diff --git a/common/src/main/java/me/lucko/luckperms/common/commands/misc/VerboseCommand.java b/common/src/main/java/me/lucko/luckperms/common/commands/misc/VerboseCommand.java index 3b3d9879..dd2fac10 100644 --- a/common/src/main/java/me/lucko/luckperms/common/commands/misc/VerboseCommand.java +++ b/common/src/main/java/me/lucko/luckperms/common/commands/misc/VerboseCommand.java @@ -65,6 +65,12 @@ public class VerboseCommand extends SingleCommand { } String filter = filters.isEmpty() ? "" : filters.stream().collect(Collectors.joining(" ")); + + if (!DebugListener.isValidFilter(filter)) { + Message.VERBOSE_INVALID_FILTER.send(sender, filter); + return CommandResult.FAILURE; + } + boolean notify = !mode.equals("record"); plugin.getDebugHandler().register(sender, filter, notify); diff --git a/common/src/main/java/me/lucko/luckperms/common/constants/Message.java b/common/src/main/java/me/lucko/luckperms/common/constants/Message.java index 99984e4f..6a43dfb7 100644 --- a/common/src/main/java/me/lucko/luckperms/common/constants/Message.java +++ b/common/src/main/java/me/lucko/luckperms/common/constants/Message.java @@ -96,6 +96,7 @@ public enum Message { /* * Commands */ + VERBOSE_INVALID_FILTER("&cInvalid verbose filter: &f{0}", true), VERBOSE_ON("&bVerbose checking output set to &aTRUE &bfor all permissions.", true), VERBOSE_ON_QUERY("&bVerbose checking output set to &aTRUE &bfor permissions matching the following filters: &f{0}", true), VERBOSE_OFF("&bVerbose checking output set to &cFALSE&b.", true), diff --git a/common/src/main/java/me/lucko/luckperms/common/debug/DebugListener.java b/common/src/main/java/me/lucko/luckperms/common/debug/DebugListener.java index 5919020d..12c31646 100644 --- a/common/src/main/java/me/lucko/luckperms/common/debug/DebugListener.java +++ b/common/src/main/java/me/lucko/luckperms/common/debug/DebugListener.java @@ -116,6 +116,42 @@ public class DebugListener { return false; } + public static boolean isValidFilter(String filter) { + if (filter.equals("")) { + return true; + } + + ScriptEngine engine = Scripting.getScriptEngine(); + if (engine == null) { + return false; + } + + StringTokenizer tokenizer = new StringTokenizer(filter, " |&()!", true); + StringBuilder expression = new StringBuilder(); + + while (tokenizer.hasMoreTokens()) { + String token = tokenizer.nextToken(); + if (!isDelim(token)) { + token = "true"; // dummy result + } + + expression.append(token); + } + + try { + String exp = expression.toString().replace("&", "&&").replace("|", "||"); + String result = engine.eval(exp).toString(); + if (!result.equals("true") && !result.equals("false")) { + throw new IllegalArgumentException(exp + " - " + result); + } + + return true; + + } catch (Throwable t) { + return false; + } + } + private static boolean isDelim(String token) { return token.equals(" ") || token.equals("|") || token.equals("&") || token.equals("(") || token.equals(")") || token.equals("!"); } diff --git a/default-lang.yml b/default-lang.yml index 28d04267..ca2cf4af 100644 --- a/default-lang.yml +++ b/default-lang.yml @@ -50,6 +50,7 @@ use-inherit-command: "Use the 'parent add' command instead of specifying the nod +verbose-invalid-filter: "&cInvalid verbose filter: &f{0}" verbose-on: "&bVerbose checking output set to &aTRUE &bfor all permissions." verbose-on_query: "&bVerbose checking output set to &aTRUE &bfor permissions matching the following filters: &f{0}" verbose-off: "&bVerbose checking output set to &cFALSE&b."