From 5b921c9a983b3f2588c0e151c28b26e45cf95f87 Mon Sep 17 00:00:00 2001
From: ilotterytea <iltsu@alright.party>
Date: Mon, 13 May 2024 22:49:34 +0500
Subject: feat: check if the message has sql injection

---
 src/handlers.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'src/handlers.cpp')

diff --git a/src/handlers.cpp b/src/handlers.cpp
index a7d768d..add59f0 100644
--- a/src/handlers.cpp
+++ b/src/handlers.cpp
@@ -1,6 +1,7 @@
 #include "handlers.hpp"
 
 #include <exception>
+#include <iostream>
 #include <optional>
 #include <pqxx/pqxx>
 #include <string>
@@ -12,6 +13,7 @@
 #include "commands/request_util.hpp"
 #include "irc/message.hpp"
 #include "localization/line_id.hpp"
+#include "utils/string.hpp"
 
 namespace bot::handlers {
   void handle_private_message(
@@ -19,6 +21,14 @@ namespace bot::handlers {
       const command::CommandLoader &command_loader,
       const irc::Message<irc::MessageType::Privmsg> &message,
       pqxx::connection &conn) {
+    if (utils::string::string_contains_sql_injection(message.message)) {
+      std::cout << "[TWITCH HANDLER] Attempted to process the message, but it "
+                   "seems to contain SQL "
+                   "injection symbols: "
+                << message.message << "\n";
+      return;
+    }
+
     std::optional<command::Request> request =
         command::generate_request(command_loader, message, conn);
 
-- 
cgit v1.2.3