sir-lancebot
sir-lancebot copied to clipboard
Published
1 week ago
•
python-discord
python-discord
Typst command implementation
Relevant Issues
Closes #1623.
Description
- The overall structure is based on the Latex cog, with about the same features (caching, support for code blocks, etc)
- Refactored some utility functions (such as the codeblock regex) out of the Latex cog to reuse them here.
- Initially I was going to use the
typstPyPI package, but while it works, it had a weird issue where (only in the bot's container and not on my computer) it needed ~1GB RAM to render the simplest things. I failed to figure out what caused this, and as a result I switched to using the CLI, which is less hungry (~100MB for sane inputs) and supports some nice features the python bindings don't (such as taking the input from stdin with no files involved). - The typst executable is not included, but instead downloaded (with hash verification) at cog load time, from a link that can be altered with envvars, and then stored in the cache.
- If the global typst packages directory is missing, a default set of packages is installed and the directory then
chmoded to not allow writes. - To render, the
typstexecutable gets called in a subprocess, with a time limit (and gets killed if the limit is exceeded) and a memory usage rlimit. - If the rendered image is too big, this is considered an error (to hopefully make it a bit harder to maliciously post big outputs).
- The rendered image also gets manually cropped to only the content and not the white background (typst's own formatting doesn't seem to have an option for it, and this is the more resilient choice anyway).
Security-wise, the typst invocation sets --root to an empty temporary directory, which in theory should prevent access to any files outside of it. As for the packages, even though arbitrary typst packages are supposed to be safe, I still chose to prevent installation of them at runtime by locking the packages directory from writes. Nevertheless, I am pretty worried about the security of this and want someone to take a second look at whether it's exploitable. And of course, if there's ever a new vulnerability in typst itself, that'd potentially make Lancebot's environment vulnerable.
Did you:
- [X] Join the Python Discord Community?
- [X] Read all the comments in this template?
- [X] Ensure there is an issue open, or link relevant discord discussions?
- [X] Read and agree to the contributing guidelines?
