marcus/dsabot
1
0
Fork 0
Code Issues Pull Requests 10 Actions Packages Projects Releases Wiki Activity

Security fixes (#32)

Browse Source 
* Generic Object Injection Sink

* (fix) "Character" is not defined.

* added eslint

* improve code quality, use refactored function

* (fix) eslint jest

* "Character" is not defined

* removed unused file Compare.js

* (fix) PointsUsed is not defined

* (fix) eslint moans jsconfig

* turn off "no-prototype-builtins"

* push code coverage
This commit is contained in:
Marcus Netz
2021-05-01 20:13:15 +02:00
committed by GitHub
parent 63bd06e92f
commit d45e4faad6
20 changed files with 413 additions and 261 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
commands/Attack.js
View File

@ -13,16 +13,21 @@ module.exports = {
async exec(message, args) {
try {
db.find({ user: message.author.tag }, (err, docs) =>
handleAttack(err, docs, { message: message, args: args })
);
db.find({ user: message.author.tag }, (err, docs) => {
if (err) {
message.reply(findMessage('ERROR'));
throw new Error(err);
}
handleAttack(docs, { message: message, args: args });
});
} catch (e) {
message.reply(findMessage('ERROR'));
throw e;
}
},
};
function handleAttack(err, docs, { message: message, args: args }) {
function handleAttack(docs, { message: message, args: args }) {
if (docs.length === 0) {
return message.reply(findMessage('NOENTRY'));
}

