This repository has been archived by the owner on Jan 13, 2023. It is now read-only.
Security or pattern manager for Skript #102
Labels
priority: low
A low priority issue or pull request
type: enhancement
New feature or request
type: feature
A good feature
Milestone
Is your feature request related to a problem? Please describe.
For in-experienced server admins, a mysterious 'skripter' can send them a script that contains an op command that gives operator to command executor and 'hack' its server in perspective of the in-experienced server admin.
Obviously that is not hacking, it is only injecting a malicious code into a script, possibly making a million line breaks that hides it, or using an uncommon pattern of either
EffOp
orEffCommand
, or even using an effect from an add-on.Describe the solution you'd like
Add a security manager for
EffOp
andEffCommand
, that gives a warning by default if used to give operator status or gives*
permission which has a special meaning in permission plugins that same as giving the operator status.Checking if a player is an operator in
EffOp
is not problematical. De-opping it is also not problematical. The problem is in making someone operator. It should give parse warnings by default. ForEffCommand
, it should warn if op command is detected.Obviously this should be configurable, but I think giving warnings by default for opping someone would be great. At least giving warnings if the parent line does not contain a condition will be helpful to in-experienced server admins.
For pattern manager, it is a more like long-time goal for Skript. With pattern manager, we can turn on or off specific patterns. It is like
features.sk
from Mirreski's fork of Skript, but the features file never worked, so we removed it. It should disable the disabled patterns in the scripts, aliases, configs and effect commands.Also permitting the mysterious popular
/op list
command would be great for in-experienced server owners, since op command makes the person named with the given argument operator and does not have a list variant to list operators. Some people use these tricks to get operator status, and then say 'I'm a hacker and hacked your server ha ha', it is not hacking it is just tricking someone.Describe alternatives you've considered
N/A
Additional information
N/A
The text was updated successfully, but these errors were encountered: