diff options
| author | Márcio Silva <coadde at hyperbola dot info> | 2017-06-04 12:03:11 -0300 |
|---|---|---|
| committer | Márcio Silva <coadde at hyperbola dot info> | 2017-06-04 12:03:11 -0300 |
| commit | 5ac26dc8291c8d4c3d5d033c5ad22bb54ea8e3a9 (patch) | |
| tree | b389be3eb21e367823deb1f8e9c98fe9fcac71e8 | |
| parent | 7eb1df0ef4ccc5bc3e9c5a74dea6a5b796cc3cb4 (diff) | |
| download | hyperbot-5ac26dc8291c8d4c3d5d033c5ad22bb54ea8e3a9.tar.lz hyperbot-5ac26dc8291c8d4c3d5d033c5ad22bb54ea8e3a9.tar.xz hyperbot-5ac26dc8291c8d4c3d5d033c5ad22bb54ea8e3a9.zip | |
Update lib/main.sh and process_event from pbot-ng, remove issue_tracker_change_detector, to fix hyperbot vunerability
| -rwxr-xr-x | issue_tracker_change_detector | 94 | ||||
| -rw-r--r-- | lib/main.sh | 35 | ||||
| -rw-r--r-- | process_event (renamed from hack_of_all_hacks) | 50 |
3 files changed, 42 insertions, 137 deletions
diff --git a/issue_tracker_change_detector b/issue_tracker_change_detector deleted file mode 100755 index 699f8cc..0000000 --- a/issue_tracker_change_detector +++ /dev/null @@ -1,94 +0,0 @@ -#! /bin/bash - -while true -do - source common_codez - - log_file=bug_sums - - temp_file=$( mktemp ) - - temp_changes=$( mktemp ) - - changes="/tmp/un-provoked-message-store" - - for url in $( curl --compressed "https://issues.hyperbola.info/bugs/issue?@pagesize=99999" 2> /dev/null | grep -E 'href="issue[[:digit:]]+' | cut -d '"' -f 2 ) - do - tfile="$( mktemp )" - - try_count=1 - - # Get the URL and make sure it's not empty. - until curl --compressed "https://issues.hyperbola.info/bugs/${url}" > "${tfile}" 2> /dev/null && (( $( wc -l "${tfile}" 2> /dev/null | cut -d ' ' -f 1 ) )) - do - # The time we sleep doubles each time up to a maximum of 512 - # seconds, before restarting the entire script. - sleep "${try_count}" - - if (( try_count < 512 )) - then - try_count=$(( try_count * 2 )) - else - continue 2 - fi - done - - echo "${url} $( md5sum < ${tfile} | cut -d ' ' -f 1 )" >> "${temp_file}" - - rm "${tfile}" - done - - # Check that the log file is not empty as a sanity check. TODO record WHEN - # it last checked the bug tracker for changes so we can also check if it was - # too long ago. - if (( $( wc -l "${log_file}" 2> /dev/null | cut -d ' ' -f 1 ) )) - then - cat "${temp_file}" | - while read -r line - do - bug_number="${line%% *}" - # If this bug is not in the log file then it must be new. - if { ! grep "${bug_number}" "${log_file}" > /dev/null ; } - then - tdir="$( mktemp -d )" - curl --compressed "https://issues.hyperbola.info/bugs/${bug_number}" 2> /dev/null | csplit -f "${tdir}/xx" - '%<title>%1' - bug_title=$( head -1 ${tdir}/xx* | replace_wierd_html_chars ) - cat ${tdir}/xx* | csplit -f "${tdir}/gg" - '%<th class="required">Priority</th>%1' - priority=$( head -1 ${tdir}/gg* ) - priority=${priority#*>} - priority=${priority%<*} - rm -r "${tdir}" - echo "${bug_number} created: https://issues.hyperbola.info/bugs/${bug_number} (${bug_title% - Hyperbola\'s issue tracker} [${priority}])" >> "${temp_changes}" - # It is in the log file so now we check if the entire line is there, - # because if it's not then the md5sum must have changed. - elif { ! grep "${line}" "${log_file}" > /dev/null ; } - then - tdir="$( mktemp -d )" - curl --compressed "https://issues.hyperbola.info/bugs/${bug_number}" 2> /dev/null | csplit -f "${tdir}/xx" - '%<title>%1' - bug_title=$( head -1 ${tdir}/xx* | replace_wierd_html_chars ) - cat ${tdir}/xx* | csplit -f "${tdir}/gg" - '%<th class="required">Priority</th>%1' - priority=$( head -1 ${tdir}/gg* ) - priority=${priority#*>} - priority=${priority%<*} - rm -r "${tdir}" - echo "${bug_number} changed: https://issues.hyperbola.info/bugs/${bug_number} (${bug_title% - Hyperbola\'s issue tracker} [${priority}])" >> "${temp_changes}" - fi - done - fi - - if (( $( wc -l "${temp_changes}" 2> /dev/null | cut -d ' ' -f 1 ) > 12 )) - then - echo "More than 12 changes have been detected on the bug