190
commands/Attribute.js
View File

@ -1,96 +1,116 @@
const globals = require('../globals');
const { CountOccurences } = require('@dsabot/CountOccurences');
const { findMessage } = require('@dsabot/findMessage');
const { CountOccurences } = require('@dsabot/CountOccurences');
const Random = require('random');
const db = globals.db;
module.exports = {
name: 'attribute',
description: '',
aliases: ['ap', 'ep'],
usage: '<Eigenschaft> / <Eigenschaftswert>',
needs_args: true,
async exec(message, args) {
try {
let Attribute;
let AttributeName;
let Level = 8;
await db.find({
user: message.author.tag,
}, async (err, docs) => {
name: 'attribute',
description: '',
aliases: ['ap', 'ep'],
usage: '<Eigenschaft> / <Eigenschaftswert>',
needs_args: true,
async exec(message, args) {
let Attribute;
let AttributeName;
let Level = 8;
await db.find(
{
user: message.author.tag,
},
async (err, docs) => {
// user calls with text, let's look him up in the database.
if (isNaN(args[0])) {
Attribute = HandleNamedAttributes({
Character: docs[0].character,
args: args,
});
AttributeName = Attribute.Name;
Level = Attribute.Level;
} else {
Level = args[0];
}
Random.use(message.author.tag);
// user calls with text, let's look him up in the database.
if (isNaN(args[0])) {
Attribute = HandleNamedAttributes({
Character: docs[0].character,
args: args
});
AttributeName = Attribute.Name;
Level = Attribute.Level;
} else {
Level = args[0];
}
Random.use(message.author.tag);
const dice = [];
dice.push(Random.int(1, 20));
if (dice[0] == 1 || dice[0] == 20) {
dice.push(Random.int(1, 20));
}
// handle crits
if (CountOccurences(dice, 1) == 2) {
message.reply('Du hast einen kritischen Erfolg erzielt (' + dice.join(', ') + ')! 🎉🥳🎆');
return;
} else if (CountOccurences(dice, 20) == 2) {
message.reply('Du hast einen Patzer (' + dice.join(', ') + ')! 😭 Viel Erfolg beim nächsten mal!');
return;
}
if ((dice.length == 2 && dice[0] != 20 && dice[1] <= Level) || (dice.length == 1 && dice[0] <= Level)) {
if (AttributeName) {
message.reply('Du hast die Probe auf ' + AttributeName + ' (Stufe ' + Level + ') bestanden.\n' +
'Deine 🎲: ' + dice.join(', '));
} else {
message.reply('Du hast die Probe (Stufe ' + Level + ') bestanden.\n' +
'Deine 🎲: ' + dice.join(', '));
}
} else if (AttributeName) {
message.reply('Du hast die Probe auf ' + AttributeName + ' (Stufe ' + Level + ') leider nicht bestanden 😢.\n' +
'Deine 🎲: ' + dice.join(', '));
} else {
message.reply('Du hast die Probe (Stufe ' + Level + ') leider nicht bestanden 😢.\n' +
'Deine 🎲: ' + dice.join(', '));
}
});
} catch (e) {
throw e;
}
},
const dice = [];
dice.push(Random.int(1, 20));
if (dice[0] === 1 || dice[0] === 20) {
dice.push(Random.int(1, 20));
}
// handle crits
if (CountOccurences(dice, 1) === 2) {
message.reply(
`Du hast einen kritischen Erfolg erzielt (${dice.join(', ')})! 🎉🥳🎆`
);
return;
} else if (CountOccurences(dice, 20) === 2) {
message.reply(
'Du hast einen Patzer (' +
dice.join(', ') +
')! 😭 Viel Erfolg beim nächsten mal!'
);
return;
}
if (
(dice.length == 2 && dice[0] != 20 && dice[1] <= Level) ||
(dice.length == 1 && dice[0] <= Level)
) {
if (AttributeName) {
message.reply(
'Du hast die Probe auf ' +
AttributeName +
' (Stufe ' +
Level +
') bestanden.\n' +
'Deine 🎲: ' +
dice.join(', ')
);
} else {
message.reply(
'Du hast die Probe (Stufe ' +
Level +
') bestanden.\n' +
'Deine 🎲: ' +
dice.join(', ')
);
}
} else if (AttributeName) {
message.reply(
'Du hast die Probe auf ' +
AttributeName +
' (Stufe ' +
Level +
') leider nicht bestanden 😢.\n' +
'Deine 🎲: ' +
dice.join(', ')
);
} else {
message.reply(
`Du hast die Probe (Stufe ${Level}) leider nicht bestanden 😢.\nDeine 🎲: ${dice.join(
', '
)}`
);
}
}
);
},
};
const HandleCrits = (dice) => {
function HandleNamedAttributes({ Character: Character = [], args: args = [] } = {}) {
let Attribute = getAttribute(args[0]);
let Level = getAttributeLevel(Character, Attribute) || 8;
};
return {
Name: Attribute.name,
Level: Level,
};
}
const HandleNamedAttributes = ({Character: Character = [], args: args = []} = {}) => {
function getAttributeLevel(Character = {}, Attribute = {}) {
return Character.attributes.find(attribute => attribute.id === Attribute.id).level;
}
let Attributes = globals.Werte;
let Level = 8; // This is the minimum attributes value.
let AttributeName;
let AttributeId;
if (args[0].length == 2) {
AttributeId = Attributes.find(attribute => attribute.kuerzel === args[0].toUpperCase()).id;
} else {
AttributeId = args[0].toLowerCase() ||
Attributes.find(attribute => attribute.name.toLowerCase() === args[0].toLowerCase()).id;
}
Level = Character.attributes.find(attribute => attribute.id === AttributeId).level;
AttributeName = Attributes.find(attribute => attribute.id === AttributeId).name;
return {
Name: AttributeName,
Level: Level
};
};
function getAttribute(attribute = '') {
return attribute.length === 2
? globals.Werte.find(a => a.kuerzel === attribute.toUpperCase())
: globals.Werte.find(a => a.name.toLowerCase() === attribute.toLowerCase());
}

2
commands/Chants.js
View File

@ -16,7 +16,7 @@ module.exports = {
if (docs.length === 0) {
return message.reply(findMessage('NOENTRY'));
}
Character = docs[0].character;
const Character = docs[0].character;
if (!Character.hasOwnProperty('chants')) return message.reply(findMessage('NO_CHANTS'));
if (args.length === 0) {
const Embed = new Discord.MessageEmbed()

32
commands/Remove.js
View File

@ -1,17 +1,21 @@
const { findMessage }= require('@dsabot/findMessage');
const { findMessage } = require('@dsabot/findMessage');
const globals = require('../globals');
const db = globals.db;
module.exports = {
name: 'remove',
description: 'Löscht deinen Charakter aus der Datenbank. Sinnvoll, wenn du mir eine neue zusenden möchtest.',
aliases: [],
usage: '',
needs_args: false,
async exec(message, args) {
db.remove({
user: message.author.tag,
}, {}, function(err, numRemoved) {
return message.reply(findMessage('DELETED_DATA'));
});
},
};
name: 'remove',
description:
'Löscht deinen Charakter aus der Datenbank. Sinnvoll, wenn du mir eine neue zusenden möchtest.',
aliases: [],
usage: '',
needs_args: false,
// eslint-disable-next-line no-unused-vars
async exec(message, args) {
db.remove({ user: message.author.tag }, err => {
if (err) {
message.reply(findMessage('ERROR'));
throw new Error(err);
}
return message.reply(findMessage('DELETED_DATA'));
});
},
};

