Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix(Welcome): only allow use of safe model attributes
  • Loading branch information
tmercswims committed Aug 11, 2021
1 parent 92325be commit d63c49b
Show file tree
Hide file tree
Showing 2 changed files with 61 additions and 1 deletion.
52 changes: 52 additions & 0 deletions welcome/safemodels.py
@@ -0,0 +1,52 @@
import discord


class SafeMember:
def __init__(self, member: discord.Member) -> None:
self.name = str(member.name)
self.display_name = str(member.display_name)
self.nick = str(member.nick)
self.id = str(member.id)
self.mention = str(member.mention)
self.discriminator = str(member.discriminator)
self.color = str(member.color)
self.colour = str(member.colour)
self.created_at = str(member.created_at)
self.joined_at = str(member.joined_at)

def __str__(self):
return self.name

def __getattr__(self, name):
return self


class SafeRole:
def __init__(self, role: discord.Role) -> None:
self.name = str(role.name)
self.id = str(role.id)
self.mention = str(role.mention)
self.color = str(role.color)
self.colour = str(role.colour)
self.position = str(role.position)
self.created_at = str(role.created_at)

def __str__(self):
return self.name

def __getattr__(self, name):
return self


class SafeGuild:
def __init__(self, guild: discord.Guild) -> None:
self.name = str(guild.name)
self.id = str(guild.id)
self.description = str(guild.description)
self.created_at = str(guild.created_at)

def __str__(self):
return self.name

def __getattr__(self, name):
return self
10 changes: 9 additions & 1 deletion welcome/welcome.py
Expand Up @@ -10,6 +10,7 @@

from .enums import WhisperType
from .errors import WhisperError
from .safemodels import SafeGuild, SafeMember

__author__ = "tmerc"

Expand Down Expand Up @@ -791,7 +792,14 @@ async def __send_notice(

try:
return await channel.send(
format_str.format(member=user, server=guild, bot=user, count=count or "", plural=plural, roles=role_str)
format_str.format(
member=SafeMember(user),
server=SafeGuild(guild),
bot=SafeMember(user),
count=count or "",
plural=plural,
roles=role_str,
)
)
except discord.Forbidden:
log.error(
Expand Down

0 comments on commit d63c49b

Please sign in to comment.