unsafe regex

commands/admin/banword.js

@@ -1,4 +1,5 @@
 const { Command } = require('discord-akairo');
+const safe = require('safe-regex');
 const BannedWords = require('../../models').bannedWords;
 
 class BannedWordsCommand extends Command {
@@ -35,8 +36,7 @@ class BannedWordsCommand extends Command {
 	}
 
 	async exec(message, args) {
-		// eslint-disable-next-line no-useless-escape
-		if (message.content.includes('(?:\s|/\*.*\*/|//.*|#.*)*\(.*\)')) return; // This make bot crash
+		if (!safe(message.content)) return;
 		
 		if (!args.word) args.word = '';
 		args.word = args.word.replace(/[\u0250-\ue007]/g, '');

event/listeners/message.js

@@ -1,12 +1,16 @@
 const { Listener } = require('discord-akairo');
 const rand = require('../../rand.js');
 const Sequelize = require('sequelize');
+const safe = require('safe-regex');
+// Database
 const Tag = require('../../models').Tag;
 const autoResponse = require('../../models').autoresponse;
 const autoResponseStat = require('../../models').autoresponseStat;
 const BannedWords = require('../../models').bannedWords;
 const WhitelistWord = require('../../models').whitelistWord;
 const quotationStat = require('../../models').quotationStat;
+const userBlacklist = require('../../models').userBlacklist;
+
 
 class messageListener extends Listener {
 	constructor() {
@@ -17,6 +21,10 @@ class messageListener extends Listener {
 	}
 
 	async exec(message) {	
+		const blacklist = await userBlacklist.findOne({where: {userID:message.author.id}});
+
+		if (blacklist) return;
+
 		if (message.partial) {
 			await message.fetch()
 				.catch(() => {
@@ -49,6 +57,7 @@ class messageListener extends Listener {
 			censoredMessage = censoredMessage.replace(/[\u0250-\ue007]/g, '');
 			
 			for (let i = 0; i < bannedWords.length; i++) {
+				if (!safe(bannedWords[i].get('word'))) return;
 				let regex = new RegExp(bannedWords[i].get('word'), 'g');
 				censoredMessage = censoredMessage.replace(regex, '█'.repeat(bannedWords[i].get('word').length));
 			}

package-lock.json

@@ -6121,6 +6121,11 @@
       "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.13.3.tgz",
       "integrity": "sha512-naKIZz2GQ8JWh///G7L3X6LaQUAMp2lvb1rvwwsURe/VXwD6VMfr+/1NuNw3ag8v2kY1aQ/go5SNn79O9JU7yw=="
     },
+    "regexp-tree": {
+      "version": "0.1.21",
+      "resolved": "https://registry.npmjs.org/regexp-tree/-/regexp-tree-0.1.21.tgz",
+      "integrity": "sha512-kUUXjX4AnqnR8KRTCrayAo9PzYMRKmVoGgaz2tBuz0MF3g1ZbGebmtW0yFHfFK9CmBjQKeYIgoL22pFLBJY7sw=="
+    },
     "regexpp": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/regexpp/-/regexpp-2.0.1.tgz",
@@ -6296,6 +6301,14 @@
       "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
       "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
     },
+    "safe-regex": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/safe-regex/-/safe-regex-2.1.1.tgz",
+      "integrity": "sha512-rx+x8AMzKb5Q5lQ95Zoi6ZbJqwCLkqi3XuJXp5P3rT8OEc6sZCJG5AE5dU3lsgRr/F4Bs31jSlVN+j5KrsGu9A==",
+      "requires": {
+        "regexp-tree": "~0.1.1"
+      }
+    },
     "safer-buffer": {
       "version": "2.1.2",
       "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",

package.json

@@ -26,6 +26,7 @@
     "mysql2": "^1.7.0",
     "node-fetch": "^2.6.0",
     "node-opus": "^0.3.3",
+    "safe-regex": "^2.1.1",
     "sequelize": "^5.21.5",
     "sqlite3": "^4.1.0",
     "superagent": "^4.1.0",