Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: DownloadSourceChecker #1914

Merged
merged 2 commits into from
Jun 14, 2024
Merged

Feature: DownloadSourceChecker #1914

merged 2 commits into from
Jun 14, 2024

Conversation

ThatGravyBoat
Copy link
Contributor

@ThatGravyBoat ThatGravyBoat commented May 29, 2024
edited by hannibal002
Loading

What

This adds a checker that will check the validity of the jar that the mod is being ran from.
When a jar is ran using this and the jar is downloaded from an untrusted source like Discord then a pop up will show up, this popup will inform the user about the dangers of running an untrusted jar.

As of right now there are only 2 trusted sources:

  • GitHub with this repo id
  • Modrinth with the SkyHanni project id.

This should stop basic attempts of just shoving crappy malware into SkyHanni to have it look similar to SkyHanni in file contents.

There is an override/skip option that will ask for a "password", this menu will also explain again that they should not be trusting people and as a last resort the password says they are in danger.

Note: This is for windows only.

Images

image

Changelog New Features

  • Added a source download verification checker. - ThatGravyBoat
    • Warns you when the mod has been downloaded from an untrusted source (not the official GitHub or Modrinth).

@hannibal002 hannibal002 added this to the Version 0.26 milestone May 29, 2024
nea89o
nea89o suggested changes May 29, 2024
View reviewed changes
Copy link
Contributor

@nea89o nea89o left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks nice, but there are some minor nit picks

src/main/java/at/hannibal2/skyhanni/tweaker/SkyHanniTweaker.java Outdated Show resolved Hide resolved
src/main/java/at/hannibal2/skyhanni/tweaker/DownloadSourceChecker.java Outdated Show resolved Hide resolved
src/main/java/at/hannibal2/skyhanni/tweaker/DownloadSourceChecker.java Outdated Show resolved Hide resolved
@hannibal002 hannibal002 added the Soon This Pull Request will be merged within the next couple of betas label May 30, 2024
@hannibal002 hannibal002 changed the title Add DownloadSourceChecker Feature: DownloadSourceChecker May 30, 2024
@hannibal002
Copy link
Owner

Doeesnt work for me.
ive tried uploading the mod on discord, downloading it via firefox, then putting this jar into mods folder. the game started like normal

@ThatGravyBoat
Copy link
Contributor Author

Doeesnt work for me. ive tried uploading the mod on discord, downloading it via firefox, then putting this jar into mods folder. the game started like normal

try with a different browser, Firefox is known to not implement standard systems that most browsers have.

@hannibal002
Copy link
Owner

zone identifier is a windows feature, should be independent of firefox, right?

@ThatGravyBoat
Copy link
Contributor Author

zone identifier is a windows feature, should be independent of firefox, right?

Its a standard set by windows and every browser but seemingly if it is not working for you then firefox is not doing this standard and is not going through the proper download procedure . I know for a fact it works with chrome and edge because I tested on both. Firefox accounts for less than 4% of all browsers so it being a problem isnt going to affect that many people, this is just a precautionary system it is not a full proof thing, it wont stop everything but will prevent basic attempts.

@hannibal002
Copy link
Owner

Just tested with chrome, didn't work as well.

Ive copied the link from the discord message that contained the file, pasted it in chrome. let it download, moved the downloaded file from chrome downloads folder to my prism profile mods folder, started prism. now i see the start screen of mc.

hannibal002
hannibal002 approved these changes Jun 14, 2024
View reviewed changes
Copy link
Owner

@hannibal002 hannibal002 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Worked for me. (patience is key)

@hannibal002 hannibal002 merged commit 5b4f369 into hannibal002:beta Jun 14, 2024
3 checks passed
@github-actions github-actions bot removed the Soon This Pull Request will be merged within the next couple of betas label Jun 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nea89o nea89o nea89o requested changes

@hannibal002 hannibal002 hannibal002 approved these changes

@CalMWolfs CalMWolfs CalMWolfs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Version 0.26
Development

Successfully merging this pull request may close these issues.
4 participants
@ThatGravyBoat @hannibal002 @nea89o @CalMWolfs