From 2b851c813c0c0937c61ae650a4ee9324bac70038 Mon Sep 17 00:00:00 2001
From: JandereDev <me@janderedev.xyz>
Date: Wed, 13 Oct 2021 21:21:01 +0200
Subject: [PATCH] dont you fucking love it when you leak your db secret in
 #general

---
 src/bot/commands/eval.ts  | 21 +++++++++++++++++----
 src/bot/commands/warns.ts |  4 ++--
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/src/bot/commands/eval.ts b/src/bot/commands/eval.ts
index 14bd012..ee306e0 100644
--- a/src/bot/commands/eval.ts
+++ b/src/bot/commands/eval.ts
@@ -1,6 +1,7 @@
 import Command from "../../struct/Command";
 import { Message } from "revolt.js/dist/maps/Messages";
 import { inspect } from 'util';
+import { client } from "../..";
 
 export default {
     name: 'eval',
@@ -23,19 +24,31 @@ export default {
                 await m?.edit({ content: `## **Promise**<pending>` });
                 e.then((res) => {
                     m?.edit({
-                        content: `## **Promise**<resolved>\n\`\`\`js\n${`${inspect(res)}`.substr(0, 1960)}\n\`\`\``
+                        content: `## **Promise**<resolved>\n\`\`\`js\n${render(res)}\n\`\`\``
                     });
                 })
                 .catch((res) => {
                     m?.edit({
-                        content: `## **Promise**<rejected>\n\`\`\`js\n${`${inspect(res)}`.substr(0, 1960)}\n\`\`\``
+                        content: `## **Promise**<rejected>\n\`\`\`js\n${render(res)}\n\`\`\``
                     });
                 });
             } else {
-                message.channel?.sendMessage(`\`\`\`js\n${inspect(e).substr(0, 1980)}\n\`\`\``);
+                message.channel?.sendMessage(`\`\`\`js\n${render(e)}\n\`\`\``);
             }
         } catch(e) {
-            m?.edit({ content: `## Execution failed\n\`\`\`js\n${inspect(e).substr(0, 1960)}\n\`\`\`` });
+            m?.edit({ content: `## Execution failed\n\`\`\`js\n${render(e)}\n\`\`\`` });
         }
     }
 } as Command;
+
+function removeSecrets(input: string): string {
+    if (process.env['DB_PASS']) input = input.replace(new RegExp(process.env['DB_PASS']!, 'gi'), '[Secret redacted]');
+    if (process.env['DB_URL']) input = input.replace(new RegExp(process.env['DB_URL']!, 'gi'), '[Secret redacted]');
+    input = input.replace(new RegExp(process.env['BOT_TOKEN']!, 'gi'), '[Secret redacted]');
+        
+    return input;
+}
+
+function render(input: any): string {
+    return removeSecrets(inspect(input)).substr(0, 1960);
+}
diff --git a/src/bot/commands/warns.ts b/src/bot/commands/warns.ts
index 6474313..421d1b9 100644
--- a/src/bot/commands/warns.ts
+++ b/src/bot/commands/warns.ts
@@ -3,7 +3,7 @@ import { Message } from "revolt.js/dist/maps/Messages";
 import { client } from "../..";
 import Infraction from "../../struct/antispam/Infraction";
 import InfractionType from "../../struct/antispam/InfractionType";
-import { isModerator, parseUser } from "../util";
+import { isModerator, NO_MANAGER_MSG, parseUser } from "../util";
 import Day from 'dayjs';
 import RelativeTime from 'dayjs/plugin/relativeTime';
 import Xlsx from 'xlsx';
@@ -18,7 +18,7 @@ export default {
     description: 'Show all user infractions',
     syntax: '/warns; /warns @username; /warns @username export-csv',
     run: async (message: Message, args: string[]) => {
-        if (!await isModerator(message.member!)) return;
+        if (!await isModerator(message.member!)) return message.reply(NO_MANAGER_MSG);
 
         let collection = client.db.get('infractions');
         let infractions: Array<Infraction> = await collection.find({