From cc885276f5857f7a11141b9eb66dc3bdcd297bfb Mon Sep 17 00:00:00 2001 From: Daniel Hoffend Date: Mon, 20 Dec 2021 02:24:02 +0100 Subject: [PATCH] fix: verify that the downloaded resource is a valid plugin (#1210) --- scripts/start-spiget | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/scripts/start-spiget b/scripts/start-spiget index 451312ab..4dfa7575 100755 --- a/scripts/start-spiget +++ b/scripts/start-spiget @@ -22,6 +22,20 @@ containsJars() { return 1 } +containsPlugin() { + file=${1?} + + pat='plugin.yml$' + + while read -r line; do + if [[ $line =~ $pat ]]; then + return 0 + fi + done <<<$(unzip -l "$file") + + return 1 +} + getResourceFromSpiget() { resource=${1?} @@ -81,9 +95,12 @@ downloadResourceFromSpiget() { log "Extracting contents of resource ${resource} into plugins" unzip -o -q -d /data/plugins "${tmpfile}" rm "${tmpfile}" - else + elif containsPlugin "${tmpfile}"; then log "Moving resource ${resource} into plugins" mv "${tmpfile}" "/data/plugins/${resource}.jar" + else + log "ERROR downloaded resource '${resource}' seems to be not a valid plugin" + exit 2 fi }