76
commands/Show.js
View File

@ -2,40 +2,48 @@
const globals = require('../globals');
const Discord = require('discord.js');
const db = globals.db;
const { findMessage }= require('@dsabot/findMessage');
const { findMessage } = require('@dsabot/findMessage');
module.exports = {
name: 'show',
description: '',
aliases: [],
usage: '',
needs_args: false,
name: 'show',
description: '',
aliases: [],
usage: '',
needs_args: false,
async exec(message, args) {
try {
db.find({
user: message.author.tag,
}, function(err, docs) {
if (docs.length === 0) {
return message.reply(findMessage('NOENTRY'));
}
else {
const Character = docs[0].character;
let Gender;
if (Character.sex == 'female') { Gender = '♀️'; }
else { Gender = '♂️'; }
const Reply = new Discord.MessageEmbed();
Reply.setColor('#0099ff');
Reply.setTitle(`${Gender} ${Character.name}`);
Reply.setDescription(`${Character.age} Jahre, ${Character.race}/${Character.culture}`);
Reply.addField(Character.professionname, Character.xp.startinglevel);
message.reply( Reply );
}
});
}
catch (e) {
throw e;
}
},
};
// eslint-disable-next-line no-unused-vars
async exec(message, args) {
try {
db.find(
{
user: message.author.tag,
},
function (err, docs) {
if (docs.length === 0) {
return message.reply(findMessage('NOENTRY'));
} else {
const Character = docs[0].character;
let Gender;
if (Character.sex == 'female') {
Gender = '♀️';
} else {
Gender = '♂️';
}
const Reply = new Discord.MessageEmbed();
Reply.setColor('#0099ff');
Reply.setTitle(`${Gender} ${Character.name}`);
Reply.setDescription(
`${Character.age} Jahre, ${Character.race}/${Character.culture}`
);
Reply.addField(Character.professionname, Character.xp.startinglevel);
message.reply(Reply);
}
}
);
} catch (e) {
message.reply(findMessage('ERROR'));
throw e;
}
},
};

6
commands/Spells.js
View File

@ -16,7 +16,7 @@ module.exports = {
if (docs.length === 0) {
return message.reply(findMessage('NOENTRY'));
}
Character = docs[0].character;
const Character = docs[0].character;
if (!Character.hasOwnProperty('spells')) return message.reply(findMessage('NO_SPELLS'));
if (args.length === 0) {
const Embed = new Discord.MessageEmbed()
@ -52,6 +52,8 @@ const ReplySpell = (Spell = {}) => {
const createSpellList = (Character = {}) => {
if (!Character || !Character.hasOwnProperty('spells')) return;
let SpellList = [];
Character.spells.forEach(spell => SpellList.push(getSpell({ Character: Character, spell_name: spell.id })));
Character.spells.forEach(spell =>
SpellList.push(getSpell({ Character: Character, spell_name: spell.id }))
);
return SpellList.filter(value => value !== undefined); //?+
};

