From b8c58708f5443370eb91db31d61b094f6110d21a Mon Sep 17 00:00:00 2001
From: Lio Young <lio@werewolf.design>
Date: Sat, 10 Apr 2021 23:27:27 +0200
Subject: [PATCH] make eval unable to return sensitive strings

---
 src/modules/developer/eval.ts |  9 +++++----
 src/utils/clean.ts            | 23 +++++++++++++++++++++++
 src/utils/replace.ts          |  2 +-
 3 files changed, 29 insertions(+), 5 deletions(-)
 create mode 100644 src/utils/clean.ts

diff --git a/src/modules/developer/eval.ts b/src/modules/developer/eval.ts
index 41d5e25..14bd408 100644
--- a/src/modules/developer/eval.ts
+++ b/src/modules/developer/eval.ts
@@ -1,5 +1,6 @@
+import { Context } from "../../utils/types";
 import Command from "../../handler/structures/Command";
-
+import clean from "../../utils/clean"
 export = class Eval extends Command {
     constructor() {
         super({
@@ -15,16 +16,16 @@ export = class Eval extends Command {
         })
     }
 
-    async command(ctx: any) {
+    async command(ctx: Context) {
         let code = ctx.args.join(" ")
         try {
             let evaled = await eval(code)
             if (typeof evaled != 'string') {
                 evaled = (await import("util")).inspect(evaled, false, 1)
             }
-            return evaled
+            return ctx.channel.send(`\`\`\`js\n${clean(evaled)}\n\`\`\``)
         } catch (error) {
-
+            console.error(error)
         }
     }
 }
\ No newline at end of file
diff --git a/src/utils/clean.ts b/src/utils/clean.ts
new file mode 100644
index 0000000..29c21e8
--- /dev/null
+++ b/src/utils/clean.ts
@@ -0,0 +1,23 @@
+import config from '../../config'
+import replace from './replace'
+let SensitiveStrings = [
+    config.token,
+    config.supabase.key,
+    config.supabase.url,
+    config.apis.sheri,
+    config.apis.yiffrest,
+].flat(Infinity)
+
+
+export default function clean(content: any) {
+    let type = content
+    if (typeof type === 'object') {
+        content = JSON.stringify(content)
+    }
+    let regex = new RegExp(`(${SensitiveStrings.join("|")})`, "gi")
+    content = replace(regex, "*snip*", content)
+    if (typeof type === 'object') {
+        content = JSON.parse(content)
+    }
+    return content
+}
\ No newline at end of file
diff --git a/src/utils/replace.ts b/src/utils/replace.ts
index ff0813c..ebd80c1 100644
--- a/src/utils/replace.ts
+++ b/src/utils/replace.ts
@@ -1,4 +1,4 @@
-export default function replace(to_replace: string, replace_with: string, full_string: string) {
+export default function replace(to_replace: any, replace_with: string, full_string: string) {
 
     return full_string.replace(to_replace, replace_with)
 }
\ No newline at end of file