From bb0ad2c5809c1f00ce89247d82ab4c6f26408363 Mon Sep 17 00:00:00 2001 From: adminoo Date: Sun, 6 Dec 2020 17:42:37 +0100 Subject: [PATCH] sanitizing text for shell command, limiting max size --- core/config.go | 24 ++++++++++---------- core/core_test.go | 17 ++++++++++++++ core/messages.go | 57 ++++++++++++++++++++++++++++++++++------------- 3 files changed, 70 insertions(+), 28 deletions(-) diff --git a/core/config.go b/core/config.go index 6a40421..be6536c 100644 --- a/core/config.go +++ b/core/config.go @@ -3,23 +3,23 @@ package core import ( "io/ioutil" "log" + "gopkg.in/yaml.v2" ) type Config struct { - Token string `yaml:"token"` - Name string `yaml:"name"` + Token string `yaml:"token"` + Name string `yaml:"name"` } func (c *Config) LoadConf() *Config { - yamlFile, err := ioutil.ReadFile("config.yaml") - if err != nil { - log.Printf("yamlFile.Get err #%v ", err) - } - err = yaml.Unmarshal(yamlFile, c) - if err != nil { - log.Fatalf("Unmarshal: %v", err) - } - return c + yamlFile, err := ioutil.ReadFile("config.yaml") + if err != nil { + log.Printf("yamlFile.Get err #%v ", err) + } + err = yaml.Unmarshal(yamlFile, c) + if err != nil { + log.Fatalf("Unmarshal: %v", err) + } + return c } - diff --git a/core/core_test.go b/core/core_test.go index e41b452..ba5959d 100644 --- a/core/core_test.go +++ b/core/core_test.go @@ -11,3 +11,20 @@ func TestCreateAudioSimple(t *testing.T) { t.Fail() } } + +func TestCreateAudioFuzzedText(t *testing.T) { + var message string = `would \\ "you like 'some of that \"thing''', \mister?` + _, err, _ := createAudio(message) + if err != nil { + t.Fail() + } +} + +func TestCreateAudioBigText(t *testing.T) { + var message string = "Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt. Neque porro quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit, sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem. Ut enim ad minima veniam, quis nostrum exercitationem ullam corporis suscipit laboriosam, nisi ut aliquid ex ea commodi consequatur? Quis autem vel eum iure reprehenderit qui in ea voluptate velit esse quam nihil molestiae consequatur, vel illum qui dolorem eum fugiat quo voluptas nulla pariatur?" + _, err, _ := createAudio(message) + // TODO check what then, file size? + if err != nil { + t.Fail() + } +} diff --git a/core/messages.go b/core/messages.go index c0cd8b8..89c63da 100644 --- a/core/messages.go +++ b/core/messages.go @@ -10,6 +10,45 @@ import ( "github.com/bwmarrin/discordgo" ) +// source on www.socketloop.com +func removeCharacters(input string, characters string) string { + filter := func(r rune) rune { + if strings.IndexRune(characters, r) < 0 { + return r + } + return -1 + } + return strings.Map(filter, input) +} + +// https://stackoverflow.com/questions/34839659/how-can-i-easily-get-a-substring-in-go-while-guarding-against-slice-bounds-out +func maxString(s string, max int) string { + if len(s) > max { + r := 0 + for i := range s { + r++ + if r > max { + return s[:i] + } + } + } + return s +} + +func createAudio(msg string) ([]byte, error, string) { + curr_time := time.Now().Unix() + var filename string = fmt.Sprintf("/tmp/%d.mp3", curr_time) + var cmd_args string = fmt.Sprintf("espeak-ng -s 120 -v mb-fr2 -p 30 '%s' -w %s", + maxString(msg, 300), + filename) + cmd := exec.Command("sh", "-c", cmd_args) + out, err := cmd.CombinedOutput() + if err != nil { + fmt.Println(fmt.Sprint(err) + ": " + string(out)) + } + return out, err, filename +} + func MessagePing(s *discordgo.Session, m *discordgo.MessageCreate) { // Ignore all messages created by the bot itself // This isn't required in this specific example but it's a good practice. @@ -30,25 +69,11 @@ func MessageAudio(s *discordgo.Session, m *discordgo.MessageCreate) { if m.Author.ID == s.State.User.ID { return } - var prefix string = "/gogodisco audio" if strings.HasPrefix(m.Content, prefix) { - var message string = strings.TrimLeft(m.Content, prefix) - _, _, filename := createAudio(message) - // func (s *Session) ChannelFileSend(channelID, name string, r io.Reader) (*Message, error) + var message string = strings.TrimPrefix(m.Content, prefix) + _, _, filename := createAudio(removeCharacters(message, "-\"'`$();:.")) file, _ := os.Open(filename) s.ChannelFileSend(m.ChannelID, filename, file) } } - -func createAudio(msg string) ([]byte, error, string){ - curr_time := time.Now().Unix() - var filename string = fmt.Sprintf("/tmp/%d.mp3", curr_time) - var cmd_args string = fmt.Sprintf("espeak-ng -s 120 -v mb-fr2 -p 30 %q -w %s", msg, filename) - cmd := exec.Command("sh","-c", cmd_args) - out, err := cmd.CombinedOutput() - if err != nil { - fmt.Println(fmt.Sprint(err) + ": " + string(out)) - } - return out, err, filename -}