From 4af17df46f69095658005ce0b71a348d3962e669 Mon Sep 17 00:00:00 2001 From: rtm516 Date: Sat, 15 Aug 2020 21:06:50 +0100 Subject: [PATCH] Add support for sensitive data in dumps (#1149) * Add sensitive dumps * Add better arg handling and offline dumps * Add sensitive parameters for plugin IPs * Add sensitive property to the Bedrock remote address Co-authored-by: Camotoy <20743703+DoctorMacc@users.noreply.github.com> --- .../bungeecord/GeyserBungeeDumpInfo.java | 9 +- .../platform/spigot/GeyserSpigotDumpInfo.java | 7 +- .../velocity/GeyserVelocityDumpInfo.java | 7 +- .../command/defaults/DumpCommand.java | 83 ++++++++++++++----- .../common/serializer/AsteriskSerializer.java | 16 +++- .../GeyserJacksonConfiguration.java | 2 + connector/src/main/resources/languages | 2 +- 7 files changed, 98 insertions(+), 28 deletions(-) diff --git a/bootstrap/bungeecord/src/main/java/org/geysermc/platform/bungeecord/GeyserBungeeDumpInfo.java b/bootstrap/bungeecord/src/main/java/org/geysermc/platform/bungeecord/GeyserBungeeDumpInfo.java index d81b663e..ce2b1fc3 100644 --- a/bootstrap/bungeecord/src/main/java/org/geysermc/platform/bungeecord/GeyserBungeeDumpInfo.java +++ b/bootstrap/bungeecord/src/main/java/org/geysermc/platform/bungeecord/GeyserBungeeDumpInfo.java @@ -28,6 +28,7 @@ package org.geysermc.platform.bungeecord; import lombok.Getter; import net.md_5.bungee.api.ProxyServer; import net.md_5.bungee.api.plugin.Plugin; +import org.geysermc.connector.common.serializer.AsteriskSerializer; import org.geysermc.connector.dump.BootstrapDumpInfo; import java.util.ArrayList; @@ -52,7 +53,13 @@ public class GeyserBungeeDumpInfo extends BootstrapDumpInfo { this.plugins = new ArrayList<>(); for (net.md_5.bungee.api.config.ListenerInfo listener : proxy.getConfig().getListeners()) { - this.listeners.add(new ListenerInfo(listener.getHost().getHostString(), listener.getHost().getPort())); + String hostname; + if (AsteriskSerializer.showSensitive || (listener.getHost().getHostString().equals("") || listener.getHost().getHostString().equals("0.0.0.0"))) { + hostname = listener.getHost().getHostString(); + } else { + hostname = "***"; + } + this.listeners.add(new ListenerInfo(hostname, listener.getHost().getPort())); } for (Plugin plugin : proxy.getPluginManager().getPlugins()) { diff --git a/bootstrap/spigot/src/main/java/org/geysermc/platform/spigot/GeyserSpigotDumpInfo.java b/bootstrap/spigot/src/main/java/org/geysermc/platform/spigot/GeyserSpigotDumpInfo.java index 03d64808..71134b6b 100644 --- a/bootstrap/spigot/src/main/java/org/geysermc/platform/spigot/GeyserSpigotDumpInfo.java +++ b/bootstrap/spigot/src/main/java/org/geysermc/platform/spigot/GeyserSpigotDumpInfo.java @@ -28,6 +28,7 @@ package org.geysermc.platform.spigot; import lombok.Getter; import org.bukkit.Bukkit; import org.bukkit.plugin.Plugin; +import org.geysermc.connector.common.serializer.AsteriskSerializer; import org.geysermc.connector.dump.BootstrapDumpInfo; import java.util.ArrayList; @@ -50,7 +51,11 @@ public class GeyserSpigotDumpInfo extends BootstrapDumpInfo { this.platformVersion = Bukkit.getVersion(); this.platformAPIVersion = Bukkit.getBukkitVersion(); this.onlineMode = Bukkit.getOnlineMode(); - this.serverIP = Bukkit.getIp(); + if (AsteriskSerializer.showSensitive || (Bukkit.getIp().equals("") || Bukkit.getIp().equals("0.0.0.0"))) { + this.serverIP = Bukkit.getIp(); + } else { + this.serverIP = "***"; + } this.serverPort = Bukkit.getPort(); this.plugins = new ArrayList<>(); diff --git a/bootstrap/velocity/src/main/java/org/geysermc/platform/velocity/GeyserVelocityDumpInfo.java b/bootstrap/velocity/src/main/java/org/geysermc/platform/velocity/GeyserVelocityDumpInfo.java index 9c21db9e..f44086c5 100644 --- a/bootstrap/velocity/src/main/java/org/geysermc/platform/velocity/GeyserVelocityDumpInfo.java +++ b/bootstrap/velocity/src/main/java/org/geysermc/platform/velocity/GeyserVelocityDumpInfo.java @@ -28,6 +28,7 @@ package org.geysermc.platform.velocity; import com.velocitypowered.api.plugin.PluginContainer; import com.velocitypowered.api.proxy.ProxyServer; import lombok.Getter; +import org.geysermc.connector.common.serializer.AsteriskSerializer; import org.geysermc.connector.dump.BootstrapDumpInfo; import java.util.ArrayList; @@ -50,7 +51,11 @@ public class