Coder Social home page Coder Social logo

nkomarn / composter Goto Github PK

View Code? Open in Web Editor NEW
9.0 3.0 1.0 569 KB

a cleanroom implementation of the minecraft b1.7.3 server!

License: MIT License

Java 100.00%
minecraft java beta server implementation cleanroom netty minecraft-beta async minecraft-server

composter's Introduction

Composter

Composter

A multithreaded clean room implementation of the Minecraft Beta 1.7.3 server.

CI CodeFactor License

Composter is still extremely early in development. While I will probably end up making a majority of this project, I definitely will need help along the way. This is an ambitious project, and I do realize that, but it is definitely an achievable one. I am starting this project for a few reasons:

  1. I want to learn about creating server software from scratch
  2. I seek to learn more about multithreaded software and parallelism
  3. I like Minecraft Beta 1.7.3 and it's old enough to be a reasonable target for this project (I think)
  4. If Notch could do it, I probably can (actually probably not)
  5. I enjoy pain (╯°□°)╯︵ ┻━┻

📋 Bucket list

  • Use Reactor Netty instead of just raw Netty. This will hopefully bring some performance improvements
  • Close to the same generation that Beta has. I know this is a pretty unreasonable goal, but hey, why not.
  • Use a different compression algorithm for chunks. I am looking at either zstd or lz4.
  • Async whatever the hell I can async.
  • Maybe write a cleaner world save system.
  • Get someone else to write the physics stuff (lol)
  • Other stuff, mainly consisting of finishing this project at some point with reasonable quality ✨

Have a look at the project tracker for todos and ongoing projects.

📚 Resources

  • wiki.vg - Reverse engineered Beta protocol (mostly)
  • Protocol FAQ - Typical flow of the Beta protocol
  • NBT Format - An old archived document outlining the NBT format
  • Reactor Netty docs - Great documentation outlining a lot of the features of Reactor
  • 🌎 Lots and lots of Googling...

📰 Licensing stuff

This project is licensed under the MIT license. I hope to not only create something functional out of this, but also allow others to learn from the code and improve their own knowledge! All of the code in this project will be completely original and thus you can copy and modify anything as you wish for your own purposes!

This project will not be possible without the support of many others. I appreciate any and all contributions made to this project. Together, we can create something great! :)

composter's People

Contributors

code-factor avatar exzibyte avatar isebasus avatar mend-bolt-for-github[bot] avatar nkomarn avatar thatgoofydev avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

dasbaumjunge

composter's Issues

CVE-2017-18640 (High) detected in snakeyaml-1.25.jar

CVE-2017-18640 - High Severity Vulnerability

Vulnerable Library - snakeyaml-1.25.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /tmp/ws-scm/Composter/pom.xml

Path to vulnerable library: 20200410162455/downloadResource_66c8d975-29a8-434e-88af-f273deebf07d/20200410165709/snakeyaml-1.25.jar

Dependency Hierarchy:

  • snakeyaml-1.25.jar (Vulnerable Library)

Found in HEAD commit: ef882059f334043855e1cd2de8dcccc4ce4f5e7a

Vulnerability Details

The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

Publish Date: 2019-12-12

URL: CVE-2017-18640

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bitbucket.org/asomov/snakeyaml/commits/da11ddbd91c1f8392ea932b37fa48110fa54ed8c

Release Date: 2020-03-08

Fix Resolution: 1.26

Step up your Open Source Security Game with WhiteSource here

You.

You are the issue. It's all your fault. Fortnite?

CVE-2020-9488 (Low) detected in log4j-core-2.12.1.jar

CVE-2020-9488 - Low Severity Vulnerability

Vulnerable Library - log4j-core-2.12.1.jar

The Apache Log4j Implementation

Library home page: https://logging.apache.org/log4j/2.x/

Path to dependency file: /tmp/ws-scm/Composter/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/logging/log4j/log4j-core/2.12.1/log4j-core-2.12.1.jar

Dependency Hierarchy:

  • log4j-slf4j-impl-2.12.1.jar (Root Library)
    • log4j-core-2.12.1.jar (Vulnerable Library)

Found in HEAD commit: fb233022a36a67562fa0f9b7d9c24a19a202c5e2

Vulnerability Details

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.

Publish Date: 2020-04-27

URL: CVE-2020-9488

CVSS 3 Score Details (3.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://issues.apache.org/jira/browse/LOG4J2-2819

Release Date: 2020-04-27

Fix Resolution: org.apache.logging.log4j:log4j-core:2.13.2

Step up your Open Source Security Game with WhiteSource here

CVE-2020-11612 (High) detected in netty-all-4.1.43.Final.jar

CVE-2020-11612 - High Severity Vulnerability

Vulnerable Library - netty-all-4.1.43.Final.jar

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.

Library home page: https://netty.io/

Path to dependency file: /tmp/ws-scm/Composter/pom.xml

Path to vulnerable library: 20200410162455/downloadResource_66c8d975-29a8-434e-88af-f273deebf07d/20200410165708/netty-all-4.1.43.Final.jar

Dependency Hierarchy:

  • netty-all-4.1.43.Final.jar (Vulnerable Library)

Found in HEAD commit: ef882059f334043855e1cd2de8dcccc4ce4f5e7a

Vulnerability Details

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.

Publish Date: 2020-04-07

URL: CVE-2020-11612

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://netty.io/news/2020/02/28/4-1-46-Final.html

Release Date: 2020-04-07

Fix Resolution: io.netty:netty-codec:4.1.46.Final;io.netty:netty-all:4.1.46.Final

Step up your Open Source Security Game with WhiteSource here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.