diff options
| author |  D0rs4n <[email protected]> | 2021-08-16 01:40:19 +0200 |
|---|---|---|
| committer | D0rs4n <[email protected]> | 2021-08-16 01:40:19 +0200 |
| commit | 5f0d7f739109e0b4e6ae7146a81de7a3ce173492 (patch) | |
| tree | e8cb95d3f36fa89d7fe6c4185304ff402db2cc37 | |
| parent | Merge pull request #1677 from python-discord/mbaruh/jam-management (diff) | |
Enhance security in the Webhook remover.
From now on, webhooks that were posted in the chat will be also
deleted from Discord in order to eliminate the risk.
Diffstat (limited to '')
| -rw-r--r-- | bot/exts/filters/webhook_remover.py | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/bot/exts/filters/webhook_remover.py b/bot/exts/filters/webhook_remover.py index f11fc8912..dc1799f88 100644 --- a/bot/exts/filters/webhook_remover.py +++ b/bot/exts/filters/webhook_remover.py @@ -13,8 +13,8 @@ WEBHOOK_URL_RE = re.compile(r"((?:https?://)?discord(?:app)?\.com/api/webhooks/\ ALERT_MESSAGE_TEMPLATE = ( "{user}, looks like you posted a Discord webhook URL. Therefore, your " - "message has been removed. Your webhook may have been **compromised** so " - "please re-create the webhook **immediately**. If you believe this was a " + "message has been removed, alongside with your webhook" + "you can re-create it if you wish to. If you believe this was a " "mistake, please let us know." ) @@ -32,7 +32,7 @@ class WebhookRemover(Cog): """Get current instance of `ModLog`.""" return self.bot.get_cog("ModLog") - async def delete_and_respond(self, msg: Message, redacted_url: str) -> None: + async def delete_and_respond(self, msg: Message, redacted_url: str, webhook_deleted: bool) -> None: """Delete `msg` and send a warning that it contained the Discord webhook `redacted_url`.""" # Don't log this, due internal delete, not by user. Will make different entry. self.mod_log.ignore(Event.message_delete, msg.id) @@ -44,9 +44,12 @@ class WebhookRemover(Cog): return await msg.channel.send(ALERT_MESSAGE_TEMPLATE.format(user=msg.author.mention)) - + if webhook_deleted: + delete_state = "The webhook was successfully deleted." + else: + delete_state = "There was an error when deleting the webhook, it might have already been removed." message = ( - f"{format_user(msg.author)} posted a Discord webhook URL to {msg.channel.mention}. " + f"{format_user(msg.author)} posted a Discord webhook URL to {msg.channel.mention}.{delete_state} " f"Webhook URL was `{redacted_url}`" ) log.debug(message) @@ -72,7 +75,12 @@ class WebhookRemover(Cog): matches = WEBHOOK_URL_RE.search(msg.content) if matches: - await self.delete_and_respond(msg, matches[1] + "xxx") + async with self.bot.http_session.delete(msg.content) as resp: + # The Discord API Returns a 204 NO CONTENT repsonse on success. + if resp.status == 204: + await self.delete_and_respond(msg, matches[1] + "xxx", True) + else: + await self.delete_and_respond(msg, matches[1] + "xxx", False) @Cog.listener() async def on_message_edit(self, before: Message, after: Message) -> None: |