From 7e2d630af59c32dae4b9c42218a27d94bc35d9bd Mon Sep 17 00:00:00 2001 From: skelmis Date: Fri, 29 Mar 2024 23:49:14 +1300 Subject: [PATCH 1/3] fix: anon being shown in thread ping --- .github/PULL_REQUEST_TEMPLATE.md | 1 + suggestions/objects/suggestion.py | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 70df6d3..0ea7a14 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -14,3 +14,4 @@ - [ ] Guild config method names aren't duplicated - [ ] New localizations have been added - [ ] Documentation on ``docs.suggestions.gg`` has been updated +- [ ] Do these changes make sure not to expose anonymous suggestion authors? diff --git a/suggestions/objects/suggestion.py b/suggestions/objects/suggestion.py index bdc2f84..45225f8 100644 --- a/suggestions/objects/suggestion.py +++ b/suggestions/objects/suggestion.py @@ -698,6 +698,10 @@ async def create_thread(self, message: disnake.Message, *, ih: InteractionHandle thread = await message.create_thread( name=f"Thread for suggestion {self.suggestion_id}" ) + if self.is_anonymous: + # Dont expose the anon author + return + try: await thread.send( ih.bot.get_localized_string( From f0293ad82addf15d8903140b6d9fdca20f4cfed5 Mon Sep 17 00:00:00 2001 From: skelmis Date: Fri, 12 Apr 2024 16:02:57 +1200 Subject: [PATCH 2/3] fix: some access control issues --- .github/PULL_REQUEST_TEMPLATE.md | 1 + requirements.txt | 2 +- suggestions/abc/loadable.py | 3 +-- suggestions/cogs/blacklist_cog.py | 11 ++++++----- suggestions/cogs/help_guild_cog.py | 18 +++++++++--------- .../cogs/suggestions_message_commands.py | 12 ++++++++++-- suggestions/exceptions.py | 5 ++--- suggestions/low_level/message_editing.py | 12 ++++-------- suggestions/telemetry/main.py | 1 + tests/helpers.py | 6 ++---- tests/test_disnake.py | 1 + 11 files changed, 38 insertions(+), 34 deletions(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 0ea7a14..559d010 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -15,3 +15,4 @@ - [ ] New localizations have been added - [ ] Documentation on ``docs.suggestions.gg`` has been updated - [ ] Do these changes make sure not to expose anonymous suggestion authors? +- [ ] Do these changes have the correct default discord permissions setup? diff --git a/requirements.txt b/requirements.txt index f293f7f..ef428d5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,4 @@ aiodns==3.0.0 -aiohttp==3.8.1 aiosignal==1.2.0 alaric==1.2.0 anyio==4.2.0 @@ -7,6 +6,7 @@ async-timeout==4.0.2 attrs==21.4.0 Bot-Base==1.7.1 Brotli==1.0.9 +black==24.3.0 causar==0.2.0 cchardet==2.1.7 certifi==2023.11.17 diff --git a/suggestions/abc/loadable.py b/suggestions/abc/loadable.py index 1aece8b..edb5807 100644 --- a/suggestions/abc/loadable.py +++ b/suggestions/abc/loadable.py @@ -3,5 +3,4 @@ @runtime_checkable class Loadable(Protocol): - async def load(self): - ... + async def load(self): ... diff --git a/suggestions/cogs/blacklist_cog.py b/suggestions/cogs/blacklist_cog.py index 70ef7f6..af4b8b6 100644 --- a/suggestions/cogs/blacklist_cog.py +++ b/suggestions/cogs/blacklist_cog.py @@ -20,13 +20,14 @@ def __init__(self, bot): self.bot: SuggestionsBot = bot self.state: State = self.bot.state - @commands.slash_command() - async def user(self, interaction: disnake.GuildCommandInteraction): - ... + @commands.slash_command( + dm_permission=False, + default_member_permissions=disnake.Permissions(manage_guild=True), + ) + async def user(self, interaction: disnake.GuildCommandInteraction): ... @user.sub_command_group() - async def blocklist(self, interaction: disnake.GuildCommandInteraction): - ... + async def blocklist(self, interaction: disnake.GuildCommandInteraction): ... @blocklist.sub_command() async def add( diff --git a/suggestions/cogs/help_guild_cog.py b/suggestions/cogs/help_guild_cog.py index e2c89a7..a932c5a 100644 --- a/suggestions/cogs/help_guild_cog.py +++ b/suggestions/cogs/help_guild_cog.py @@ -79,15 +79,15 @@ async def instance_info( cluster_id = ( 1 if shard_id < 10 - else 2 - if shard_id < 20 - else 3 - if shard_id < 30 - else 4 - if shard_id < 40 - else 5 - if shard_id < 50 - else 6 + else ( + 2 + if shard_id < 20 + else ( + 3 + if shard_id < 30 + else 4 if shard_id < 40 else 5 if shard_id < 50 else 6 + ) + ) ) await interaction.send( diff --git a/suggestions/cogs/suggestions_message_commands.py b/suggestions/cogs/suggestions_message_commands.py index 7affd6a..7d371be 100644 --- a/suggestions/cogs/suggestions_message_commands.py +++ b/suggestions/cogs/suggestions_message_commands.py @@ -27,7 +27,11 @@ def __init__(self, bot: SuggestionsBot): self.state: State = self.bot.state self.stats: Stats = self.bot.stats - @commands.message_command(name="Approve suggestion") + @commands.message_command( + name="Approve suggestion", + dm_permission=False, + default_member_permissions=disnake.Permissions(manage_guild=True), + ) @cooldowns.cooldown(1, 3, bucket=InteractionBucket.author) @checks.ensure_guild_has_logs_channel_or_keep_logs() async def approve_suggestion(self, interaction: disnake.GuildCommandInteraction): @@ -71,7 +75,11 @@ async def approve_suggestion(self, interaction: disnake.GuildCommandInteraction) self.stats.type.APPROVE_BY_MESSAGE_COMMAND, ) - @commands.message_command(name="Reject suggestion") + @commands.message_command( + name="Reject suggestion", + dm_permission=False, + default_member_permissions=disnake.Permissions(manage_guild=True), + ) @cooldowns.cooldown(1, 3, bucket=InteractionBucket.author) @checks.ensure_guild_has_logs_channel_or_keep_logs() async def reject_suggestion(self, interaction: disnake.GuildCommandInteraction): diff --git a/suggestions/exceptions.py b/suggestions/exceptions.py index 96a85e5..0098375 100644 --- a/suggestions/exceptions.py +++ b/suggestions/exceptions.py @@ -62,11 +62,10 @@ class BlocklistedUser(CheckFailure): class PartialResponse(Exception): """A garven route returned a partial response when we require a full response""" - + class ConflictingHandlerInformation(disnake.DiscordException): """Raised when an InteractionHandler class gets both content and a translation key""" - + class InvalidFileType(disnake.DiscordException): """The file you attempted to upload is not allowed.""" - diff --git a/suggestions/low_level/message_editing.py b/suggestions/low_level/message_editing.py index 33e7e0b..15cadfc 100644 --- a/suggestions/low_level/message_editing.py +++ b/suggestions/low_level/message_editing.py @@ -38,8 +38,7 @@ async def edit( allowed_mentions: Optional[AllowedMentions] = ..., view: Optional[View] = ..., components: Optional[Components[MessageUIComponent]] = ..., - ) -> None: - ... + ) -> None: ... @overload async def edit( @@ -54,8 +53,7 @@ async def edit( allowed_mentions: Optional[AllowedMentions] = ..., view: Optional[View] = ..., components: Optional[Components[MessageUIComponent]] = ..., - ) -> None: - ... + ) -> None: ... @overload async def edit( @@ -70,8 +68,7 @@ async def edit( allowed_mentions: Optional[AllowedMentions] = ..., view: Optional[View] = ..., components: Optional[Components[MessageUIComponent]] = ..., - ) -> None: - ... + ) -> None: ... @overload async def edit( @@ -86,8 +83,7 @@ async def edit( allowed_mentions: Optional[AllowedMentions] = ..., view: Optional[View] = ..., components: Optional[Components[MessageUIComponent]] = ..., - ) -> None: - ... + ) -> None: ... async def edit(self, content: Optional[str] = MISSING, **fields: Any) -> None: if self._state.allowed_mentions is not None: diff --git a/suggestions/telemetry/main.py b/suggestions/telemetry/main.py index d4f0e46..66a65e8 100644 --- a/suggestions/telemetry/main.py +++ b/suggestions/telemetry/main.py @@ -2,6 +2,7 @@ This module is standalone for the bot but provides useful insights and telemetry to repeated information. """ + import asyncio import shutil from pathlib import Path diff --git a/tests/helpers.py b/tests/helpers.py index 5863319..eef8f45 100644 --- a/tests/helpers.py +++ b/tests/helpers.py @@ -13,8 +13,7 @@ async def assert_stats_count( member_id: int, guild_id: int, should_be_none: bool, -): - ... +): ... @overload @@ -26,8 +25,7 @@ async def assert_stats_count( field: str, success_count: int = 0, failure_count: int = 0, -): - ... +): ... async def assert_stats_count( diff --git a/tests/test_disnake.py b/tests/test_disnake.py index 8839e8b..d0d9611 100644 --- a/tests/test_disnake.py +++ b/tests/test_disnake.py @@ -1,4 +1,5 @@ """Tests library modifications to ensure changes work""" + from unittest.mock import Mock import disnake From bdeb22abe5fa71eee91df981fe71ee723e894505 Mon Sep 17 00:00:00 2001 From: skelmis Date: Fri, 12 Apr 2024 16:04:26 +1200 Subject: [PATCH 3/3] chore: undo black in requirements.txt --- requirements.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index ef428d5..4412ff7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,7 +6,6 @@ async-timeout==4.0.2 attrs==21.4.0 Bot-Base==1.7.1 Brotli==1.0.9 -black==24.3.0 causar==0.2.0 cchardet==2.1.7 certifi==2023.11.17