移除对 Apache Common Lang3 的依赖（因为 Bukkit 环境没有 Lang3 ）

build.gradle

@@ -7,13 +7,12 @@ buildscript {
         classpath 'net.minecraftforge.gradle:ForgeGradle:3.+'
     }
 }
-
 apply plugin: 'net.minecraftforge.gradle'
 // Only edit below this line, the above code adds and enables the necessary things for Forge to be setup.
 apply plugin: 'eclipse'
 apply plugin: 'maven-publish'
 
-version = '1.1.0'
+version = '1.1.4'
 group = 'chloeprime.fix4log4j' // http://maven.apache.org/guides/mini/guide-naming-conventions.html
 archivesBaseName = 'Fix4Log4J'
 
@@ -64,7 +63,7 @@ repositories {
 
 dependencies {
     minecraft 'net.minecraftforge:forge:1.12.2-14.23.5.2855'
-    implementation 'org.bukkit:bukkit:1.12.2-R0.1-SNAPSHOT'
+    implementation 'org.spigotmc:spigot-api:1.16.5-R0.1-SNAPSHOT'
 }
 
 // Example for how to get properties into the manifest for reading by the runtime..
@@ -82,6 +81,15 @@ jar {
     }
 }
 
+processResources {
+    from(sourceSets.main.resources.srcDirs) {
+        include 'mcmod.info'
+        include 'plugin.yml'
+
+        expand 'version': project.version, 'mcversion': '1.12.2'
+    }
+}
+
 // Example configuration to allow publishing using the maven-publish task
 // This is the preferred method to reobfuscate your jar file
 jar.finalizedBy('reobfJar') 

src/main/java/chloeprime/fix4log4j/Fixer.java

@@ -1,15 +1,16 @@
 package chloeprime.fix4log4j;
 
-import org.apache.commons.lang3.RandomStringUtils;
-import org.apache.commons.lang3.reflect.FieldUtils;
 import org.apache.logging.log4j.Logger;
 import org.apache.logging.log4j.core.appender.AbstractManager;
 import org.apache.logging.log4j.core.net.JndiManager;
 
 import javax.naming.Context;
+import java.lang.reflect.Field;
 import java.lang.reflect.Modifier;
+import java.security.SecureRandom;
 import java.util.Arrays;
 import java.util.Map;
+import java.util.Random;
 
 /**
  * @author ChloePrime
@@ -19,11 +20,23 @@ public static void doRuntimeTest(Logger logger) {
         logger.info("Fix4Log4J loaded.");
         logger.info("If you see stacktrace below, CLOSE EVERYTHING IMMEDIATELY!");
 
-        String someRandomString =
-                RandomStringUtils.randomAlphanumeric(40)
-                        + ":"
-                        + RandomStringUtils.randomAlphanumeric(40);
-        logger.info("Exploit Test: ${jndi:ldap://" + someRandomString + "}");
+        String someRandomUri = randomUri();
+        logger.info("Exploit Test: ${jndi:ldap://" + someRandomUri + "}");
+    }
+
+    /**
+     * char[40] + ':' + char[40]
+     */
+    private static String randomUri() {
+        char[] buf = new char[81];
+        Random rng = new SecureRandom();
+
+        for (int i = 0; i < buf.length; i++) {
+            buf[i] = (char) ('a' + rng.nextInt('z' - 'a' + 1));
+        }
+        buf[40] = ':';
+
+        return new String(buf);
     }
 
     public static void disableJndiManager() {
@@ -41,7 +54,7 @@ private static void disableJndiManager0() {
         Class<AbstractManager> mapHolder = AbstractManager.class;
         // Find "static Map<?, ?>" fields
         Arrays.stream(mapHolder.getDeclaredFields()).filter(
-                f -> (f.getModifiers() & Modifier.STATIC) > 0
+                f -> Modifier.isStatic(f.getModifiers())
         ).filter(
                 f -> Map.class.isAssignableFrom(f.getType())
         ).map(
@@ -82,13 +95,41 @@ private static void fixJndiManager(JndiManager jndiManager) throws ReflectiveOpe
             try {
                 // get access to it
                 f.setAccessible(true);
-                FieldUtils.removeFinalModifier(f);
+                removeFinalModifier(f);
                 // replace implementation
                 f.set(jndiManager, EmptyJndiContext.INSTANCE);
             } catch (IllegalAccessException e) {
                 throw new ExceptionInInitializerError(e);
             }
         });
     }
+
+    /**
+     * Copied from Apache Common Lang3.
+     * We need to copy it as bukkit has no Lang3 dependency.
+     */
+    public static void removeFinalModifier(final Field field)
+            throws IllegalAccessException {
+        try {
+            if (Modifier.isFinal(field.getModifiers())) {
+                // Do all JREs implement Field with a private ivar called "modifiers"?
+                final Field modifiersField = Field.class.getDeclaredField("modifiers");
+                final boolean doForceAccess = !modifiersField.isAccessible();
+                if (doForceAccess) {
+                    modifiersField.setAccessible(true);
+                }
+                try {
+                    modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
+                } finally {
+                    if (doForceAccess) {
+                        modifiersField.setAccessible(false);
+                    }
+                }
+            }
+        } catch (final NoSuchFieldException ignored) {
+            // The field class always contains a modifiers field
+        }
+    }
+
     private Fixer() {}
 }

src/main/java/chloeprime/fix4log4j/forge/Fix4Log4JMod.java

@@ -18,7 +18,7 @@
 public class Fix4Log4JMod {
     public static final String MODID = "fix4log4j";
     public static final String NAME = "Fix4Log4J";
-    public static final String VERSION = "1.1.0";
+    public static final String VERSION = "1.1.4";
 
     @EventHandler
     public void construct(FMLConstructionEvent event) {

src/main/resources/plugin.yml

@@ -1,4 +1,3 @@
 name: Fix4Log4J
-version: ${project.version}
+version: ${version}
 main: chloeprime.fix4log4j.bukkit.Fix4Log4JBukkitPlugin
-api-version: 1.12