From 6878192131bbae9e2eae123e087d4301cfb6cf9b Mon Sep 17 00:00:00 2001 From: Migan178 Date: Tue, 24 Jan 2023 19:54:49 +0900 Subject: [PATCH] fix: sql injection --- package.json | 1 + src/ChatBot.ts | 11 +++++++---- src/Client.ts | 31 ++++++++++++++++++++++++++++--- yarn.lock | 9 ++++++++- 4 files changed, 44 insertions(+), 8 deletions(-) diff --git a/package.json b/package.json index bf20829..6f9a699 100644 --- a/package.json +++ b/package.json @@ -7,6 +7,7 @@ "dependencies": { "array-shuffle": "^3.0.0", "discord.js": "^14.7.1", + "dokdo": "^0.6.2", "dotenv": "^16.0.3", "sqlite3": "^5.1.4" }, diff --git a/src/ChatBot.ts b/src/ChatBot.ts index bbd5369..aa8d88a 100644 --- a/src/ChatBot.ts +++ b/src/ChatBot.ts @@ -39,10 +39,9 @@ export default class ChatBot { ) } else { if (!msg.content.startsWith('머핀아 ')) return - const sql = `INSERT INTO statement(text) VALUES('${msg.content.replace( - '머핀아 ', - '' - )}');` + const sql = `INSERT INTO statement(text) VALUES('${msg.content + .replace('머핀아 ', '') + .replace("'", '')}');` this.db.run(sql, err => { if (err) throw err }) @@ -50,4 +49,8 @@ export default class ChatBot { }) return this } + + public destroy() { + this.db.close() + } } diff --git a/src/Client.ts b/src/Client.ts index 8e0d8de..67dfd84 100644 --- a/src/Client.ts +++ b/src/Client.ts @@ -2,6 +2,7 @@ import { ActivityType, Client, GatewayIntentBits } from 'discord.js' import ChatBot from './ChatBot.js' import { join, dirname } from 'node:path' import { fileURLToPath } from 'node:url' +import Dokdo from 'dokdo' import 'dotenv/config' export default class MuffinAI extends Client { @@ -28,10 +29,34 @@ export default class MuffinAI extends Client { console.log(`먹힐 준비 완료`) }).on('messageCreate', msg => { if (msg.author.bot) return - if (!msg.content.startsWith('머핀아 ')) return - - this.chatBot.getResponse(msg, true) + new Dokdo(this, { + prefix: '멒힌아 ', + noPerm: msg => msg.reply('당신은 내 남자친구가 아니잖아!'), + aliases: ['테스트'], + owners: ['415135882006495242'], + }).run(msg) + if (msg.content.startsWith('머핀아 ')) this.chatBot.getResponse(msg, true) + else if (msg.content.startsWith('멒힌아 봇꺼')) { + if (msg.author.id !== '415135882006495242') { + msg.reply({ + content: '당신은 내 남자친구가 아니야!', + allowedMentions: { + repliedUser: false, + parse: [], + users: [], + roles: [], + }, + }) + return + } + this.destroy() + } else return }) return super.login() } + + public override destroy() { + this.chatBot.destroy() + super.destroy() + } } diff --git a/yarn.lock b/yarn.lock index 59474d3..0f72791 100644 --- a/yarn.lock +++ b/yarn.lock @@ -472,6 +472,13 @@ discord.js@^14.7.1: undici "^5.13.0" ws "^8.11.0" +dokdo@^0.6.2: + version "0.6.2" + resolved "https://registry.yarnpkg.com/dokdo/-/dokdo-0.6.2.tgz#1e276999f9230f0df54f561992f33a79044d31dc" + integrity sha512-o0m3SSFok+OOvX+Oh8hD17Gx4K/AXSeIv7nZtLPmjkUWDzXO4d4mgQK1s82PDy/QOkDEipV9mm5x8gUNoYHRqA== + dependencies: + node-fetch "^2.6.1" + dotenv@^16.0.3: version "16.0.3" resolved "https://registry.yarnpkg.com/dotenv/-/dotenv-16.0.3.tgz#115aec42bac5053db3c456db30cc243a5a836a07" @@ -1114,7 +1121,7 @@ node-addon-api@^4.2.0: resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-4.3.0.tgz#52a1a0b475193e0928e98e0426a0d1254782b77f" integrity sha512-73sE9+3UaLYYFmDsFZnqCInzPyh3MqIwZO9cw58yIqAZhONrrabrYyYe3TuIqtIiOuTXVhsGau8hcrhhwSsDIQ== -node-fetch@^2.6.7: +node-fetch@^2.6.1, node-fetch@^2.6.7: version "2.6.8" resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.8.tgz#a68d30b162bc1d8fd71a367e81b997e1f4d4937e" integrity sha512-RZ6dBYuj8dRSfxpUSu+NsdF1dpPpluJxwOp+6IoDp/sH2QNDSvurYsAa+F1WxY2RjA1iP93xhcsUoYbF2XBqVg==