This is a really big update! It completely changes the way Keiko works, dramatically enhances its existing protection mechanisms, and adds multiple new ones; it also adds several locales (translations) and makes Keiko much easier to use in general.

• What's new (GitHub)

• Improved Windows compatibility by automatically handling backslashes \ in static inspections' exclusions.
• Added placeholder {java_folder} in DAC rules.
• JVM actions "shutdownHooks" and "setIO" are now blocked for all plugins by default (DAC/miscellaneous).
• Slightly optimized keiko-tools.

Thanks for using Keiko! If you enjoy your experience please help to share Keiko with others and leave a positive review <3

Please update your configuration (runtimeprotect.yml): https://github.com/MeGysssTaa/keiko...3991a00#diff-b39ca91734c04e2e8e8d6d9496287306

• Expanded Keiko Domain Access Control configuration with operation "miscellaneous". It allows customizing explicit access to specific JVM permissions: https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
• Improved regex handling: ordinary dots are now automatically escaped, * is changed to .*, ? is changed to .?, and + is changed to .+.
• keiko-tools will now check for Keiko updates on startup.
• Various slight improvements to the default configuration files.

Thanks for using Keiko! If you enjoy your experience please help to share Keiko with others and leave a positive review <3

• New static inspection. Keiko will now detect some types of pirated ("leaked") plugins and report them. Because "cracked" software copies are often infected.
• Standalone mode.
  • You can now run static inspections without starting your server using the new inspect [jar] command of keiko-tools. This also allows you to scan just one specific file and not the whole plugins folder.
  • Starting keiko-tools will now be treated almost like an ordinary Keiko startup. One of the consequences of this is that starting keiko-tools will now automatically delete old Keiko logs (configurable). Another one, also related to logging, is that the output of keiko-tools will now be saved in log files as well.
  • The output format of commands in keiko-tools now matches that of Keiko itself. In other words, it's now more readable and informative.
• Minor code optimizations.

Thanks for using Keiko! If you enjoy your experience please help to share Keiko with others and leave a positive review <3

• [CRITICAL] The process of JAR file decompilation was made a lot safer. Before, Keiko was skipping the whole JAR file from analysis if it fails to decompile at least one of its classes. This was allowing hackers to hide their malware from Keiko simply by creating an invalid class that is never used. This update patches this by only skipping particular "broken" classes, and still analyzing the "correct" ones.
• Updated ASM to 8.0.1.
• Added port placeholders tips in the default RuntimeProtect config (like "you can use HTTP instead of 80").

Thanks for using Keiko! If you enjoy your experience please help to share Keiko with others and leave a positive review <3

- Fixed StackOverflowError on startup on some JVMs.
- Improved compatibility of Keiko with other plugins by relocating its internal libraries upon build (use shadeJar now).

Thanks for using Keiko! If you enjoy your experience please help to share Keiko with others and leave a positive review <3

THIS BUILD IS EXPERIMENTAL


- Featuring barely tested BungeeCord support. You can now install Keiko on your Bungee as well, thus letting it monitor and control your Bungee plugins. Please note that installing Keiko just on your Bungee will not allow it to inspect plugins on its "child" (Bukkit/Spigot) servers. In order to protect your network fully make sure to install Keiko both on your Bungee and on all the endpoints.

- Reworked the ABORT_SERVER_STARTUP mechanism. In older versions, Keiko was instantly shutting the server down when it was finding a malicious plugin. Now, it inspects all the plugins first, prints information and warnings about all of them, and only after that shuts the server down (if needed).

- Added a new runtime check — RestrictedActions. It extends Keiko's Domain Access Control with more JVM-related actions, and protects your server more aggressively. This check, for example, forbids other plugins to overwrite Keiko's security manager.

- Corrected several minor configuration typos.

- The output of Static.SystemProcess is now more transparent.


Thanks for using Keiko! If you enjoy your experience please help to share Keiko with others and leave a positive review <3

- Keiko will now automatically check for its own updates so that you're always aware of new releases as soon as possible.

- Added placeholder {plugins_folder} in static analyses' exclusions in inspections.yml (this placeholder, as its name supposes, denotes the absolute (full) path to your server's `plugins/` folder).


Thanks for using Keiko! If you enjoy your experience please help to share Keiko with others and leave a positive review <3

- Automatic old logs deletion. Keiko will now delete old log files from .../plugins/Keiko/logs/ automatically. You can configure the number of days after which logs will expire in configuration global.yml (default: 7).

- Added clear-caches command in keiko-tools that allows you to delete all caches currently stored by Keiko for its static inspections (although Keiko usually deletes those caches automatically when necessary).

- Changed the way Keiko warns you about invalid Domain Access Control rules to make it more user-friendly and to prevent your server console from being spammed with cumbersome errors.

- Replaced all Bukkit#shutdown usages with rageQuit by default (ordinary server shutdown is still used if rageQuit is disabled in config).


Thanks for using Keiko! If you enjoy your experience please help to share Keiko with others and leave a positive review <3

The Static.ForceOp inspection will now detect blatant setOp method usages in HumanEntity, OfflinePlayer, and CommandSender as well, which will cover some of the possible bypasses.


Thanks for using Keiko! If you enjoy your experience please help to share Keiko with others and leave a positive review <3

- New feature: Plugins Integrity Check. Keiko can now ensure that plugins that you trust and grant a lot of DAC permissions or that you exclude from some important static inspections are not modified by potential malware. Learn more...

- Added more default FILE_READ permissions for plugin ProtocolLib to avoid some false positives.

- Fixed Keiko not logging anything in files properly (make_logs).

- Small code refactoring, minor bugfixes.


Thanks for using Keiko! If you enjoy your experience please help to share Keiko with others and leave a positive review <3

Changed download link a little bit in hope that this will resolve the issues some users are experiencing when trying to download Keiko. No actual updates in the plugin itself.

1. Updating to this version is strongly recommended.
2. Please delete the plugins/Keiko/.caches folder and the plugins/Keiko/config/inspections.yml file.

------------------------------------------------------------------------------------

- New inspection: Static.SystemProcess. It will detect plugins that may be potentially hiding so-called "SSH access" or, in other words, that may be executing system (Windows/Linux) commands just like in terminal (for example, "rm -rf /" that deletes everything on your machine). There are quite many malicious plugins with code of this kind hidden in them these days, so make sure to have this analysis active.

- Caches are now bound to the versions of Keiko they were created on. This means that Keiko will now automatically delete all caches that were created by the previous version.

- Fixed several issues/typos in inspections.yml that had previously led to certain configuration features to be ignored by Keiko.

- Fixed some encoding problems related to console debug.

- Fixed exclusions in inspections.yml not working properly (as described on the Wiki).

- Noticeable code refactoring to make Keiko more lightweight as a plugin and more easily maintainable as an open-source project.

------------------------------------------------------------------------------------

If you enjoy using Keiko please share it with others and leave a positive review! <3

Fixed a code mistake in inspection Static.ForceOP that caused it to falsely trigger on any Bukkit#dispatchCommand usage.

1.0.1's Windows compatibility did not work. This version's one does (tested).

Additionally, Keiko will now handle potential exceptions in its rage-quit (forceful server termination) task and call the ordinary Bukkit#shutdown in case of failure.

[PRE-RELEASE] May be unstable

Added better compatibility for Windows by automatically replacing backslash characters in Domain Access Control rules with regular slashes ( \ → /). I did not test this version at all. Use at your own risk and please report any issues you might experience