murm/mrmBot-Matrix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Some security fixes

Browse source
This commit is contained in:
TheEssem 2020-11-20 15:16:52 -06:00
parent fe051afdb0
commit ca6cffa67c
7 changed files with 33 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

3
api/index.js
View file

@ -1,4 +1,4 @@
// code provided by terradice/tzlil // code provided by tzlil
const os = require("os"); const os = require("os");
const { Worker, isMainThread, parentPort } = require("worker_threads"); const { Worker, isMainThread, parentPort } = require("worker_threads");
@ -114,6 +114,7 @@ if (isMainThread) {
log(`${job.uuid} is done`, job.threadNum); log(`${job.uuid} is done`, job.threadNum);
const server = net.createServer(function(socket) { const server = net.createServer(function(socket) {
socket.write(Buffer.concat([Buffer.from(type ? type : "image/png"), Buffer.from("\n"), data])); socket.write(Buffer.concat([Buffer.from(type ? type : "image/png"), Buffer.from("\n"), data]));
socket.end();
}); });
server.listen(job.port, job.addr); server.listen(job.port, job.addr);
// handle address in use errors // handle address in use errors

2
commands/ban.js
View file

@ -14,7 +14,7 @@ exports.run = async (message, args) => {
} }
} else if (args[0].match(/^<?[@#]?[&!]?\d+>?$/) && args[0] >= 21154535154122752) { } else if (args[0].match(/^<?[@#]?[&!]?\d+>?$/) && args[0] >= 21154535154122752) {
try { try {
const id = args[0].replace("@", "").replace("#", "").replace("!", "").replace("&", "").replace("<", "").replace(">", ""); const id = args[0].replace(/@/g, "").replace(/#/g, "").replace(/!/g, "").replace(/&/g, "").replace(/</g, "").replace(/>/g, "");
await message.channel.guild.banMember(id, 0, `Banned by ID, command used by @${message.author.username}#${message.author.discriminator}`); await message.channel.guild.banMember(id, 0, `Banned by ID, command used by @${message.author.username}#${message.author.discriminator}`);
return `Successfully banned user with ID \`${id}\`.`; return `Successfully banned user with ID \`${id}\`.`;
} catch (e) { } catch (e) {

4
commands/channel.js
View file

@ -8,7 +8,7 @@ exports.run = async (message, args) => {
const guildDB = await db.guilds.findOne({id: message.channel.guild.id}); const guildDB = await db.guilds.findOne({id: message.channel.guild.id});
if (args[0].toLowerCase() === "disable") { if (args[0].toLowerCase() === "disable") {
if (args[1] && args[1].match(/^<?[@#]?[&!]?\d+>?$/) && args[1] >= 21154535154122752) { if (args[1] && args[1].match(/^<?[@#]?[&!]?\d+>?$/) && args[1] >= 21154535154122752) {
const id = args[1].replace("@", "").replace("#", "").replace("!", "").replace("&", "").replace("<", "").replace(">", ""); const id = args[1].replace(/@/g, "").replace(/#/g, "").replace(/!/g, "").replace(/&/g, "").replace(/</g, "").replace(/>/g, "");
if (guildDB.disabledChannels.includes(id)) return `${message.author.mention}, I'm already disabled in this channel!`; if (guildDB.disabledChannels.includes(id)) return `${message.author.mention}, I'm already disabled in this channel!`;
guildDB.disabledChannels.push(id); guildDB.disabledChannels.push(id);
} else { } else {
@ -19,7 +19,7 @@ exports.run = async (message, args) => {
return `${message.author.mention}, I have been disabled in this channel. To re-enable me, just run \`${guildDB.prefix}channel enable\`.`; return `${message.author.mention}, I have been disabled in this channel. To re-enable me, just run \`${guildDB.prefix}channel enable\`.`;
} else if (args[0].toLowerCase() === "enable") { } else if (args[0].toLowerCase() === "enable") {
if (args[1] && args[1].match(/^<?[@#]?[&!]?\d+>?$/) && args[1] >= 21154535154122752) { if (args[1] && args[1].match(/^<?[@#]?[&!]?\d+>?$/) && args[1] >= 21154535154122752) {
const id = args[1].replace("@", "").replace("#", "").replace("!", "").replace("&", "").replace("<", "").replace(">", ""); const id = args[1].replace(/@/g, "").replace(/#/g, "").replace(/!/g, "").replace(/&/g, "").replace(/</g, "").replace(/>/g, "");
if (!guildDB.disabledChannels.includes(id)) return `${message.author.mention}, I'm not disabled in that channel!`; if (!guildDB.disabledChannels.includes(id)) return `${message.author.mention}, I'm not disabled in that channel!`;
guildDB.disabledChannels = guildDB.disabledChannels.filter(item => item !== id); guildDB.disabledChannels = guildDB.disabledChannels.filter(item => item !== id);
} else { } else {

