Restrict internal eval to bot owner when in debug mode

It's a security risk to let anyone in a test server have essentially full access to the host machine. Resolve #1683
author: MarkKoz <[email protected]> 2021-07-27 13:58:17 -0700
committer: MarkKoz <[email protected]> 2021-07-27 14:04:16 -0700
commit: 14056b3ede96401d2a3364ca9a0e8f3b3ec72277 (patch)
tree: 5e84ee51306462ce1cb5705e71565504ed9d9d81
parent: Specify DEBUG_MODE via the config file (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/bot/exts/utils/internal.py b/bot/exts/utils/internal.py
index 6f2da3131..5d2cd7611 100644
--- a/bot/exts/utils/internal.py
+++ b/bot/exts/utils/internal.py
@@ -11,10 +11,10 @@ from io import StringIO
 from typing import Any, Optional, Tuple
 
 import discord
-from discord.ext.commands import Cog, Context, group, has_any_role
+from discord.ext.commands import Cog, Context, group, has_any_role, is_owner
 
 from bot.bot import Bot
-from bot.constants import Roles
+from bot.constants import DEBUG_MODE, Roles
 from bot.utils import find_nth_occurrence, send_to_paste_service
 
 log = logging.getLogger(__name__)
@@ -33,6 +33,9 @@ class Internal(Cog):
         self.socket_event_total = 0
         self.socket_events = Counter()
 
+        if DEBUG_MODE:
+            self.eval.add_check(is_owner().predicate)
+
     @Cog.listener()
     async def on_socket_response(self, msg: dict) -> None:
         """When a websocket event is received, increase our counters."""
author	MarkKoz <[email protected]>	2021-07-27 13:58:17 -0700
committer	MarkKoz <[email protected]>	2021-07-27 14:04:16 -0700
commit	14056b3ede96401d2a3364ca9a0e8f3b3ec72277 (patch)
tree	5e84ee51306462ce1cb5705e71565504ed9d9d81
parent	Specify DEBUG_MODE via the config file (diff)