ForceOP AntiMalware

[Link0Darck]

Good morning, the AntiMalware has detected a force op command in your plugin which is vulnerable if you don't check by yourself with the spigot staff plugin plugin : (https://www.spigotmc.org/resources/spigot-anti-malware.64982/) `[AntiMalware] [23:16:36] [INFO]: Using locale en

[AntiMalware] [23:16:36] [INFO]: Any bugs and/or false-positives should be reported either on the GitHub repo, plugin discussion page, or on the discord server [AntiMalware] [23:16:36] [INFO]: Registering checks [AntiMalware] [23:16:36] [INFO]: Finished registering checks [AntiMalware] [23:16:36] [INFO]: Setting up the Auto-Updater [AntiMalware] [23:16:36] [INFO]: Finished initializing [AntiMalware] [23:16:36] [DETECTED]: plugins\TreasureChest.jar MIGHT be infected with Spigot.MALWARE.ForceOP.A Class Path: com/mtihc/minecraft/treasurechest/v8/rewardfactory/rewards/CommandReward ; SourceFile/Line CommandReward.java/85 Remaining files to scan: 0`

[fahlur]

Its because the nature of the command, you can place any command as the reward. Which in the wrong hands of creating a chest can lead to force op. If you give someone the permission to provide command rewards for treasure chests, they can then force op.

[Link0Darck]

for one of the plugins I use it was the same thing the person solved it and answered this :

Ah okay so I see why it flagged it as malware now, I checked the source code of the anti-malware plugin since it is open source, if I had it specify specifically player.setOp(false) directly after setting them to player.setOp(true) it wouldn't have flagged it. The reason its flagged is because I use a dynamic variable, I fetch the players OP status prior to setting them to OP then I set them back to that status after they are set to OP. If I didn't do that then some players who were already OP prior to executing the command would end up getting de-opped when they are not supposed to.

If you want I put the link because there is not that your plugin I report on the github after I prefer to report on the github that on the spigot or it can ban you but I know that your plugin is not created to harm the server otherwise here is the link : https://github.com/RockinChaos/ItemJoin/issues/438

I'm sorry for the long wait but I had a lot of things to do but I wanted to warn you now there is a lot of malware that infects mineraft servers like HostFlow that now almost everyone puts the anti malware and even I got this malware while I didn't have a crack plugin