TJ-Bot icon indicating copy to clipboard operation
TJ-Bot copied to clipboard

Published 20 hours ago verified publisher icon Together-Java

Forbid posting blacklisted files

Open Mom0aut opened this issue 3 years ago • 5 comments

Close #484

Added BlacklistedAttachmentListener which delete any blacklisted file attachment. The listener sent a dm to the user and informs the Mods.

Scenario message with blacklisted file extension:

Posting message

image

User message was deleted

image

Response from listener

image

Message to the Mods

image

Scenario message without blacklisted file extension:

Posting message

image

Message wont be deleted

No blacklisted file extension found therefore no deletion 😄

Config

The config was slightly changed, the following was added:

"blacklistedFileExtension": "memes"

Mom0aut avatar Aug 27 '22 15:08 Mom0aut

I would expand the list to all or almost all common widows executables. You can find many lists online, this was the first hit for me: https://www.howtogeek.com/137270/50-file-extensions-that-are-potentially-dangerous-on-windows/

There are a bunch of executables for linux/mac, but viruses for these are basically nonexistent, since it's very hard to do anything without necessary permissions. For example, you can't even run an executable without giving it explicit execute permission. So I think it's safe to ignore those two for now.

marko-radosavljevic avatar Aug 27 '22 18:08 marko-radosavljevic

I would expand the list to all or almost all common widows executables. You can find many lists online, this was the first hit for me: https://www.howtogeek.com/137270/50-file-extensions-that-are-potentially-dangerous-on-windows/ There are a bunch of executables for linux/mac, but viruses for these are basically nonexistent, since it's very hard to do anything without necessary permissions. For example, you can't even run an executable without giving it explicit execute permission. So I think it's safe to ignore those two for now.

updated the list for windows file extensions

Mom0aut avatar Aug 27 '22 19:08 Mom0aut

Could u please improve ur PR description and also add some screenshots of all the dialogs please? Thanks

sure i posted the 2 scenarios with the listener 😄

Mom0aut avatar Aug 27 '22 22:08 Mom0aut

remove the @NotNulls

Taz03 avatar Aug 28 '22 12:08 Taz03

auto merging this on the weekend if no approves come in sooner 👍

Zabuzard avatar Sep 01 '22 08:09 Zabuzard

actually, lets just go

Zabuzard avatar Sep 01 '22 17:09 Zabuzard

auto merging this on the weekend if no approves come in sooner 👍

Mhm yes thanks

Tais993 avatar Sep 01 '22 18:09 Tais993

I would expand the list to all or almost all common widows executables. You can find many lists online, this was the first hit for me: https://www.howtogeek.com/137270/50-file-extensions-that-are-potentially-dangerous-on-windows/

There are a bunch of executables for linux/mac, but viruses for these are basically nonexistent, since it's very hard to do anything without necessary permissions. For example, you can't even run an executable without giving it explicit execute permission. So I think it's safe to ignore those two for now.

---- On Sat, 27 Aug 2022 17:25:53 +0200 Mom0aut @.***> wrote ---

Close https://github.com/Together-Java/TJ-Bot/issues/484

The config was slightly changed, the following was added:

Config

The config was slightly changed, the following was added:

"blacklistedFileExtension": "memes"

You can view, comment on, or merge this pull request online at:

  https://github.com/Together-Java/TJ-Bot/pull/542

Commit Summary

https://github.com/Together-Java/TJ-Bot/pull/542/commits/141d7f0ffb1dd1a82aff07ef153c7aa5c427a82b added AttachmentListener checks if the message attachment contains blacklisted file extensions

File Changes (https://github.com/Together-Java/TJ-Bot/pull/542/files) M https://github.com/Together-Java/TJ-Bot/pull/542/files#diff-d3cb91974a7018defe0e196080ec8b2f1b84f41f3f721cf342cbd1e447979044 (6)

M https://github.com/Together-Java/TJ-Bot/pull/542/files#diff-bbb936fdbe5b13be4e475be331c0eb388b91d272edefde3eadd9b0f05bcb0374 (7)

A https://github.com/Together-Java/TJ-Bot/pull/542/files#diff-5622eb60ab6e2791703abee0922301ef3832fd318b90ff1f472910b3de44b417 (126)

M https://github.com/Together-Java/TJ-Bot/pull/542/files#diff-0ce547862f0b6a4f2c9ce5b51c2ea5f58cf909e207b5ebfe19f92ddd5e7f1101 (17)

Patch Links:

https://github.com/Together-Java/TJ-Bot/pull/542.patch

https://github.com/Together-Java/TJ-Bot/pull/542.diff

— Reply to this email directly, https://github.com/Together-Java/TJ-Bot/pull/542, or https://github.com/notifications/unsubscribe-auth/AHL6YWJMPDWIETFKCPQYKJ3V3IXQDANCNFSM57ZPPTDA. You are receiving this because your review was requested.

marko-radosavljevic avatar Oct 11 '22 08:10 marko-radosavljevic

arent these already in the list? note that we kept some out to not hinder UX (jar, pdf)

Zabuzard avatar Oct 11 '22 08:10 Zabuzard