Skip to content

Commit

Permalink
v15.10
Browse files Browse the repository at this point in the history 
Fixed conventions
  • Loading branch information
@OpticFusion1
OpticFusion1 committed Sep 9, 2023
1 parent f6873ec commit 1d9523c
Show file tree
Hide file tree
Showing 2 changed files with 74 additions and 61 deletions.
2 changes: 1 addition & 1 deletion MCAntiMalware-Core/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<artifactId>MCAntiMalware</artifactId>
<version>15.9</version>
<version>15.10</version>
<packaging>jar</packaging>

<parent>
Expand Down
133 changes: 73 additions & 60 deletions MCAntiMalware-Core/src/main/java/optic_fusion1/antimalware/scanner/file/FileScanner.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,26 +13,33 @@
import java.io.File;
import java.io.IOException;
import java.net.URISyntaxException;
import java.nio.file.FileSystem;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.sql.SQLException;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Stream;
import java.util.zip.ZipFile;

import static optic_fusion1.antimalware.AntiMalware.LOGGER;
import optic_fusion1.antimalware.check.BaseCheck;
import static optic_fusion1.antimalware.utils.I18n.tl;
import static optic_fusion1.antimalware.utils.Utils.fileSystemForZip;
import static optic_fusion1.antimalware.utils.Utils.validClassPath;
import org.objectweb.asm.tree.ClassNode;

/**
* @author IkeVoodoo
* */
*
*/
public class FileScanner {

private static final Path ANTI_MALWARE_PATH;
Expand Down Expand Up @@ -74,27 +81,27 @@ public void scanFile(Path file) {

String fileName = file.getFileName().toString();

this.checkBlacklistedFileName(file, fileName);
this.checkBlacklistedFilePath(file);
checkBlacklistedFileName(file, fileName);
checkBlacklistedFilePath(file);

if (fileName.equals("VaultLib.jar")) {
this.submitNotification(file.toAbsolutePath(), new CheckResult(SPIGOT_PLATFORM, "MALWARE", "Qlutch", "C"));
submitNotification(file.toAbsolutePath(), new CheckResult(SPIGOT_PLATFORM, "MALWARE", "Qlutch", "C"));
}

if (!fileName.endsWith(".jar") && !fileName.endsWith(".zip") && !fileName.endsWith(".rar") && !isPlugin(file)) {
return;
}

this.checkFileHash(file);
checkFileHash(file);

try (var fs = fileSystemForZip(file)) {
try (FileSystem fs = fileSystemForZip(file)) {
if (fs == null) {
return;
}

Path rootFolder = fs.getRootDirectories().iterator().next();
if (this.commandLineParser.shouldScanZippedFiles() && (fileName.endsWith(".zip") || fileName.endsWith(".rar"))) {
this.scanZip(file);
if (commandLineParser.shouldScanZippedFiles() && (fileName.endsWith(".zip") || fileName.endsWith(".rar"))) {
scanZip(file);
return;
}

Expand All @@ -106,68 +113,68 @@ public void scanFile(Path file) {
//region KillMe
// TODO: Make this a separate check
if (Files.exists(rootFolder.resolve("dev/jnic/lib/"))) {
this.submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "JNIC"));
submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "JNIC"));
// return;
}

// TODO: Make these a separate check
if (Files.exists(rootFolder.resolve("plugin-config.bin"))) {
this.submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG"));
submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG"));
// return;
}

if (Files.exists(rootFolder.resolve("META-INF/gradle/org/apache/commons/local-info.hdm"))) {
this.submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "B"));
submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "B"));
// return;
}

if (Files.exists(rootFolder.resolve("META-INF/gradle/io/netty/netty-locals.netd"))) {
this.submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "C"));
submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "C"));
// return;
}

if (Files.exists(rootFolder.resolve("META-INF/maven/org/apache/logging/log4j/Log4j-events.dtd"))) {
this.submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "D"));
submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "D"));
// return;
}

if (Files.exists(rootFolder.resolve("META-INF/gradle/org/apache/logging/log4j/Log4j-events.dtd"))) {
this.submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "E"));
submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "E"));
// return;
}

if (Files.exists(rootFolder.resolve("META-INF/gradle/org.json/json/json.xsd"))) {
this.submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "F"));
submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "F"));
// return;
}

if (Files.exists(rootFolder.resolve("META-INF/maven/org/apache/commons/api-catch.dir"))) {
this.submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "G"));
submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "G"));
// return;
}

if (Files.exists(rootFolder.resolve("META-INF/maven/org/apache/commons/local-dir.hum"))) {
this.submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "H"));
submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "H"));
// return;
}

if (Files.exists(rootFolder.resolve("META-INF/maven/org/apache/commons/local-info.hdm"))) {
this.submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "I"));
submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "I"));
// return;
}

if (Files.exists(rootFolder.resolve("META-INF/maven/com/google/code/gson/gson/maven.data"))) {
this.submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "J"));
submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "J"));
// return;
}

if (Files.exists(rootFolder.resolve("META-INF/gradle/com.google.code.gson/gson/maven.data"))) {
this.submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "K"));
submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "K"));
// return;
}

if (Files.exists(rootFolder.resolve("META-INF/maven/org.json/json/gson.xsd"))) {
this.submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "L"));
submitNotification(file, new CheckResult(SPIGOT_PLATFORM, "Malware", "SG", "L"));
// return;
}
//endregion
Expand All @@ -179,31 +186,33 @@ public void scanFile(Path file) {
return;
}

var classNode = this.cache.fetchClass(file, classPath);
ClassNode classNode = cache.fetchClass(file, classPath);
if (classNode == null) {
return;
}

for (var check : this.checkManager.getChecks()) {
var results = check.process(classNode, rootFolder, file, cache);
if (results == null || results.isEmpty()) continue;
for (BaseCheck check : checkManager.getChecks()) {
List<CheckResult> results = check.process(classNode, rootFolder, file, cache);
if (results == null || results.isEmpty()) {
continue;
}

possiblyMalicious.set(true);

for (var checkResult : results) {
if (this.commandLineParser.dontLogINFOCR() && checkResult.getType().equals("INFO")) {
for (CheckResult checkResult : results) {
if (commandLineParser.dontLogINFOCR() && checkResult.getType().equals("INFO")) {
continue;
}

this.submitNotification(file, checkResult);
submitNotification(file, checkResult);
}

check.reset();
}
});

this.cache.clearCache(file); // Attempt at fixing memory issues
if (this.commandLineParser.shouldPrintNotInfectedMessages() && !possiblyMalicious.get()) {
cache.clearCache(file); // Attempt at fixing memory issues
if (commandLineParser.shouldPrintNotInfectedMessages() && !possiblyMalicious.get()) {
LOGGER.info(tl("scanner_probably_safe", file));
}
} catch (IOException ex) {
Expand All @@ -212,69 +221,71 @@ public void scanFile(Path file) {
}

private void checkBlacklistedFileName(Path file, String fileName) {
if (!this.cache.containsBlacklistedFileName(fileName)) {
if (!cache.containsBlacklistedFileName(fileName)) {
return;
}

try {
var result = this.database.getCheckResultForFileName(fileName);
this.submitNotification(file.toAbsolutePath(), result);
CheckResult result = database.getCheckResultForFileName(fileName);
submitNotification(file.toAbsolutePath(), result);
} catch (SQLException ex) {
LOGGER.exception(ex);
}
}

private void checkBlacklistedFilePath(Path file) {
if (!this.cache.containsBlacklistedFilePath(file.toString())) {
if (!cache.containsBlacklistedFilePath(file.toString())) {
return;
}

try {
var result = this.database.getCheckResultForFilePath(file.toString());
this.submitNotification(file.toAbsolutePath(), result);
CheckResult result = database.getCheckResultForFilePath(file.toString());
submitNotification(file.toAbsolutePath(), result);
} catch (SQLException ex) {
LOGGER.exception(ex);
}
}

private void checkFileHash(Path file) {
var checksum = this.cache.fetchSHA1(file, file);
String checksum = cache.fetchSHA1(file, file);

if (checksum == null) {
LOGGER.warn("The SHA-1 checksum for '" + file + "' couldn't be loaded");
return;
}

checksum = checksum.toUpperCase();
if (!this.cache.containsBlacklistedChecksum(checksum)) {
if (!cache.containsBlacklistedChecksum(checksum)) {
return;
}

try {
var checkResult = this.database.getCheckResultForChecksum(checksum);
CheckResult checkResult = database.getCheckResultForChecksum(checksum);
if (checkResult == null) {
LOGGER.info(tl("scanner_blacklisted_not_in_database", file)); // Sysout replaced with logger
return;
}

if (this.commandLineParser.dontLogINFOCR() && checkResult.getType().equals("INFO")) {
if (commandLineParser.dontLogINFOCR() && checkResult.getType().equals("INFO")) {
return;
}

