From 26c5adbbc85b8bc0c52a382d48eafdc9fcba11d3 Mon Sep 17 00:00:00 2001
From: mohammed jasem alaajel <xrambad@gmail.com>
Date: Fri, 4 Feb 2022 09:01:31 +0400
Subject: [PATCH] removed insecure code that might cause Man-in-the-middle
 attack

---
 .../limework/networking/AppleTunneler.java    | 21 +++++++++++++++----
 src/main/resources/config.yml                 |  2 +-
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/src/main/java/net/limework/networking/AppleTunneler.java b/src/main/java/net/limework/networking/AppleTunneler.java
index f009f2a..969aa5d 100644
--- a/src/main/java/net/limework/networking/AppleTunneler.java
+++ b/src/main/java/net/limework/networking/AppleTunneler.java
@@ -7,6 +7,8 @@ import org.bukkit.plugin.java.JavaPlugin;
 import org.bukkit.scheduler.BukkitRunnable;
 
 import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
 
 public class AppleTunneler extends JavaPlugin {
 
@@ -17,10 +19,7 @@ public class AppleTunneler extends JavaPlugin {
         if (sshSession != null) {
             sshSession.disconnect();
         }
-        java.util.Properties config = new java.util.Properties();
-        config.put("StrictHostKeyChecking", "no");
         sshSession = jsch.getSession(getUsername(), getHost(), getPort());
-        sshSession.setConfig(config);
         sshSession.connect(2000);
         loadRemoteToLocalPortForwarding();
     }
@@ -59,12 +58,26 @@ public class AppleTunneler extends JavaPlugin {
         }
     }
 
+    private void loadKnownHostFile() throws FileNotFoundException, JSchException {
+        File knownHosts = new File(getDataFolder(), ".known_hosts");
+        if (knownHosts.isDirectory()) {
+            knownHosts.delete();
+        }
+        if (!knownHosts.exists()) {
+            getLogger().severe("FILE at path: " + knownHosts.getAbsolutePath() + " Does not exists");
+            throw new RuntimeException("Known host file does not exists in plugin folder");
+        }
+        this.jsch.setKnownHosts(new FileInputStream(knownHosts));
+
+    }
+
     @Override
     public void onEnable() {
         this.saveDefaultConfig();
         try {
             loadIds();
-        } catch (JSchException e) {
+            loadKnownHostFile();
+        } catch (JSchException | FileNotFoundException e) {
             throw new RuntimeException(e);
         }
         try {
diff --git a/src/main/resources/config.yml b/src/main/resources/config.yml
index e23d751..78a9f3a 100644
--- a/src/main/resources/config.yml
+++ b/src/main/resources/config.yml
@@ -4,7 +4,7 @@
 username: apple
 # host eg: domains can be used.
 host: 192.168.0.100
-# port
+# ssh port
 port: 22
 
 # Syntax is "local-port:remote-host:remote-port"