tracker. Ignoring." >> "${changes}" - else - while read line - do - echo "${line}" >> "${changes}" - done < "${temp_changes}" - fi - - mv "${temp_file}" "${log_file}" - - rm -f "${temp_changes}" - - sleep 5m -done diff --git a/lib/main.sh b/lib/main.sh index 1473edf..183ce8f 100644 --- a/lib/main.sh +++ b/lib/main.sh @@ -439,32 +439,19 @@ while true; do # Check if there is a command. commands_call_command "$sender" "$target" "$query" -################################################################################ -################################################################################ + # What happens next is important + config_update_time=-100 -# Hack of all hacks!!! + time_n0w=$( date +%s ) -# if [[ "${identified}" != yep ]] -# then -# send_msg "NickServ" "identify csukwHrqH9" -# identified=yep -# fi - -config_update_time=-100 - -time_n0w=$( date +%s ) - -# If it's been more than a minute since we updated the config. -if (( ( time_n0w - 60 ) > config_update_time )) -then - source hack_of_all_hacks - config_update_time=${time_n0w} -fi - -l33t_codes + # If it's been more than a minute since we updated the config. + if (( ( time_n0w - 60 ) > config_update_time )) + then + source process_event + config_update_time=${time_n0w} + fi -################################################################################ -################################################################################ + process_event # Check return code case $? in @@ -566,7 +553,7 @@ l33t_codes if (( yepyep )) then - if (( $(wc -l hack_of_all_hacks | cut -d ' ' -f 1) > 1 )) + if (( $(wc -l "announcements/people/${personoslashlower}/messages" | cut -d ' ' -f 1) > 1 )) then send_msg "${channel}" "${personoslash}: you have messages, type something to see them." else diff --git a/hack_of_all_hacks b/process_event index af34377..bdb47cc 100644 --- a/hack_of_all_hacks +++ b/process_event @@ -62,7 +62,7 @@ function forget_fact esac } -function l33t_codes +function process_event { my_own_name='hyperbot' @@ -400,30 +400,42 @@ ${my_own_name}: when did you last see Jill? ${my_own_name}: lemon is yummy ${my_own_name}: lemon isn't yummy ,lemon -,tell jack about foo EOF ;; esac # ' this comment fixes a bug in emacs shell-script-mode that messes up the syntax highlighting - ########################### - # answer nicks over query # - ########################### - - if [[ "${line}" =~ ,tell\ [^\ ]+\ about\ [^\ ]+ ]] - then - gotit="${BASH_REMATCH}" # will be like: `,tell jack about blah' - - dudep1="${gotit#,tell }" - dude="${dudep1%% *}" - thing="${gotit##* }" - - if [[ -n "${dude}" ]] && [[ -n "${thing}" ]] - then - tell_fact "${thing}" "${dude}" || send_msg "${channel_it_came_from}" "${personoslash}: Error, failed to tell ${dude} about ${thing}" - fi - fi + # I'm dissabling this feature for now as it was being abused + # and would need an overhaul to be abuse-proof + nobody uses it afaik + # ########################## + # # tell someone something # + # ########################## + + # # TODO: this should be in the case statement + + # if [[ "${sentence}" =~ ${my_own_name}: tell\ [^\ ]+\ about\ [^\ ]+ ]] + # then + # # TODO: There should be the following three constraints to + # # prevent abuse. + # # 1. People may only ask the bot to tell someone about + # # something in the #hyperbola channel, not by query. + # # 2. hyperbot will only tell someone something if they're a user + # # he has seen in the past week + # # 3. each person may use tell no more than 10 times in + # # three hours. + + # gotit="${BASH_REMATCH}" # will be like: `,tell jack about blah' + + # dudep1="${gotit#,tell }" + # dude="${dudep1%% *}" + # thing="${gotit##* }" + + # if [[ -n "${dude}" ]] && [[ -n "${thing}" ]] + # then + # tell_fact "${thing}" "${dude}" || send_msg "${channel_it_came_from}" "${personoslash}: Error, failed to tell ${dude} about ${thing}" + # fi + # fi # TODO: add a birthday announcement feature, cointoss feature, timer # feature. |