Skip to content

Placeholder fallback value replacement error #530

New issue
New issue
Open
0 of 1 issue completed
Open
Placeholder fallback value replacement error#530
0 of 1 issue completed
@MaxLevs

Description

@MaxLevs
MaxLevs
opened on Feb 25, 2025

Recently I ended up with minecraft-server crash. In short I generated a strong rcon password with some service and put it in RCON_PASSWORD environment variable. The value is :xDmW!T5Y%Jjam;$L9adz-tf%4BuhN,z#64pGx+;3R6^W$#PgGv!Nm-*)A}3^*/js*&)# (it was changed before posting ofc and can be used as a test case).

And after restart I got this crash error bellow

[mc-image-helper] 19:17:29.183 WARN  : Unable to resolve environment variable Jjam;$L9adz-tf
[mc-image-helper] 19:17:29.184 ERROR : 'set-properties' command failed. Version is 1.41.1
java.lang.IllegalArgumentException: Illegal group reference
        at java.base/java.util.regex.Matcher.appendExpandedReplacement(Unknown Source)
        at java.base/java.util.regex.Matcher.appendReplacement(Unknown Source)
        at me.itzg.helpers.env.SimplePlaceholders.processPlaceholders(SimplePlaceholders.java:44)
        at me.itzg.helpers.properties.SetPropertiesCommand.processProperties(SetPropertiesCommand.java:157)
        at me.itzg.helpers.properties.SetPropertiesCommand.call(SetPropertiesCommand.java:89)
        at me.itzg.helpers.properties.SetPropertiesCommand.call(SetPropertiesCommand.java:35)
        at picocli.CommandLine.executeUserObject(CommandLine.java:2045)
        at picocli.CommandLine.access$1500(CommandLine.java:148)
        at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2465)
        at picocli.CommandLine$RunLast.handle(CommandLine.java:2457)
        at picocli.CommandLine$RunLast.handle(CommandLine.java:2419)
        at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2277)
        at picocli.CommandLine$RunLast.execute(CommandLine.java:2421)
        at picocli.CommandLine.execute(CommandLine.java:2174)
        at me.itzg.helpers.McImageHelper.main(McImageHelper.java:178)
[init] [ERROR] Failed to update server.properties

There are two issues here.

First of all, server crashes when it tries to update server.properties file. It's related with placeholders' logic in mc-image-helper. The part it tries to substitute is %Jjam;$L9adz-tf% but it's not a placeholder and there is no Jjam;$L9adz-tf variable. It goes to a fallback value which is actually %Jjam;$L9adz-tf% (from m.group()).

Second of all, it leaks a part of a secret and this is a real problem here. I think that definitions.json must have a field that declare if property is a secret or not.

Sub-issues

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions