3
0
mirror of https://github.com/pragma-/pbot.git synced 2024-11-27 06:19:25 +01:00

Temporarily disable code-factoids

There are a wide range of potential denial-of-service attacks possible
without severely restricting the allowed opcodes. As such, we are
setting code-factoids' default state to disabled. Enable at your own risk.

There are plans to move the code-factoid logic to a virtual machine.
This commit is contained in:
Pragmatic Software 2017-09-03 01:38:25 -07:00
parent 58a629eca4
commit b6aecce701

View File

@ -546,6 +546,8 @@ sub expand_action_arguments {
sub execute_code_factoid { sub execute_code_factoid {
my ($self, $nick, $from, $chan, $root_keyword, $keyword, $arguments, $code, $tonick) = @_; my ($self, $nick, $from, $chan, $root_keyword, $keyword, $arguments, $code, $tonick) = @_;
return "/say code-factoids are temporarily disabled.";
my $ppi = PPI::Document->new(\$code, readonly => 1); my $ppi = PPI::Document->new(\$code, readonly => 1);
return "/say $nick: I don't feel so good." if not $ppi; return "/say $nick: I don't feel so good." if not $ppi;
my $vars = $ppi->find(sub { $_[1]->isa('PPI::Token::Symbol') }); my $vars = $ppi->find(sub { $_[1]->isa('PPI::Token::Symbol') });