├── .gitignore ├── README.md ├── pom.xml └── src └── main ├── java └── pl │ └── safemc │ └── rcefix │ ├── Log4jPatternFilter.java │ └── RceExploitFixPlugin.java └── resources └── plugin.yml /.gitignore: -------------------------------------------------------------------------------- 1 | ### Java template 2 | # Compiled class file 3 | *.class 4 | 5 | # Log file 6 | *.log 7 | 8 | # BlueJ files 9 | *.ctxt 10 | 11 | # Mobile Tools for Java (J2ME) 12 | .mtj.tmp/ 13 | 14 | # Package Files # 15 | *.jar 16 | *.war 17 | *.nar 18 | *.ear 19 | *.zip 20 | *.tar.gz 21 | *.rar 22 | 23 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml 24 | hs_err_pid* 25 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # mc-rce-exploit-fix 2 | 3 | Plugin that fixes Log4J RCE exploit.\ 4 | Tested Minecraft versions: 1.8, 1.12.2, 1.13.2, 1.14.4, 1.16.5, 1.17.1, 1.18. 5 | -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | 4.0.0 6 | 7 | pl.safemc 8 | mc-rce-exploit-fix 9 | 1.5 10 | 11 | 12 | 1.8 13 | 1.8 14 | 15 | 16 | 17 | 18 | spigot-repo 19 | https://hub.spigotmc.org/nexus/content/repositories/snapshots/ 20 | 21 | 22 | 23 | 24 | 25 | org.spigotmc 26 | spigot-api 27 | 1.8.8-R0.1-SNAPSHOT 28 | provided 29 | 30 | 31 | org.apache.logging.log4j 32 | log4j-core 33 | 2.14.1 34 | provided 35 | 36 | 37 | 38 | -------------------------------------------------------------------------------- /src/main/java/pl/safemc/rcefix/Log4jPatternFilter.java: -------------------------------------------------------------------------------- 1 | package pl.safemc.rcefix; 2 | 3 | import org.apache.logging.log4j.Level; 4 | import org.apache.logging.log4j.LogManager; 5 | import org.apache.logging.log4j.Marker; 6 | import org.apache.logging.log4j.core.Filter; 7 | import org.apache.logging.log4j.core.LogEvent; 8 | import org.apache.logging.log4j.core.Logger; 9 | import org.apache.logging.log4j.message.Message; 10 | import java.util.Objects; 11 | 12 | /** 13 | * @author hp888 on 10.12.2021. 14 | */ 15 | 16 | public final class Log4jPatternFilter implements Filter { 17 | 18 | private final RceExploitFixPlugin plugin; 19 | 20 | Log4jPatternFilter(RceExploitFixPlugin plugin) { 21 | this.plugin = plugin; 22 | } 23 | 24 | private State state; 25 | 26 | @Override 27 | public State getState() { 28 | return state; 29 | } 30 | 31 | @Override 32 | public void initialize() { 33 | state = State.INITIALIZED; 34 | } 35 | 36 | @Override 37 | public void start() { 38 | state = State.STARTED; 39 | } 40 | 41 | @Override 42 | public void stop() { 43 | state = State.STOPPED; 44 | } 45 | 46 | @Override 47 | public boolean isStarted() { 48 | return state == State.STARTED; 49 | } 50 | 51 | @Override 52 | public boolean isStopped() { 53 | return state == State.STOPPED; 54 | } 55 | 56 | private Result fixMessage(Level level, String message) { 57 | if (Objects.isNull(message)) { 58 | return Result.NEUTRAL; 59 | } 60 | 61 | String newMessage = message.replaceAll("\\$\\{(.*?)}", "{blocked-pattern}"); 62 | if (!newMessage.equals(message)) { 63 | plugin.getServer().getScheduler().runTask(plugin, () -> LogManager.getRootLogger().log(level, newMessage)); 64 | return Result.DENY; 65 | } 66 | 67 | return Result.NEUTRAL; 68 | } 69 | 70 | @Override 71 | public Result getOnMismatch() { 72 | return Result.NEUTRAL; 73 | } 74 | 75 | @Override 76 | public Result getOnMatch() { 77 | return Result.NEUTRAL; 78 | } 79 | 80 | @Override 81 | public Result filter(Logger logger, Level level, Marker marker, String message, Object... objects) { 82 | return fixMessage(level, message); 83 | } 84 | 85 | @Override 86 | public Result filter(Logger logger, Level level, Marker marker, String message, Object p0) { 87 | return fixMessage(level, message); 88 | } 89 | 90 | @Override 91 | public Result filter(Logger logger, Level level, Marker marker, String message, Object p0, Object p1) { 92 | return fixMessage(level, message); 93 | } 94 | 95 | @Override 96 | public Result filter(Logger logger, Level level, Marker marker, String message, Object p0, Object p1, Object p2) { 97 | return fixMessage(level, message); 98 | } 99 | 100 | @Override 101 | public Result filter(Logger logger, Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3) { 102 | return fixMessage(level, message); 103 | } 104 | 105 | @Override 106 | public Result filter(Logger logger, Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4) { 107 | return fixMessage(level, message); 108 | } 109 | 110 | @Override 111 | public Result filter(Logger logger, Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) { 112 | return fixMessage(level, message); 113 | } 114 | 115 | @Override 116 | public Result filter(Logger logger, Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) { 117 | return fixMessage(level, message); 118 | } 119 | 120 | @Override 121 | public Result filter(Logger logger, Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) { 122 | return fixMessage(level, message); 123 | } 124 | 125 | @Override 126 | public Result filter(Logger logger, Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) { 127 | return fixMessage(level, message); 128 | } 129 | 130 | @Override 131 | public Result filter(Logger logger, Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8, Object p9) { 132 | return fixMessage(level, message); 133 | } 134 | 135 | @Override 136 | public Result filter(Logger logger, Level level, Marker marker, Object message, Throwable throwable) { 137 | return fixMessage(level, message.toString()); 138 | } 139 | 140 | @Override 141 | public Result filter(Logger logger, Level level, Marker marker, Message message, Throwable throwable) { 142 | return fixMessage(level, message.getFormattedMessage()); 143 | } 144 | 145 | @Override 146 | public Result filter(LogEvent event) { 147 | return fixMessage(event.getLevel(), event.getMessage().getFormattedMessage()); 148 | } 149 | 150 | } -------------------------------------------------------------------------------- /src/main/java/pl/safemc/rcefix/RceExploitFixPlugin.java: -------------------------------------------------------------------------------- 1 | package pl.safemc.rcefix; 2 | 3 | import org.apache.logging.log4j.LogManager; 4 | import org.apache.logging.log4j.core.Logger; 5 | import org.bukkit.plugin.java.JavaPlugin; 6 | 7 | /** 8 | * @author hp888 on 10.12.2021. 9 | */ 10 | 11 | public final class RceExploitFixPlugin extends JavaPlugin { 12 | 13 | @Override 14 | public void onEnable() { 15 | ((Logger) LogManager.getRootLogger()).addFilter(new Log4jPatternFilter(this)); 16 | } 17 | 18 | } -------------------------------------------------------------------------------- /src/main/resources/plugin.yml: -------------------------------------------------------------------------------- 1 | main: 'pl.safemc.rcefix.RceExploitFixPlugin' 2 | version: '1.5' 3 | author: 'HP888' 4 | name: 'RceExploitFixer' 5 | website: 'www.safemc.pl' --------------------------------------------------------------------------------