Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes the admin command "help oauth" and better types for AdminCommands #445

Merged
merged 2 commits into from
Jul 24, 2020
Merged

Fixes the admin command "help oauth" and better types for AdminCommands #445

merged 2 commits into from
Jul 24, 2020

Conversation

jaller94
Copy link
Contributor

@jaller94 jaller94 commented Jul 23, 2020
edited

Includes #443

Before

help foo searched for a method foo on AdminCommands. help oauth was broken, because the method has a different name.
broken oauth

But other class methods could be called, even though they are not admin commands.
Other examples like this: help yargs, help commands, help constructor, help __prototype__. 😐️
I haven't found any security issues or ways to crash the bridge with to this, however, I think this PR mitigates the risk that there is a way to exploit this.
broken parse

After

fixed oauth

fixed parse

@jaller94 jaller94 added the bug label Jul 23, 2020
@jaller94 jaller94 requested a review from a team July 23, 2020 23:05
@jaller94 jaller94 changed the title Fixes the broken admin command "help oauth" and general clean-up Fixes the admin command "help oauth" and general clean-up Jul 23, 2020
@jaller94 jaller94 changed the title Fixes the admin command "help oauth" and general clean-up Fixes the admin command "help oauth" and general AdminCommands clean-up Jul 23, 2020
@jaller94 jaller94 changed the title Fixes the admin command "help oauth" and general AdminCommands clean-up Fixes the admin command "help oauth" and better types for AdminCommands Jul 23, 2020
jaller94
jaller94 commented Jul 23, 2020
View reviewed changes
src/AdminCommands.ts
if (command) {
const cmd = this[command as string] as AdminCommand;
const cmd = this.commands.find((adminCommand) => (adminCommand.command.split(' ')[0] === command));
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the line that fixes the help oauth and protects against calling .detailedDescription() on other class members.

Half-Shot
Half-Shot approved these changes Jul 24, 2020
View reviewed changes
Copy link
Contributor

@Half-Shot Half-Shot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These look good to me

@jaller94 jaller94 merged commit 703efb0 into develop Jul 24, 2020
@jaller94 jaller94 deleted the j94/fix-help-oauth branch July 24, 2020 10:41
@jaller94 jaller94 added the T-Defect Bugs, crashes, hangs, vulnerabilities, or other reported problems. label May 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Half-Shot Half-Shot Half-Shot approved these changes

Assignees
No one assigned
Labels
T-Defect Bugs, crashes, hangs, vulnerabilities, or other reported problems.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jaller94 @Half-Shot