GeyserVelocityDumpInfo extends BootstrapDumpInfo { this.platformVersion = proxy.getVersion().getVersion(); this.platformVendor = proxy.getVersion().getVendor(); this.onlineMode = proxy.getConfiguration().isOnlineMode(); - this.serverIP = proxy.getBoundAddress().getHostString(); + if (AsteriskSerializer.showSensitive || (proxy.getBoundAddress().getHostString().equals("") || proxy.getBoundAddress().getHostString().equals("0.0.0.0"))) { + this.serverIP = proxy.getBoundAddress().getHostString(); + } else { + this.serverIP = "***"; + } this.serverPort = proxy.getBoundAddress().getPort(); this.plugins = new ArrayList<>(); diff --git a/connector/src/main/java/org/geysermc/connector/command/defaults/DumpCommand.java b/connector/src/main/java/org/geysermc/connector/command/defaults/DumpCommand.java index 6566ecc1..9ad0d23d 100644 --- a/connector/src/main/java/org/geysermc/connector/command/defaults/DumpCommand.java +++ b/connector/src/main/java/org/geysermc/connector/command/defaults/DumpCommand.java @@ -33,10 +33,12 @@ import org.geysermc.connector.common.ChatColor; import org.geysermc.connector.GeyserConnector; import org.geysermc.connector.command.CommandSender; import org.geysermc.connector.command.GeyserCommand; +import org.geysermc.connector.common.serializer.AsteriskSerializer; import org.geysermc.connector.dump.DumpInfo; import org.geysermc.connector.utils.LanguageUtils; import org.geysermc.connector.utils.WebUtils; +import java.io.FileOutputStream; import java.io.IOException; public class DumpCommand extends GeyserCommand { @@ -49,43 +51,80 @@ public class DumpCommand extends GeyserCommand { super(name, description, permission); this.connector = connector; - - final SimpleFilterProvider filter = new SimpleFilterProvider(); - filter.addFilter("dump_user_auth", SimpleBeanPropertyFilter.serializeAllExcept(new String[] {"password"})); - - MAPPER.setFilterProvider(filter); } @Override public void execute(CommandSender sender, String[] args) { + boolean showSensitive = false; + boolean offlineDump = false; + if (args.length >= 1) { + for (String arg : args) { + switch (arg) { + case "full": + showSensitive = true; + break; + case "offline": + offlineDump = true; + break; + + } + } + } + + AsteriskSerializer.showSensitive = showSensitive; + sender.sendMessage(LanguageUtils.getLocaleStringLog("geyser.commands.dump.collecting")); String dumpData = ""; try { - dumpData = MAPPER.writeValueAsString(new DumpInfo()); + if (offlineDump) { + dumpData = MAPPER.writerWithDefaultPrettyPrinter().writeValueAsString(new DumpInfo()); + } else { + dumpData = MAPPER.writeValueAsString(new DumpInfo()); + } } catch (IOException e) { sender.sendMessage(ChatColor.RED + LanguageUtils.getLocaleStringLog("geyser.commands.dump.collect_error")); connector.getLogger().error(LanguageUtils.getLocaleStringLog("geyser.commands.dump.collect_error_short"), e); return; } - sender.sendMessage(LanguageUtils.getLocaleStringLog("geyser.commands.dump.uploading")); - String response; - JsonNode responseNode; - try { - response = WebUtils.post(DUMP_URL + "documents", dumpData); - responseNode = MAPPER.readTree(response); - } catch (IOException e) { - sender.sendMessage(ChatColor.RED + LanguageUtils.getLocaleStringLog("geyser.commands.dump.upload_error")); - connector.getLogger().error(LanguageUtils.getLocaleStringLog("geyser.commands.dump.upload_error_short"), e); - return; + String uploadedDumpUrl = ""; + + if (offlineDump) { + sender.sendMessage(LanguageUtils.getLocaleStringLog("geyser.commands.dump.writing")); + + try { + FileOutputStream outputStream = new FileOutputStream(GeyserConnector.getInstance().getBootstrap().getConfigFolder().resolve("dump.json").toFile()); + outputStream.write(dumpData.getBytes()); + outputStream.close(); + } catch (IOException e) { + sender.sendMessage(ChatColor.RED + LanguageUtils.getLocaleStringLog("geyser.commands.dump.write_error")); + connector.getLogger().error(LanguageUtils.getLocaleStringLog("geyser.commands.dump.write_error_short"), e); + return; + } + + uploadedDumpUrl = "dump.json"; + } else { + sender.sendMessage(LanguageUtils.getLocaleStringLog("geyser.commands.dump.uploading")); + + String response; + JsonNode responseNode; + try { + response = WebUtils.post(DUMP_URL + "documents", dumpData); + responseNode = MAPPER.readTree(response); + } catch (IOException e) { + sender.sendMessage(ChatColor.RED + LanguageUtils.getLocaleStringLog("geyser.commands.dump.upload_error")); + connector.getLogger().error(LanguageUtils.getLocaleStringLog("geyser.commands.dump.upload_error_short"), e); + return; + } + + if (!responseNode.has("key")) { + sender.sendMessage(ChatColor.RED + LanguageUtils.getLocaleStringLog("geyser.commands.dump.upload_error_short") + ": " + (responseNode.has("message") ? responseNode.get("message").asText() : response)); + return; + } + + uploadedDumpUrl = DUMP_URL + responseNode.get("key").asText(); } - if (!responseNode.has("key")) { - sender.sendMessage(ChatColor.RED + LanguageUtils.getLocaleStringLog("geyser.commands.dump.upload_error_short") + ": " + (responseNode.has("message") ? responseNode.get("message").asText() : response)); - return; - } - - String uploadedDumpUrl = DUMP_URL + responseNode.get("key").asText(); sender.sendMessage(LanguageUtils.getLocaleStringLog("geyser.commands.dump.message") + " " + ChatColor.DARK_AQUA + uploadedDumpUrl); if (!sender.isConsole()) { connector.getLogger().info(LanguageUtils.getLocaleStringLog("geyser.commands.dump.created", sender.getName(), uploadedDumpUrl)); diff --git a/connector/src/main/java/org/geysermc/connector/common/serializer/AsteriskSerializer.java b/connector/src/main/java/org/geysermc/connector/common/serializer/AsteriskSerializer.java index d05b9def..d91034bd 100644 --- a/connector/src/main/java/org/geysermc/connector/common/serializer/AsteriskSerializer.java +++ b/connector/src/main/java/org/geysermc/connector/common/serializer/AsteriskSerializer.java @@ -42,34 +42,46 @@ import java.lang.annotation.Target; import java.util.Optional; public class AsteriskSerializer extends StdSerializer implements ContextualSerializer { + + public static boolean showSensitive = false; + @Target({ElementType.FIELD}) @Retention(RetentionPolicy.RUNTIME) @JacksonAnnotationsInside @JsonSerialize(using = AsteriskSerializer.class) public @interface Asterisk { String value() default "***"; + boolean sensitive() default false; } String asterisk; + boolean sensitive; public AsteriskSerializer() { super(Object.class); } - public AsteriskSerializer(String asterisk) { + public AsteriskSerializer(String asterisk, boolean sensitive) { super(Object.class); this.asterisk = asterisk; + this.sensitive = sensitive; } @Override public JsonSerializer createContextual(SerializerProvider serializerProvider, BeanProperty property) { Optional anno = Optional.ofNullable(property) .map(prop -> prop.getAnnotation(Asterisk.class)); - return new AsteriskSerializer(anno.map(Asterisk::value).orElse(null)); + + return new AsteriskSerializer(anno.map(Asterisk::value).orElse(null), anno.map(Asterisk::sensitive).orElse(null)); } @Override public void serialize(Object obj, JsonGenerator gen, SerializerProvider prov) throws IOException { + if (sensitive && showSensitive) { + gen.writeObject(obj); + return; + } + gen.writeString(asterisk); } } diff --git a/connector/src/main/java/org/geysermc/connector/configuration/GeyserJacksonConfiguration.java b/connector/src/main/java/org/geysermc/connector/configuration/GeyserJacksonConfiguration.java index 3873db3c..7f2dafa0 100644 --- a/connector/src/main/java/org/geysermc/connector/configuration/GeyserJacksonConfiguration.java +++ b/connector/src/main/java/org/geysermc/connector/configuration/GeyserJacksonConfiguration.java @@ -98,6 +98,7 @@ public abstract class GeyserJacksonConfiguration implements GeyserConfiguration @Getter public static class BedrockConfiguration implements IBedrockConfiguration { + @AsteriskSerializer.Asterisk(sensitive = true) private String address; @Setter @@ -114,6 +115,7 @@ public abstract class GeyserJacksonConfiguration implements GeyserConfiguration public static class RemoteConfiguration implements IRemoteConfiguration { @Setter + @AsteriskSerializer.Asterisk(sensitive = true) private String address; @Setter diff --git a/connector/src/main/resources/languages b/connector/src/main/resources/languages index 57e5986b..2641db5a 160000 --- a/connector/src/main/resources/languages +++ b/connector/src/main/resources/languages @@ -1 +1 @@ -Subproject commit 57e5986bd99bf3d81d67c75299ea3dde67d53554 +Subproject commit 2641db5aa9100cdbe21b4493489e9be19092a600