Skip to content
This repository has been archived by the owner on Jan 13, 2023. It is now read-only.

Security or pattern manager for Skript #102

Open
TheDGOfficial opened this issue Nov 17, 2019 · 0 comments
Open

Security or pattern manager for Skript #102

TheDGOfficial opened this issue Nov 17, 2019 · 0 comments
Assignees
Labels
priority: low A low priority issue or pull request type: enhancement New feature or request type: feature A good feature
Milestone

Comments

@TheDGOfficial
Copy link
Member

Is your feature request related to a problem? Please describe.
For in-experienced server admins, a mysterious 'skripter' can send them a script that contains an op command that gives operator to command executor and 'hack' its server in perspective of the in-experienced server admin.

Obviously that is not hacking, it is only injecting a malicious code into a script, possibly making a million line breaks that hides it, or using an uncommon pattern of either EffOp or EffCommand, or even using an effect from an add-on.

Describe the solution you'd like
Add a security manager for EffOp and EffCommand, that gives a warning by default if used to give operator status or gives * permission which has a special meaning in permission plugins that same as giving the operator status.

Checking if a player is an operator in EffOp is not problematical. De-opping it is also not problematical. The problem is in making someone operator. It should give parse warnings by default. For EffCommand, it should warn if op command is detected.

Obviously this should be configurable, but I think giving warnings by default for opping someone would be great. At least giving warnings if the parent line does not contain a condition will be helpful to in-experienced server admins.

For pattern manager, it is a more like long-time goal for Skript. With pattern manager, we can turn on or off specific patterns. It is like features.sk from Mirreski's fork of Skript, but the features file never worked, so we removed it. It should disable the disabled patterns in the scripts, aliases, configs and effect commands.

Also permitting the mysterious popular /op list command would be great for in-experienced server owners, since op command makes the person named with the given argument operator and does not have a list variant to list operators. Some people use these tricks to get operator status, and then say 'I'm a hacker and hacked your server ha ha', it is not hacking it is just tricking someone.

Describe alternatives you've considered
N/A

Additional information
N/A

@TheDGOfficial TheDGOfficial added type: enhancement New feature or request priority: low A low priority issue or pull request type: feature A good feature labels Nov 17, 2019
@TheDGOfficial TheDGOfficial added this to the 2.2.18 milestone Nov 17, 2019
@TheDGOfficial TheDGOfficial self-assigned this Nov 17, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
priority: low A low priority issue or pull request type: enhancement New feature or request type: feature A good feature
Projects
None yet
Development

No branches or pull requests

1 participant