this.submitNotification(file, checkResult);
submitNotification(file, checkResult);
} catch (SQLException ex) {
LOGGER.exception(ex);
}
}

private void submitNotification(Path path, CheckResult result) {
if (result == null) return;
if (result == null) {
return;
}

this.notifications.accept(path, result);
notifications.accept(path, result);
}

private boolean isPlugin(Path file) {
try(var zipFile = new ZipFile(file.toFile())) {
try (ZipFile zipFile = new ZipFile(file.toFile())) {
return zipFile.getEntry("plugin.yml") != null;
} catch (IOException ex) {
return false;
Expand All @@ -291,10 +302,10 @@ private Scanner.WhitelistResult isFileWhitelisted(Path file) {
return Scanner.WhitelistResult.WHITELISTED;
}

var fileChecksum = DigestUtils.sha1Hex(Files.newInputStream(file));
var result = isChecksumWhitelisted(fileChecksum);
String fileChecksum = DigestUtils.sha1Hex(Files.newInputStream(file));
Scanner.WhitelistResult result = isChecksumWhitelisted(fileChecksum);

if (result == Scanner.WhitelistResult.WHITELISTED && this.commandLineParser.shouldPrintNotInfectedMessages()) {
if (result == Scanner.WhitelistResult.WHITELISTED && commandLineParser.shouldPrintNotInfectedMessages()) {
LOGGER.info(tl("scanner_probably_safe_whitelisted", file.getFileName().toString()));
}

Expand All @@ -312,7 +323,7 @@ protected void walkThroughFiles(Path dir, Consumer<Path> pathConsumer) {
}

if (Files.isDirectory(dir, LinkOption.NOFOLLOW_LINKS)) {
this.walkTroughDirectory(dir, pathConsumer);
walkTroughDirectory(dir, pathConsumer);
return;
}

Expand All @@ -324,17 +335,17 @@ protected void walkThroughFiles(Path dir, Consumer<Path> pathConsumer) {
}

private void walkTroughDirectory(Path dir, Consumer<Path> pathConsumer) {
var stack = new LinkedList<Path>();
LinkedList<Path> stack = new LinkedList<Path>();
stack.add(dir);

while (!stack.isEmpty()) {
var current = stack.pollLast();
Path current = stack.pollLast();

try(var list = Files.list(current).filter(path -> !Files.isSymbolicLink(path))) {
var iterator = list.iterator();
try (Stream<Path> list = Files.list(current).filter(path -> !Files.isSymbolicLink(path))) {
Iterator<Path> iterator = list.iterator();

while (iterator.hasNext()) {
var next = iterator.next();
Path next = iterator.next();
pathConsumer.accept(next);

if (Files.isDirectory(next, LinkOption.NOFOLLOW_LINKS)) {
Expand All @@ -350,41 +361,43 @@ private void walkTroughDirectory(Path dir, Consumer<Path> pathConsumer) {
private void scanZip(Path zippedFile) {
LOGGER.info("Scanning zip file " + zippedFile);

try(var walk = Files.walk(zippedFile)) {
try (Stream<Path> walk = Files.walk(zippedFile)) {
walk.forEach(found -> {
if (Files.isDirectory(found)) {
// Scan dir
this.scanDirectory(found);
scanDirectory(found);
return;
}

// Scan file
this.scanFile(found);
scanFile(found);
});
} catch (IOException ex) {
Logger.getLogger(Scanner.class.getName()).log(Level.SEVERE, null, ex);
}
}

private void scanDirectory(Path directory) {
try(var list = Files.list(directory)) {
try (Stream<Path> list = Files.list(directory)) {
list.forEach((path) -> {
if (!path.getFileSystem().isOpen()) return;
if (!path.getFileSystem().isOpen()) {
return;
}

if (Files.isDirectory(path)) {
scanDirectory(path);
return;
}

this.scanFile(path);
scanFile(path);
});
} catch (IOException e) {
LOGGER.exception(e);
}
}

private Scanner.WhitelistResult isChecksumWhitelisted(String checksum) {
return this.cache.containsWhitelistedChecksum(checksum) ? Scanner.WhitelistResult.WHITELISTED : Scanner.WhitelistResult.NOT_WHITELISTED;
return cache.containsWhitelistedChecksum(checksum) ? Scanner.WhitelistResult.WHITELISTED : Scanner.WhitelistResult.NOT_WHITELISTED;
}

}

0 comments on commit 1d9523c

Please sign in to comment.