fix: sql injection

2023-01-24 19:54:49 +09:00 · 2023-01-24 19:54:49 +09:00 · 6878192131
commit 6878192131
parent 4e08e975e2
4 changed files with 44 additions and 8 deletions
--- a/package.json
+++ b/package.json
@ -7,6 +7,7 @@
  "dependencies": {
    "array-shuffle": "^3.0.0",
    "discord.js": "^14.7.1",
+    "dokdo": "^0.6.2",
    "dotenv": "^16.0.3",
    "sqlite3": "^5.1.4"
  },
--- a/src/ChatBot.ts
+++ b/src/ChatBot.ts
@ -39,10 +39,9 @@ export default class ChatBot {
        )
      } else {
        if (!msg.content.startsWith('머핀아 ')) return
-        const sql = `INSERT INTO statement(text) VALUES('${msg.content.replace(
-          '머핀아 ',
-          ''
-        )}');`
+        const sql = `INSERT INTO statement(text) VALUES('${msg.content
+          .replace('머핀아 ', '')
+          .replace("'", '')}');`
        this.db.run(sql, err => {
          if (err) throw err
        })
@ -50,4 +49,8 @@ export default class ChatBot {
    })
    return this
  }
+
+  public destroy() {
+    this.db.close()
+  }
 }
--- a/src/Client.ts
+++ b/src/Client.ts
@ -2,6 +2,7 @@ import { ActivityType, Client, GatewayIntentBits } from 'discord.js'
 import ChatBot from './ChatBot.js'
 import { join, dirname } from 'node:path'
 import { fileURLToPath } from 'node:url'
+import Dokdo from 'dokdo'
 import 'dotenv/config'

 export default class MuffinAI extends Client {
@ -28,10 +29,34 @@ export default class MuffinAI extends Client {
      console.log(`먹힐 준비 완료`)
    }).on('messageCreate', msg => {
      if (msg.author.bot) return
-      if (!msg.content.startsWith('머핀아 ')) return
-
-      this.chatBot.getResponse(msg, true)
+      new Dokdo(this, {
+        prefix: '멒힌아 ',
+        noPerm: msg => msg.reply('당신은 내 남자친구가 아니잖아!'),
+        aliases: ['테스트'],
+        owners: ['415135882006495242'],
+      }).run(msg)
+      if (msg.content.startsWith('머핀아 ')) this.chatBot.getResponse(msg, true)
+      else if (msg.content.startsWith('멒힌아 봇꺼')) {
+        if (msg.author.id !== '415135882006495242') {
+          msg.reply({
+            content: '당신은 내 남자친구가 아니야!',
+            allowedMentions: {
+              repliedUser: false,
+              parse: [],
+              users: [],
+              roles: [],
+            },
+          })
+          return
+        }
+        this.destroy()
+      } else return
    })
    return super.login()
  }
+
+  public override destroy() {
+    this.chatBot.destroy()
+    super.destroy()
+  }
 }
--- a/yarn.lock
+++ b/yarn.lock
@ -472,6 +472,13 @@ discord.js@^14.7.1:
    undici "^5.13.0"
    ws "^8.11.0"

+dokdo@^0.6.2:
+  version "0.6.2"
+  resolved "https://registry.yarnpkg.com/dokdo/-/dokdo-0.6.2.tgz#1e276999f9230f0df54f561992f33a79044d31dc"
+  integrity sha512-o0m3SSFok+OOvX+Oh8hD17Gx4K/AXSeIv7nZtLPmjkUWDzXO4d4mgQK1s82PDy/QOkDEipV9mm5x8gUNoYHRqA==
+  dependencies:
+    node-fetch "^2.6.1"
+
 dotenv@^16.0.3:
  version "16.0.3"
  resolved "https://registry.yarnpkg.com/dotenv/-/dotenv-16.0.3.tgz#115aec42bac5053db3c456db30cc243a5a836a07"
@ -1114,7 +1121,7 @@ node-addon-api@^4.2.0:
  resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-4.3.0.tgz#52a1a0b475193e0928e98e0426a0d1254782b77f"
  integrity sha512-73sE9+3UaLYYFmDsFZnqCInzPyh3MqIwZO9cw58yIqAZhONrrabrYyYe3TuIqtIiOuTXVhsGau8hcrhhwSsDIQ==

-node-fetch@^2.6.7:
+node-fetch@^2.6.1, node-fetch@^2.6.7:
  version "2.6.8"
  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.8.tgz#a68d30b162bc1d8fd71a367e81b997e1f4d4937e"
  integrity sha512-RZ6dBYuj8dRSfxpUSu+NsdF1dpPpluJxwOp+6IoDp/sH2QNDSvurYsAa+F1WxY2RjA1iP93xhcsUoYbF2XBqVg==