fix: sql injection

package.json

@@ -7,6 +7,7 @@
   "dependencies": {
     "array-shuffle": "^3.0.0",
     "discord.js": "^14.7.1",
+    "dokdo": "^0.6.2",
     "dotenv": "^16.0.3",
     "sqlite3": "^5.1.4"
   },

src/ChatBot.ts

@@ -39,10 +39,9 @@ export default class ChatBot {
         )
       } else {
         if (!msg.content.startsWith('머핀아 ')) return
-        const sql = `INSERT INTO statement(text) VALUES('${msg.content.replace(
+        const sql = `INSERT INTO statement(text) VALUES('${msg.content
-          '머핀아 ',
+          .replace('머핀아 ', '')
-          ''
+          .replace("'", '')}');`
-        )}');`
         this.db.run(sql, err => {
           if (err) throw err
         })
@@ -50,4 +49,8 @@ export default class ChatBot {
     })
     return this
   }
+
+  public destroy() {
+    this.db.close()
+  }
 }

src/Client.ts

@@ -2,6 +2,7 @@ import { ActivityType, Client, GatewayIntentBits } from 'discord.js'
 import ChatBot from './ChatBot.js'
 import { join, dirname } from 'node:path'
 import { fileURLToPath } from 'node:url'
+import Dokdo from 'dokdo'
 import 'dotenv/config'
 
 export default class MuffinAI extends Client {
@@ -28,10 +29,34 @@ export default class MuffinAI extends Client {
       console.log(`먹힐 준비 완료`)
     }).on('messageCreate', msg => {
       if (msg.author.bot) return
-      if (!msg.content.startsWith('머핀아 ')) return
+      new Dokdo(this, {
-
+        prefix: '멒힌아 ',
-      this.chatBot.getResponse(msg, true)
+        noPerm: msg => msg.reply('당신은 내 남자친구가 아니잖아!'),
+        aliases: ['테스트'],
+        owners: ['415135882006495242'],
+      }).run(msg)
+      if (msg.content.startsWith('머핀아 ')) this.chatBot.getResponse(msg, true)
+      else if (msg.content.startsWith('멒힌아 봇꺼')) {
+        if (msg.author.id !== '415135882006495242') {
+          msg.reply({
+            content: '당신은 내 남자친구가 아니야!',
+            allowedMentions: {
+              repliedUser: false,
+              parse: [],
+              users: [],
+              roles: [],
+            },
+          })
+          return
+        }
+        this.destroy()
+      } else return
     })
     return super.login()
   }
+
+  public override destroy() {
+    this.chatBot.destroy()
+    super.destroy()
+  }
 }

yarn.lock

@@ -472,6 +472,13 @@ discord.js@^14.7.1:
     undici "^5.13.0"
     ws "^8.11.0"
 
+dokdo@^0.6.2:
+  version "0.6.2"
+  resolved "https://registry.yarnpkg.com/dokdo/-/dokdo-0.6.2.tgz#1e276999f9230f0df54f561992f33a79044d31dc"
+  integrity sha512-o0m3SSFok+OOvX+Oh8hD17Gx4K/AXSeIv7nZtLPmjkUWDzXO4d4mgQK1s82PDy/QOkDEipV9mm5x8gUNoYHRqA==
+  dependencies:
+    node-fetch "^2.6.1"
+
 dotenv@^16.0.3:
   version "16.0.3"
   resolved "https://registry.yarnpkg.com/dotenv/-/dotenv-16.0.3.tgz#115aec42bac5053db3c456db30cc243a5a836a07"
@@ -1114,7 +1121,7 @@ node-addon-api@^4.2.0:
   resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-4.3.0.tgz#52a1a0b475193e0928e98e0426a0d1254782b77f"
   integrity sha512-73sE9+3UaLYYFmDsFZnqCInzPyh3MqIwZO9cw58yIqAZhONrrabrYyYe3TuIqtIiOuTXVhsGau8hcrhhwSsDIQ==
 
-node-fetch@^2.6.7:
+node-fetch@^2.6.1, node-fetch@^2.6.7:
   version "2.6.8"
   resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.8.tgz#a68d30b162bc1d8fd71a367e81b997e1f4d4937e"
   integrity sha512-RZ6dBYuj8dRSfxpUSu+NsdF1dpPpluJxwOp+6IoDp/sH2QNDSvurYsAa+F1WxY2RjA1iP93xhcsUoYbF2XBqVg==