diff options
| author | ilotterytea <iltsu@alright.party> | 2024-05-13 22:49:34 +0500 |
|---|---|---|
| committer | ilotterytea <iltsu@alright.party> | 2024-05-13 22:49:34 +0500 |
| commit | 5b921c9a983b3f2588c0e151c28b26e45cf95f87 (patch) | |
| tree | 65af1692fca69e9306c35e2bc44ea29a73ec1c0e | |
| parent | ec6c25c4d18bcc56f4a1a3e6a824492a564a26d3 (diff) | |
feat: check if the message has sql injection
| -rw-r--r-- | src/handlers.cpp | 10 | ||||
| -rw-r--r-- | src/utils/string.cpp | 15 | ||||
| -rw-r--r-- | src/utils/string.hpp | 2 |
3 files changed, 27 insertions, 0 deletions
diff --git a/src/handlers.cpp b/src/handlers.cpp index a7d768d..add59f0 100644 --- a/src/handlers.cpp +++ b/src/handlers.cpp @@ -1,6 +1,7 @@ #include "handlers.hpp" #include <exception> +#include <iostream> #include <optional> #include <pqxx/pqxx> #include <string> @@ -12,6 +13,7 @@ #include "commands/request_util.hpp" #include "irc/message.hpp" #include "localization/line_id.hpp" +#include "utils/string.hpp" namespace bot::handlers { void handle_private_message( @@ -19,6 +21,14 @@ namespace bot::handlers { const command::CommandLoader &command_loader, const irc::Message<irc::MessageType::Privmsg> &message, pqxx::connection &conn) { + if (utils::string::string_contains_sql_injection(message.message)) { + std::cout << "[TWITCH HANDLER] Attempted to process the message, but it " + "seems to contain SQL " + "injection symbols: " + << message.message << "\n"; + return; + } + std::optional<command::Request> request = command::generate_request(command_loader, message, conn); diff --git a/src/utils/string.cpp b/src/utils/string.cpp index 9727f3f..b8ba269 100644 --- a/src/utils/string.cpp +++ b/src/utils/string.cpp @@ -1,5 +1,6 @@ #include "string.hpp" +#include <algorithm> #include <iostream> #include <sstream> #include <string> @@ -48,6 +49,20 @@ namespace bot { return str; } + + bool string_contains_sql_injection(const std::string &input) { + std::string forbidden_strings[] = {";", "--", "'", "\"", + "/*", "*/", "xp_", "exec", + "sp_", "insert", "select", "delete"}; + + for (const auto &str : forbidden_strings) { + if (input.find(str) != std::string::npos) { + return true; + } + } + + return false; + } } } } diff --git a/src/utils/string.hpp b/src/utils/string.hpp index 5c9a088..c8385ad 100644 --- a/src/utils/string.hpp +++ b/src/utils/string.hpp @@ -25,6 +25,8 @@ namespace bot { } return ss.str(); } + + bool string_contains_sql_injection(const std::string &input); } } } |