From 408c24e0b8c2fda19667e863cc78ec1b95c4b3f5 Mon Sep 17 00:00:00 2001 From: loicbersier Date: Sun, 29 Mar 2020 18:49:20 +0200 Subject: [PATCH] unsafe regex --- commands/admin/banword.js | 4 ++-- event/listeners/message.js | 9 +++++++++ package-lock.json | 13 +++++++++++++ package.json | 1 + 4 files changed, 25 insertions(+), 2 deletions(-) diff --git a/commands/admin/banword.js b/commands/admin/banword.js index 324a8add..fb74b86e 100644 --- a/commands/admin/banword.js +++ b/commands/admin/banword.js @@ -1,4 +1,5 @@ const { Command } = require('discord-akairo'); +const safe = require('safe-regex'); const BannedWords = require('../../models').bannedWords; class BannedWordsCommand extends Command { @@ -35,8 +36,7 @@ class BannedWordsCommand extends Command { } async exec(message, args) { - // eslint-disable-next-line no-useless-escape - if (message.content.includes('(?:\s|/\*.*\*/|//.*|#.*)*\(.*\)')) return; // This make bot crash + if (!safe(message.content)) return; if (!args.word) args.word = ''; args.word = args.word.replace(/[\u0250-\ue007]/g, ''); diff --git a/event/listeners/message.js b/event/listeners/message.js index da591d95..aaf21795 100644 --- a/event/listeners/message.js +++ b/event/listeners/message.js @@ -1,12 +1,16 @@ const { Listener } = require('discord-akairo'); const rand = require('../../rand.js'); const Sequelize = require('sequelize'); +const safe = require('safe-regex'); +// Database const Tag = require('../../models').Tag; const autoResponse = require('../../models').autoresponse; const autoResponseStat = require('../../models').autoresponseStat; const BannedWords = require('../../models').bannedWords; const WhitelistWord = require('../../models').whitelistWord; const quotationStat = require('../../models').quotationStat; +const userBlacklist = require('../../models').userBlacklist; + class messageListener extends Listener { constructor() { @@ -17,6 +21,10 @@ class messageListener extends Listener { } async exec(message) { + const blacklist = await userBlacklist.findOne({where: {userID:message.author.id}}); + + if (blacklist) return; + if (message.partial) { await message.fetch() .catch(() => { @@ -49,6 +57,7 @@ class messageListener extends Listener { censoredMessage = censoredMessage.replace(/[\u0250-\ue007]/g, ''); for (let i = 0; i < bannedWords.length; i++) { + if (!safe(bannedWords[i].get('word'))) return; let regex = new RegExp(bannedWords[i].get('word'), 'g'); censoredMessage = censoredMessage.replace(regex, '█'.repeat(bannedWords[i].get('word').length)); } diff --git a/package-lock.json b/package-lock.json index 2c1d1fd8..54793ef6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6121,6 +6121,11 @@ "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.13.3.tgz", "integrity": "sha512-naKIZz2GQ8JWh///G7L3X6LaQUAMp2lvb1rvwwsURe/VXwD6VMfr+/1NuNw3ag8v2kY1aQ/go5SNn79O9JU7yw==" }, + "regexp-tree": { + "version": "0.1.21", + "resolved": "https://registry.npmjs.org/regexp-tree/-/regexp-tree-0.1.21.tgz", + "integrity": "sha512-kUUXjX4AnqnR8KRTCrayAo9PzYMRKmVoGgaz2tBuz0MF3g1ZbGebmtW0yFHfFK9CmBjQKeYIgoL22pFLBJY7sw==" + }, "regexpp": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/regexpp/-/regexpp-2.0.1.tgz", @@ -6296,6 +6301,14 @@ "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" }, + "safe-regex": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/safe-regex/-/safe-regex-2.1.1.tgz", + "integrity": "sha512-rx+x8AMzKb5Q5lQ95Zoi6ZbJqwCLkqi3XuJXp5P3rT8OEc6sZCJG5AE5dU3lsgRr/F4Bs31jSlVN+j5KrsGu9A==", + "requires": { + "regexp-tree": "~0.1.1" + } + }, "safer-buffer": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", diff --git a/package.json b/package.json index 72cd80bf..146d5313 100644 --- a/package.json +++ b/package.json @@ -26,6 +26,7 @@ "mysql2": "^1.7.0", "node-fetch": "^2.6.0", "node-opus": "^0.3.3", + "safe-regex": "^2.1.1", "sequelize": "^5.21.5", "sqlite3": "^4.1.0", "superagent": "^4.1.0",