From d99a0d84bf3f473a5b78cf8b16b72c7ca927fdb0 Mon Sep 17 00:00:00 2001 From: Georg Pfuetzenreuter Date: Wed, 2 Oct 2024 21:40:30 +0200 Subject: [PATCH] Strip formatting codes To allow for correct parsing of messages containing formatting codes and to avoid exploitation of unparseable messages, strip all formatting codes from a message when entering the parsing chain. Signed-off-by: Georg Pfuetzenreuter --- go.mod | 1 + go.sum | 2 ++ wat/bot.go | 3 ++- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 84d6919..cbffbfa 100644 --- a/go.mod +++ b/go.mod @@ -4,6 +4,7 @@ go 1.15 require ( github.com/creasty/defaults v1.8.0 + github.com/ergochat/irc-go v0.4.0 github.com/go-irc/irc v2.1.0+incompatible github.com/stretchr/testify v1.9.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index 0d79cef..22b3d5e 100644 --- a/go.sum +++ b/go.sum @@ -3,6 +3,8 @@ github.com/creasty/defaults v1.8.0/go.mod h1:iGzKe6pbEHnpMPtfDXZEr0NVxWnPTjb1bbD github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/ergochat/irc-go v0.4.0 h1:0YibCKfAAtwxQdNjLQd9xpIEPisLcJ45f8FNsMHAuZc= +github.com/ergochat/irc-go v0.4.0/go.mod h1:2vi7KNpIPWnReB5hmLpl92eMywQvuIeIIGdt/FQCph0= github.com/go-irc/irc v2.1.0+incompatible h1:pg7pMVq5OYQbqTxceByD/EN8VIsba7DtKn49rsCnG8Y= github.com/go-irc/irc v2.1.0+incompatible/go.mod h1:jJILTRy8s/qOvusiKifAEfhQMVwft1ZwQaVJnnzmyX4= github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E= diff --git a/wat/bot.go b/wat/bot.go index 41c030f..ffa6d8b 100644 --- a/wat/bot.go +++ b/wat/bot.go @@ -6,6 +6,7 @@ import ( "strings" "github.com/go-irc/irc" + "github.com/ergochat/irc-go/ircfmt" ) type WatBot struct { @@ -104,7 +105,7 @@ func (w *WatBot) Msg(m *irc.Message) { } // fieldsfunc allows you to obtain rune separated fields/args - args := strings.FieldsFunc(m.Params[1], func(c rune) bool { return c == ' ' }) + args := strings.FieldsFunc(ircfmt.Strip(m.Params[1]), func(c rune) bool { return c == ' ' }) if len(args) == 0 { return -- 2.35.3