2
commands/snowflake.js
View file

@ -1,7 +1,7 @@
exports.run = async (message, args) => { exports.run = async (message, args) => {
if (!args[0]) return `${message.author.mention}, you need to provide a snowflake ID!`; if (!args[0]) return `${message.author.mention}, you need to provide a snowflake ID!`;
if (!args[0].match(/^<?[@#]?[&!]?\d+>?$/) && args[0] < 21154535154122752) return `${message.author.mention}, that's not a valid snowflake!`; if (!args[0].match(/^<?[@#]?[&!]?\d+>?$/) && args[0] < 21154535154122752) return `${message.author.mention}, that's not a valid snowflake!`;
return new Date((args[0].replace("@", "").replace("#", "").replace("!", "").replace("&", "").replace("<", "").replace(">", "") / 4194304) + 1420070400000).toUTCString(); return new Date((args[0].replace(/@/g, "").replace(/#/g, "").replace(/!/g, "").replace(/&/g, "").replace(/</g, "").replace(/>/g, "") / 4194304) + 1420070400000).toUTCString();
}; };
exports.aliases = ["timestamp", "snowstamp", "snow"]; exports.aliases = ["timestamp", "snowstamp", "snow"];

6
commands/youtube.js
View file

@ -10,11 +10,11 @@ exports.run = async (message, args) => {
const result = await request.json(); const result = await request.json();
for (const [i, value] of result.items.entries()) { for (const [i, value] of result.items.entries()) {
if (value.id.kind === "youtube#channel") { if (value.id.kind === "youtube#channel") {
messages.push(`Page ${i + 1} of ${result.items.length}\n<:youtube:637020823005167626> **${decodeEntities(value.snippet.title).replace("*", "\\*")}**\nhttps://youtube.com/channel/${value.id.channelId}`); messages.push(`Page ${i + 1} of ${result.items.length}\n<:youtube:637020823005167626> **${decodeEntities(value.snippet.title).replace(/\*/g, "\\*")}**\nhttps://youtube.com/channel/${value.id.channelId}`);
} else if (value.id.kind === "youtube#playlist") { } else if (value.id.kind === "youtube#playlist") {
messages.push(`Page ${i + 1} of ${result.items.length}\n<:youtube:637020823005167626> **${decodeEntities(value.snippet.title).replace("*", "\\*")}**\nCreated by **${decodeEntities(value.snippet.channelTitle).replace("*", "\\*")}**\nhttps://youtube.com/playlist?list=${value.id.playlistId}`); messages.push(`Page ${i + 1} of ${result.items.length}\n<:youtube:637020823005167626> **${decodeEntities(value.snippet.title).replace(/\*/g, "\\*")}**\nCreated by **${decodeEntities(value.snippet.channelTitle).replace(/\*/g, "\\*")}**\nhttps://youtube.com/playlist?list=${value.id.playlistId}`);
} else { } else {
messages.push(`Page ${i + 1} of ${result.items.length}\n<:youtube:637020823005167626> **${decodeEntities(value.snippet.title).replace("*", "\\*")}**\nUploaded by **${decodeEntities(value.snippet.channelTitle).replace("*", "\\*")}** on **${value.snippet.publishedAt.split("T")[0]}**\nhttps://youtube.com/watch?v=${value.id.videoId}`); messages.push(`Page ${i + 1} of ${result.items.length}\n<:youtube:637020823005167626> **${decodeEntities(value.snippet.title).replace(/\*/g, "\\*")}**\nUploaded by **${decodeEntities(value.snippet.channelTitle).replace(/\*/g, "\\*")}** on **${value.snippet.publishedAt.split("T")[0]}**\nhttps://youtube.com/watch?v=${value.id.videoId}`);
} }
} }
return paginator(message, messages); return paginator(message, messages);

