bot icon indicating copy to clipboard operation
bot copied to clipboard

Published 20 hours ago verified publisher icon python-discord

enhancement(filters): use a stricter bot token regex

Open onerandomusername opened this issue 3 years ago • 2 comments
trafficstars

Approval: https://canary.discord.com/channels/267624335836053506/635950537262759947/919203386660884560

Enhances the regex of the token remover to use the same regex that discord itself uses, with a slight modification. The mfa section was removed, but depending on an updated #1421, may be implemented. Additionally, the sections were grouped to keep working with the current code.

I kept the existing validation to keep false positives at a minimum. The current code checks the user resolves, the timestamp is valid, and the last section has at least 3 different characters.

As per @jb3, to implement:

  • #1421

Rejected:

  • also check the upper bound of a token timestamp, to ensure it was in the past.

Closes #1421

onerandomusername avatar Dec 12 '21 02:12 onerandomusername

I'll be fixing this commit history tonight

onerandomusername avatar Dec 12 '21 16:12 onerandomusername

This has been inactive for a while so I'll put it up for grabs.

wookie184 avatar Sep 21 '22 21:09 wookie184

This has been inactive for a while so I'll put it up for grabs.

What's left to do? Addressing your comment and fixing the merge conflict?

gustavwilliam avatar Oct 08 '22 17:10 gustavwilliam

This has been inactive for a while so I'll put it up for grabs.

What's left to do? Addressing your comment and fixing the merge conflict?

Yeah, merge main, match the output embed to the existing one, and fix the bug

mbaruh avatar Oct 08 '22 19:10 mbaruh

As far as I can tell the mfa code is no longer necessary as discord doesn't have mfa tokens like that now.

onerandomusername avatar Oct 09 '22 05:10 onerandomusername

There's also a bit of the matter that this regex is now out of date. I don't know what the current token length is.

onerandomusername avatar Oct 09 '22 05:10 onerandomusername

There's also a bit of the matter that this regex is now out of date. I don't know what the current token length is.

I can't recall any problems with false positives, even with the current regex, so we can afford to be very general with what we match. Could just check that the first and last parts are >= 10 and middle is >= 5 characters in length or something.

wookie184 avatar Oct 09 '22 11:10 wookie184

I agree with wookie, I think having extensive matching for the sake of even future-proofing is okay, considering additional checks are being performed

Akarys42 avatar Oct 09 '22 18:10 Akarys42

The only inaccurate part is the last section is too short as it is, but because of how the parsing works, that isn't an issue, i suppose

onerandomusername avatar Oct 10 '22 01:10 onerandomusername

The only inaccurate part is the last section is too short as it is, but because of how the parsing works, that isn't an issue, i suppose

If that's the case I think we should just have no upper limit on the length of the last section. Otherwise the code is somewhat misleading in how it works.

wookie184 avatar Oct 10 '22 10:10 wookie184

Hey @onerandomusername, thanks for your work so far. We needed to get this merged so went ahead and implemented the comments. Sorry the MFA part didn't end up being used 😅

mbaruh avatar Oct 14 '22 12:10 mbaruh