Catch books with invalid JSON as page content and kick the player.

minoneer · minoneer · commit fdb79d6b904b · 2022-09-13T19:52:17.000+02:00
This has so far oly happened once with ProtocolLib, so for now we only catch it there. Kicking the corresponding player should prevent spamming of this error. See also https://pastebin.com/9XQsf5rT and https://hub.spigotmc.org/jira/projects/SPIGOT/issues/SPIGOT-7155
diff --git a/src/main/java/me/minoneer/bukkit/bookexploit/ProtocolLibHook.java b/src/main/java/me/minoneer/bukkit/bookexploit/ProtocolLibHook.java
@@ -6,6 +6,7 @@
 import com.comphenix.protocol.events.ListenerPriority;
 import com.comphenix.protocol.events.PacketAdapter;
 import com.comphenix.protocol.events.PacketEvent;
+import com.google.gson.JsonParseException;
 import org.bukkit.entity.Player;
 import org.bukkit.inventory.ItemStack;
 import org.bukkit.plugin.Plugin;
@@ -29,15 +30,33 @@ public static void activate(
             public void onPacketReceiving(PacketEvent event) {
                 final Player player = event.getPlayer();
                 ItemStack item = event.getPacket().getItemModifier().readSafely(0);
-                ItemStack filteredItem = bookFilter.filterBook(item, player, FilterAction.CREATE);
-                if (filteredItem != null) {
+                try {
+                    ItemStack filteredItem = bookFilter.filterBook(item, player, FilterAction.CREATE);
+
+                    if (filteredItem != null) {
+                        event.setCancelled(true);
+                        event.getPlayer().updateInventory();
+                        logger.log(
+                                Level.WARNING,
+                                "Player {0} {1} tried to create a book with illegal click events!",
+                                new Object[]{player.getName(), player.getUniqueId()}
+                        );
+                        if (config.getPlayerMessage() != null) {
+                            player.sendMessage(config.getPlayerMessage());
+                        }
+                    }
+                } catch (JsonParseException exception) { // thrown if the book pages contain invalid JSON
+                    logger.log(
+                            Level.SEVERE,
+                            "Detected a book with invalid page content that could not be parsed in inventory of " +
+                                    "player " + player.getName() + " (" + player.getUniqueId() + "), removing the item."
+                            ,
+                            exception
+                    );
                     event.setCancelled(true);
                     event.getPlayer().updateInventory();
-                    logger.log(Level.WARNING, "Player {0} {1} tried to create a book with illegal click events!",
-                            new Object[]{player.getName(), player.getUniqueId()});
-                    if (config.getPlayerMessage() != null) {
-                        player.sendMessage(config.getPlayerMessage());
-                    }
+                    player.kickPlayer("Invalid book content detected, please contact an administrator.");
+                    logger.log(Level.SEVERE, item.toString());
                 }
             }
         });
