Output sanitisation (#1942)

* Add output sanitization defaults to context.send Add some common regex filters in redbot.core.utils.common_filters Add a wrapper for ease of use in bot.send_filtered Sanitize ModLog Case's user field (other's considered trusted as moderator input) Sanitize Usernames/Nicks in userinfo command. Santize Usernames in closing of tunnels. * Add documentation
2026-01-20 23:22:58 -05:00 · 2018-08-24 09:50:38 -04:00
parent 6ebfdef025
commit 77944e195a
8 changed files with 176 additions and 7 deletions
--- a/redbot/core/utils/common_filters.py
+++ b/redbot/core/utils/common_filters.py
@@ -0,0 +1,81 @@
+import re
+
+__all__ = [
+    "URL_RE",
+    "INVITE_URL_RE",
+    "MASS_MENTION_RE",
+    "filter_urls",
+    "filter_invites",
+    "filter_mass_mentions",
+]
+
+# regexes
+URL_RE = re.compile(r"(https?|s?ftp)://(\S+)", re.I)
+
+INVITE_URL_RE = re.compile(r"(discord.gg|discordapp.com/invite|discord.me)(\S+)", re.I)
+
+MASS_MENTION_RE = re.compile(r"(@)(?=everyone|here)")  # This only matches the @ for sanitizing
+
+
+# convenience wrappers
+def filter_urls(to_filter: str) -> str:
+    """Get a string with URLs sanitized.
+
+    This will match any URLs starting with these protocols:
+
+     - ``http://``
+     - ``https://``
+     - ``ftp://``
+     - ``sftp://``
+
+    Parameters
+    ----------
+    to_filter : str
+        The string to filter.
+
+    Returns
+    -------
+    str
+        The sanitized string.
+
+    """
+    return URL_RE.sub("[SANITIZED URL]", to_filter)
+
+
+def filter_invites(to_filter: str) -> str:
+    """Get a string with discord invites sanitized.
+
+    Will match any discord.gg, discordapp.com/invite, or discord.me
+    invite URL.
+
+    Parameters
+    ----------
+    to_filter : str
+        The string to filter.
+
+    Returns
+    -------
+    str
+        The sanitized string.
+
+    """
+    return INVITE_URL_RE.sub("[SANITIZED INVITE]", to_filter)
+
+
+def filter_mass_mentions(to_filter: str) -> str:
+    """Get a string with mass mentions sanitized.
+
+    Will match any *here* and/or *everyone* mentions.
+
+    Parameters
+    ----------
+    to_filter : str
+        The string to filter.
+
+    Returns
+    -------
+    str
+        The sanitized string.
+
+    """
+    return MASS_MENTION_RE.sub("@\u200b", to_filter)
--- a/redbot/core/utils/tunnel.py
+++ b/redbot/core/utils/tunnel.py
@@ -5,6 +5,7 @@ import io
 import sys
 import weakref
 from typing import List
+from .common_filters import filter_mass_mentions

 _instances = weakref.WeakValueDictionary({})

@@ -70,10 +71,10 @@ class Tunnel(metaclass=TunnelMeta):
        self.recipient = recipient
        self.last_interaction = datetime.utcnow()

-    async def react_close(self, *, uid: int, message: str):
+    async def react_close(self, *, uid: int, message: str = ""):
        send_to = self.origin if uid == self.sender.id else self.sender
        closer = next(filter(lambda x: x.id == uid, (self.sender, self.recipient)), None)
-        await send_to.send(message.format(closer=closer))
+        await send_to.send(filter_mass_mentions(message.format(closer=closer)))

    @property
    def members(self):