131
commands/Tp.js
View File

@ -1,85 +1,64 @@
// eslint-disable-next-line no-unused-vars
const Random = require('random');
const globals = require('../globals');
const Discord = require('discord.js');
const { roll } = require('@dsabot/Roll');
const { findMessage }= require('@dsabot/findMessage');
const { findMessage } = require('@dsabot/findMessage');
const { CompareResults } = require('@dsabot/CompareResults');
module.exports = {
name: 'tp',
description: 'Du machst eine Fertigkeitsprobe.\n' +
' Es werden drei Würfel auf deine Eigenschaftswerte geworfen. Hast du Boni auf dein Talent und/oder' +
' ist der Wurf erleichtert oder erschwert, wird dies in die Berechnung einbezogen.',
aliases: ['talentprobe'],
usage: '<Eigenschaftswert1> <Eigenschaftswert2> <Eigenschaftswert3> [<Fertigkeitswert>] [<-Erschwernis> / <+Erleichterung>]',
needs_args: true,
name: 'tp',
description:
'Du machst eine Fertigkeitsprobe.\n' +
' Es werden drei Würfel auf deine Eigenschaftswerte geworfen. Hast du Boni auf dein Talent und/oder' +
' ist der Wurf erleichtert oder erschwert, wird dies in die Berechnung einbezogen.',
aliases: ['talentprobe'],
usage:
'<Eigenschaftswert1> <Eigenschaftswert2> <Eigenschaftswert3> [<Fertigkeitswert>] [<-Erschwernis> / <+Erleichterung>]',
needs_args: true,
async exec(message, args) {
async exec(message, args) {
if (isNaN(args[0])) {
return message.reply(findMessage('WRONG_ARGUMENTS'));
}
if(isNaN(args[0])) {
return message.reply(findMessage('WRONG_ARGUMENTS'));
}
let Bonus = parseInt(args[3]) || 0;
let Erschwernis = parseInt(args[4]) || 0;
//Random.use(message.author.tag);
//const dice = [];
let bonus = 0;
let bonus_orig = 0;
let erschwernis = 0;
if (args[3]) {
bonus_orig = parseInt(args[3]);
bonus = bonus_orig;
}
if (args[4]) {
erschwernis = parseInt(args[4]);
}
/*for (let i = 1; i <= 3; i++) {
roll.push(Random.int(1, 20));
}*/
const dice = roll(3,20,message.author.tag).dice;
const dice = roll(3, 20, message.author.tag).dice;
let ok = 0;
let patzer = 0;
let crit = 0;
for (let i = 0; i < 3; i++) {
if (Math.floor(parseInt(args[i]) + parseInt(erschwernis)) >= dice[i]) {
ok++;
} else if (
Math.floor(parseInt(args[i]) + parseInt(bonus) + parseInt(erschwernis)) >= dice[i]) {
ok++;
bonus = bonus - (dice[i] - parseInt(erschwernis) - parseInt(args[i]));
}
if (dice[i] == 1) {crit++;}
if (dice[i] == 20) {patzer++;}
}
const {
Passed: Passed,
CriticalHit: CriticalHit,
Fumbles: Fumbles,
PointsRemaining: PointsRemaining} = CompareResults(dice, [args[0], args[1], args[2]], Bonus, Erschwernis);
const Reply = new Discord.MessageEmbed();
Reply.setTitle(`${findMessage('ROLL')} ${dice.join(', ')}.`);
if (patzer >= 2) {
Reply.setColor('#900c3f');
Reply.addFields({
name: findMessage('TITLE_CRIT_FAILURE'),
value: findMessage('MSG_CRIT_FAILURE'),
inline: false
});
} else if (crit >= 2) {
Reply.setColor('#1E8449');
Reply.addFields({
name: findMessage('TITLE_CRIT_SUCCESS'),
value: findMessage('MSG_CRIT_SUCCESS'),
inline: false
});
} else if (ok < 3) {
Reply.addFields({
name: findMessage('TITLE_FAILURE'),
value: 'Nur ' + ok + '/3 Proben erfolgreich. 😪',
inline: false
});
} else {
Reply.addFields({
name: findMessage('TITLE_SUCCESS'),
value: ok + '/3 Proben erfolgreich. Dein Bonus: ' + bonus + '/' + bonus_orig + '.',
inline: false
});
}
message.reply(Reply);
}
};
const Reply = new Discord.MessageEmbed();
Reply.setTitle(`${findMessage('ROLL')} ${dice.join(', ')}.`);
if (Fumbles >= 2) {
Reply.setColor('#900c3f');
Reply.addFields({
name: findMessage('TITLE_CRIT_FAILURE'),
value: findMessage('MSG_CRIT_FAILURE'),
inline: false,
});
} else if (CriticalHit >= 2) {
Reply.setColor('#1E8449');
Reply.addFields({
name: findMessage('TITLE_CRIT_SUCCESS'),
value: findMessage('MSG_CRIT_SUCCESS'),
inline: false,
});
} else if (Passed < 3) {
Reply.addFields({
name: findMessage('TITLE_FAILURE'),
value: `${Passed ? `Nur ${Passed}/3 Proben` : `Keine Probe`} erfolgreich. 😪`,
inline: false,
});
} else {
Reply.addFields({
name: findMessage('TITLE_SUCCESS'),
value: `${Passed}/3 Proben erfolgreich. Dein Bonus: ${PointsRemaining}/${Bonus}`,
inline: false,
});
}
message.reply(Reply);
},
};