Prevent invalid uuids

ds58 · ds58 · commit 42d70ad03435 · 2021-04-10T12:47:53.000-05:00
diff --git a/api/src/main/java/com/ruinscraft/panilla/api/nbt/checks/NbtCheck_EntityTag.java b/api/src/main/java/com/ruinscraft/panilla/api/nbt/checks/NbtCheck_EntityTag.java
@@ -7,6 +7,8 @@
 import com.ruinscraft.panilla.api.nbt.INbtTagList;
 import com.ruinscraft.panilla.api.nbt.NbtDataType;
 
+import java.util.UUID;
+
 public class NbtCheck_EntityTag extends NbtCheck {
 
     private static final String[] ARMOR_STAND_TAGS = new String[]{"NoGravity", "ShowArms", "NoBasePlate", "Small", "Rotation", "Marker", "Pose", "Invisible"};
@@ -52,6 +54,16 @@ public NbtCheckResult check(INbtTagCompound tag, String itemName, IPanilla panil
             }
         }
 
+        if (entityTag.hasKey("UUID")) {
+            String uuid = entityTag.getString("UUID");
+
+            try {
+                UUID.fromString(uuid);
+            } catch (Exception e) {
+                return NbtCheckResult.CRITICAL;
+            }
+        }
+
         if (entityTag.hasKey("ExplosionPower")) {
             return NbtCheckResult.FAIL;
         }
@@ -95,6 +107,13 @@ public NbtCheckResult check(INbtTagCompound tag, String itemName, IPanilla panil
                 return NbtCheckResult.FAIL;
             }
 
+            String id = entityTag.getString("id");
+
+            // prevent lightning bolt eggs
+            if (id.toLowerCase().contains("lightning")) {
+                return NbtCheckResult.FAIL;
+            }
+
             // check for massive slime spawn eggs
             if (entityTag.hasKey("Size")) {
                 if (entityTag.getInt("Size") > panilla.getProtocolConstants().maxSlimeSize()) {
diff --git a/api/src/main/java/com/ruinscraft/panilla/api/nbt/checks/NbtCheck_SkullOwner.java b/api/src/main/java/com/ruinscraft/panilla/api/nbt/checks/NbtCheck_SkullOwner.java
@@ -7,6 +7,7 @@
 import com.ruinscraft.panilla.api.nbt.NbtDataType;
 
 import java.util.Base64;
+import java.util.UUID;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -23,6 +24,28 @@ public NbtCheckResult check(INbtTagCompound tag, String itemName, IPanilla panil
         if (panilla.getPConfig().preventMinecraftEducationSkulls) {
             INbtTagCompound skullOwner = tag.getCompound("SkullOwner");
 
+            if (skullOwner.hasKey("Id")) {
+                String idString = skullOwner.getString("Id");
+
+                try {
+                    // Ensure valid UUID
+                    UUID.fromString(idString);
+                } catch (Exception e) {
+                    return NbtCheckResult.CRITICAL;
+                }
+            }
+
+            if (skullOwner.hasKey("UUID")) {
+                String uuidString = skullOwner.getString("UUID");
+
+                try {
+                    // Ensure valid UUID
+                    UUID.fromString(uuidString);
+                } catch (Exception e) {
+                    return NbtCheckResult.CRITICAL;
+                }
+            }
+
             if (skullOwner.hasKey("Properties")) {
                 INbtTagCompound properties = skullOwner.getCompound("Properties");
 
