-tracking branch 'origin/renovate/actions-cache-6.x' into…
Jakubk15 d5f13fc
Merge remote-tracking branch 'origin/renovate/hmarr-auto-approve-acti…
Jakubk15 3a523b6
Merge remote-tracking branch 'origin/renovate/major-7-github-artifact…
Jakubk15 863dfe5
Merge remote-tracking branch 'origin/renovate/gradle-actions-6.x' int…
Jakubk15 faf6b91
Merge branch 'security/enchant-other-permission' into ver/26.2
Jakubk15 d412143
Merge branch 'refs/heads/harden/dependency-loader-integrity' into ver…
Jakubk15 b89d9b0
26.2 in runServer
Jakubk15 b094124
Merge branch 'master' into ver/26.2
Jakubk15 c6fab54
Revert "harden: verify dependency integrity and add download timeouts"
Jakubk15 9f7f1f0
Add 26.2 in paperVersions property
Jakubk15 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
92 changes: 92 additions & 0 deletions
92
eternalcore-plugin/src/main/java/com/eternalcode/core/loader/dependency/Checksum.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,92 @@ | ||
| package com.eternalcode.core.loader.dependency; | ||
|
|
||
| import java.security.MessageDigest; | ||
| import java.security.NoSuchAlgorithmException; | ||
|
|
||
| /** | ||
| * Verifies the integrity of downloaded artifacts against the checksum files published alongside them in a Maven | ||
| * repository (e.g. {@code artifact-1.0.jar.sha256}). | ||
| * | ||
| * <p>Ordered strongest-first so callers can prefer the most secure digest a repository publishes. SHA-1 is retained | ||
| * only as a last-resort fallback because it is the single digest Maven repositories are guaranteed to serve; it is | ||
| * cryptographically weak and should not be relied upon on its own. | ||
| */ | ||
| public enum Checksum { | ||
|
|
||
| SHA512("sha512", "SHA-512"), | ||
| SHA256("sha256", "SHA-256"), | ||
| SHA1("sha1", "SHA-1"); | ||
|
|
||
| private final String extension; | ||
| private final String algorithm; | ||
|
|
||
| Checksum(String extension, String algorithm) { | ||
| this.extension = extension; | ||
| this.algorithm = algorithm; | ||
| } | ||
|
|
||
| /** | ||
| * The file extension appended to the artifact name to locate this checksum (without a leading dot). | ||
| */ | ||
| public String extension() { | ||
| return this.extension; | ||
| } | ||
|
|
||
| /** | ||
| * Computes the lower-case hex digest of the given data using this algorithm. | ||
| */ | ||
| public String hash(byte[] data) { | ||
| MessageDigest digest; | ||
| try { | ||
| digest = MessageDigest.getInstance(this.algorithm); | ||
| } | ||
| catch (NoSuchAlgorithmException exception) { | ||
| throw new DependencyException("Missing digest algorithm: " + this.algorithm, exception); | ||
| } | ||
|
|
||
| return toHex(digest.digest(data)); | ||
| } | ||
|
|
||
| /** | ||
| * Returns {@code true} if the digest of {@code data} equals the published checksum. | ||
| * | ||
| * <p>Published checksum files sometimes contain trailing content such as {@code "<hash> <filename>"}; | ||
| * only the leading token is compared, and comparison is case-insensitive. | ||
| */ | ||
| public boolean matches(byte[] data, String publishedChecksum) { | ||
| if (publishedChecksum == null) { | ||
| return false; | ||
| } | ||
|
|
||
| String expected = normalize(publishedChecksum); | ||
| if (expected.isEmpty()) { | ||
| return false; | ||
| } | ||
|
|
||
| return expected.equalsIgnoreCase(this.hash(data)); | ||
| } | ||
|
|
||
| static String normalize(String rawChecksum) { | ||
| String trimmed = rawChecksum.trim(); | ||
|
|
||
| for (int index = 0; index < trimmed.length(); index++) { | ||
| if (Character.isWhitespace(trimmed.charAt(index))) { | ||
| return trimmed.substring(0, index); | ||
| } | ||
| } | ||
|
|
||
| return trimmed; | ||
| } | ||
|
|
||
| private static String toHex(byte[] bytes) { | ||
| StringBuilder builder = new StringBuilder(bytes.length * 2); | ||
|
|
||
| for (byte value : bytes) { | ||
| builder.append(Character.forDigit((value >> 4) & 0xF, 16)); | ||
| builder.append(Character.forDigit(value & 0xF, 16)); | ||
| } | ||
|
|
||
| return builder.toString(); | ||
| } | ||
|
|
||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.