dont you fucking love it when you leak your db secret in #general

2021-10-13 21:21:01 +02:00 · 2021-10-13 21:21:01 +02:00 · 2b851c813c
commit 2b851c813c
parent d6ef3c8697
2 changed files with 19 additions and 6 deletions
--- a/src/bot/commands/eval.ts
+++ b/src/bot/commands/eval.ts
@ -1,6 +1,7 @@
 import Command from "../../struct/Command";
 import { Message } from "revolt.js/dist/maps/Messages";
 import { inspect } from 'util';
+import { client } from "../..";

 export default {
    name: 'eval',
@ -23,19 +24,31 @@ export default {
                await m?.edit({ content: `## **Promise**<pending>` });
                e.then((res) => {
                    m?.edit({
-                        content: `## **Promise**<resolved>\n\`\`\`js\n${`${inspect(res)}`.substr(0, 1960)}\n\`\`\``
+                        content: `## **Promise**<resolved>\n\`\`\`js\n${render(res)}\n\`\`\``
                    });
                })
                .catch((res) => {
                    m?.edit({
-                        content: `## **Promise**<rejected>\n\`\`\`js\n${`${inspect(res)}`.substr(0, 1960)}\n\`\`\``
+                        content: `## **Promise**<rejected>\n\`\`\`js\n${render(res)}\n\`\`\``
                    });
                });
            } else {
-                message.channel?.sendMessage(`\`\`\`js\n${inspect(e).substr(0, 1980)}\n\`\`\``);
+                message.channel?.sendMessage(`\`\`\`js\n${render(e)}\n\`\`\``);
            }
        } catch(e) {
-            m?.edit({ content: `## Execution failed\n\`\`\`js\n${inspect(e).substr(0, 1960)}\n\`\`\`` });
+            m?.edit({ content: `## Execution failed\n\`\`\`js\n${render(e)}\n\`\`\`` });
        }
    }
 } as Command;
+
+function removeSecrets(input: string): string {
+    if (process.env['DB_PASS']) input = input.replace(new RegExp(process.env['DB_PASS']!, 'gi'), '[Secret redacted]');
+    if (process.env['DB_URL']) input = input.replace(new RegExp(process.env['DB_URL']!, 'gi'), '[Secret redacted]');
+    input = input.replace(new RegExp(process.env['BOT_TOKEN']!, 'gi'), '[Secret redacted]');
+        
+    return input;
+}
+
+function render(input: any): string {
+    return removeSecrets(inspect(input)).substr(0, 1960);
+}
--- a/src/bot/commands/warns.ts
+++ b/src/bot/commands/warns.ts
@ -3,7 +3,7 @@ import { Message } from "revolt.js/dist/maps/Messages";
 import { client } from "../..";
 import Infraction from "../../struct/antispam/Infraction";
 import InfractionType from "../../struct/antispam/InfractionType";
-import { isModerator, parseUser } from "../util";
+import { isModerator, NO_MANAGER_MSG, parseUser } from "../util";
 import Day from 'dayjs';
 import RelativeTime from 'dayjs/plugin/relativeTime';
 import Xlsx from 'xlsx';
@ -18,7 +18,7 @@ export default {
    description: 'Show all user infractions',
    syntax: '/warns; /warns @username; /warns @username export-csv',
    run: async (message: Message, args: string[]) => {
-        if (!await isModerator(message.member!)) return;
+        if (!await isModerator(message.member!)) return message.reply(NO_MANAGER_MSG);

        let collection = client.db.get('infractions');
        let infractions: Array<Infraction> = await collection.find({