chore: move suggestions security violations to a higher handler for m…

…ore metadata in logs
suggestionsbot · Apr 10, 2024 · c05e395 · c05e395
1 parent 695dc24
commit c05e395
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 8 deletions.
diff --git a/suggestions/bot.py b/suggestions/bot.py
@@ -41,6 +41,7 @@
     MissingQueueLogsChannel,
     MissingPermissionsToAccessQueueChannel,
     InvalidFileType,
+    SuggestionSecurityViolation,
 )
 from suggestions.http_error_parser import try_parse_http_error
 from suggestions.interaction_handler import InteractionHandler
@@ -415,6 +416,26 @@ async def on_slash_command_error(
                 )
             )
 
+        elif isinstance(exception, SuggestionSecurityViolation):
+            logger.critical(
+                "User %s looked up a suggestion from a different guild",
+                interaction.author.id,
+                extra_metadata={
+                    "guild_id": interaction.guild_id,
+                    "suggestion_id": exception.suggestion_id,
+                    "author_id": interaction.author.id,
+                },
+            )
+            return await interaction.send(
+                embed=self.error_embed(
+                    "Command failed",
+                    exception.user_facing_message,
+                    error_code=ErrorCode.SUGGESTION_NOT_FOUND,
+                    error=error,
+                ),
+                ephemeral=True,
+            )
+
         elif isinstance(exception, commands.MissingPermissions):
             perms = ",".join(i for i in exception.missing_permissions)
             return await interaction.send(

diff --git a/suggestions/exceptions.py b/suggestions/exceptions.py
@@ -69,3 +69,18 @@ class ConflictingHandlerInformation(disnake.DiscordException):
 
 class InvalidFileType(disnake.DiscordException):
     """The file you attempted to upload is not allowed."""
+
+
+class SuggestionSecurityViolation(disnake.DiscordException):
+    """A security violation occurred."""
+
+    def __init__(
+        self,
+        message: str | None = None,
+        *,
+        user_facing_message: str,
+        sid: str,
+    ):
+        self.suggestion_id: str = sid
+        self.user_facing_message = user_facing_message
+        self.message = message if message is not None else self.__doc__
diff --git a/suggestions/objects/suggestion.py b/suggestions/objects/suggestion.py
@@ -14,7 +14,11 @@
 from logoo import Logger
 
 from suggestions import ErrorCode
-from suggestions.exceptions import ErrorHandled, SuggestionNotFound
+from suggestions.exceptions import (
+    ErrorHandled,
+    SuggestionNotFound,
+    SuggestionSecurityViolation,
+)
 from suggestions.interaction_handler import InteractionHandler
 from suggestions.low_level import MessageEditing
 from suggestions.objects import UserConfig, GuildConfig
@@ -286,13 +290,9 @@ async def from_id(
             )
 
         if suggestion.guild_id != guild_id:
-            logger.critical(
-                "Someone in guild %s looked up a suggestion not from their guild",
-                guild_id,
-                extra_metadata={"guild_id": guild_id, "suggestion_id": suggestion_id},
-            )
-            raise SuggestionNotFound(
-                f"No suggestion found with the id {suggestion_id} in this guild"
+            raise SuggestionSecurityViolation(
+                sid=suggestion_id,
+                user_facing_message=f"No suggestion found with the id {suggestion_id} in this guild",
             )
 
         return suggestion