8
utils/image.js
View file

@ -41,9 +41,9 @@ exports.run = (object, fromAPI = false) => {
const array = []; const array = [];
client.on("data", (rawData) => { client.on("data", (rawData) => {
array.push(rawData); array.push(rawData);
if (rawData.length !== 32 * 1024) { /*if (rawData.length < 32 * 1024) {
client.end(); client.end();
} }*/
}); });
client.once("end", () => { client.once("end", () => {
const data = Buffer.concat(array); const data = Buffer.concat(array);
@ -52,10 +52,12 @@ exports.run = (object, fromAPI = false) => {
buffer: data.slice(format.dataStart + 1), buffer: data.slice(format.dataStart + 1),
type: format.buffer.toString().split("/")[1] type: format.buffer.toString().split("/")[1]
}; };
//console.log(payload);
socket.close(); socket.close();
resolve(payload); resolve(payload);
}); });
client.on("error", (err) => {
throw err;
});
} else if (opcode === 0x2) { } else if (opcode === 0x2) {
reject(req); reject(req);
} }

22
utils/imagedetect.js
View file

@ -1,6 +1,21 @@
const fetch = require("node-fetch"); const fetch = require("node-fetch");
const url = require("url");
const execPromise = require("util").promisify(require("child_process").exec); const execPromise = require("util").promisify(require("child_process").exec);
const tenorURLs = [
"tenor.com",
"www.tenor.com"
];
const giphyURLs = [
"giphy.com",
"www.giphy.com"
];
const imgurURLs = [
"imgur.com",
"www.imgur.com",
"i.imgur.com"
];
// gets the proper image paths // gets the proper image paths
const getImage = async (image, image2, gifv = false) => { const getImage = async (image, image2, gifv = false) => {
try { try {
@ -9,7 +24,8 @@ const getImage = async (image, image2, gifv = false) => {
path: image path: image
}; };
if (gifv) { if (gifv) {
if (image2.includes("tenor.com")) { const host = url.parse(image2).host;
if (tenorURLs.includes(host)) {
if (process.env.TENOR !== "") { if (process.env.TENOR !== "") {
const data = await fetch(`https://api.tenor.com/v1/gifs?ids=${image2.split("-").pop()}&key=${process.env.TENOR}`); const data = await fetch(`https://api.tenor.com/v1/gifs?ids=${image2.split("-").pop()}&key=${process.env.TENOR}`);
const json = await data.json(); const json = await data.json();
@ -18,9 +34,9 @@ const getImage = async (image, image2, gifv = false) => {
const delay = (await execPromise(`ffprobe -v 0 -of csv=p=0 -select_streams v:0 -show_entries stream=r_frame_rate ${image}`)).stdout.replace("\n", ""); const delay = (await execPromise(`ffprobe -v 0 -of csv=p=0 -select_streams v:0 -show_entries stream=r_frame_rate ${image}`)).stdout.replace("\n", "");
payload.delay = (100 / delay.split("/")[0]) * delay.split("/")[1]; payload.delay = (100 / delay.split("/")[0]) * delay.split("/")[1];
} }
} else if (image2.includes("giphy.com")) { } else if (giphyURLs.includes(host)) {
payload.path = `https://media0.giphy.com/media/${image2.split("-").pop()}/giphy.gif`; payload.path = `https://media0.giphy.com/media/${image2.split("-").pop()}/giphy.gif`;
} else if (image2.includes("imgur.com")) { } else if (imgurURLs.includes(host)) {
payload.path = image.replace(".mp4", ".gif"); payload.path = image.replace(".mp4", ".gif");
} }
payload.type = "image/gif"; payload.type = "image/gif";