HappyTanuki/BumbleCee
1
0
Fork 0
mirror of https://github.com/HappyTanuki/BumbleCee.git synced 2025-10-26 09:55:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

아마도? 쉘 인젝션 취약점 픽스

Browse Source
This commit is contained in:
HappyTanuki
2025-03-07 17:19:58 +09:00
parent 5760f1afdc
commit 77d16c1cdb
14 changed files with 2849 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
src/Commands/Play.cpp
View File

@@ -3,6 +3,7 @@
#include <Settings/SettingsManager.hpp>
#include <dpp/nlohmann/json.hpp>
#include <Utils/QueuedMusicListEmbedProvider.hpp>
#include <Utils/ConsoleUtils.hpp>
#include <variant>
namespace bumbleBee::commands {
@@ -23,12 +24,20 @@ namespace bumbleBee::commands {
return;
}
std::string query = std::get<std::string>(event.get_parameter("query"));
query = "\"" + query + "\"";
// query = "\"" + query + "\"";
std::queue<std::string> ids =
ConsoleUtils::getResultFromCommand(
SettingsManager::getYTDLP_CMD() +
" --default-search ytsearch --flat-playlist --skip-download --quiet --ignore-errors --print id " + query);
ConsoleUtils::safe_execute_command(
SettingsManager::getYTDLP_CMD(), {
"--default-search",
"ytsearch",
"--flat-playlist",
"--skip-download",
"--quiet",
"--ignore-errors",
"--print",
"id",
query});
std::queue<std::shared_ptr<MusicQueueElement>> musics;
@@ -46,19 +55,18 @@ namespace bumbleBee::commands {
ids.pop();
}
FILE* file = popen((SettingsManager::getYTDLP_CMD() +
" --default-search ytsearch --flat-playlist --skip-download --quiet --ignore-errors -J http://youtu.be/" + ids.front()).c_str(), "r");
std::ostringstream oss;
char buffer[1024];
size_t bytesRead;
while ((bytesRead = fread(buffer, 1, sizeof(buffer), file)) > 0) {
oss.write(buffer, bytesRead);
}
pclose(file);
std::string jsonData = ConsoleUtils::safe_execute_command(SettingsManager::getYTDLP_CMD(), {
"--default-search",
"ytsearch",
"--flat-playlist",
"--skip-download",
"--quiet",
"--ignore-errors",
"-J",
"http://youtu.be/" + ids.front()
}).front();
std::istringstream iss(oss.str());
std::istringstream iss(jsonData);
nlohmann::json videoDataJson;
iss >> videoDataJson;
@@ -108,19 +116,18 @@ namespace bumbleBee::commands {
continue;
}
FILE* file = popen((SettingsManager::getYTDLP_CMD() +
" --default-search ytsearch --flat-playlist --skip-download --quiet --ignore-errors -J http://youtu.be/" + ids.front()).c_str(), "r");
std::ostringstream oss;
char buffer[1024];
size_t bytesRead;
while ((bytesRead = fread(buffer, 1, sizeof(buffer), file)) > 0) {
oss.write(buffer, bytesRead);
}
pclose(file);
std::istringstream iss(oss.str());
std::string jsonData = ConsoleUtils::safe_execute_command(SettingsManager::getYTDLP_CMD(), {
"--default-search",
"ytsearch",
"--flat-playlist",
"--skip-download",
"--quiet",
"--ignore-errors",
"-J",
"http://youtu.be/" + ids.front()
}).front();
std::istringstream iss(jsonData);
nlohmann::json videoDataJson;
iss >> videoDataJson;

12
src/Settings/SettingsManager.cpp
View File

@@ -14,13 +14,19 @@ bool SettingsManager::REGISTER_COMMAND = false;
bool SettingsManager::validateToken() {
nlohmann::json response;
if (ConsoleUtils::getResultFromCommand("which curl").size() == 0) {
std::string curl = ConsoleUtils::safe_execute_command("/usr/bin/which", {"curl"}).front();
if (curl == "") {
std::cout << "curl is unavaliable. unresolable error please install curl." << std::endl;
return false;
}
std::string stresult = ConsoleUtils::getResultFromCommand("curl -sX GET \"https://discord.com/api/v10/users/@me\" -H \"Authorization: Bot " +
TOKEN + "\"").front();
std::string stresult = ConsoleUtils::safe_execute_command(curl, {
"-sX",
"GET",
"https://discord.com/api/v10/users/@me",
"-H",
"Authorization: Bot " + TOKEN + ""
}).front();
std::stringstream ss(stresult);
ss >> response;

29
src/Utils/AsyncDownloadManager.cpp
View File

@@ -38,8 +38,17 @@ void AsyncDownloadManager::downloadWorker() {
cluster->log(dpp::ll_info, "AsyncDownloadManager: " + query + " accepted.");
std::queue<std::string> ids =
ConsoleUtils::getResultFromCommand(SettingsManager::getYTDLP_CMD() +
" --default-search ytsearch --flat-playlist --skip-download --quiet --ignore-errors --print id " + query);
ConsoleUtils::safe_execute_command(
SettingsManager::getYTDLP_CMD(), {
"--default-search",
"ytsearch",
"--flat-playlist",
"--skip-download",
"--quiet",
"--ignore-errors",
"--print",
"id",
query});
if (ids.size() >= 2) {
cluster->log(dpp::ll_info, query + " is playlist");
@@ -56,8 +65,13 @@ void AsyncDownloadManager::downloadWorker() {
}
std::queue<std::string> urls =
ConsoleUtils::getResultFromCommand(SettingsManager::getYTDLP_CMD() +
" -f ba* --print urls https://youtu.be/" + ids.front());
ConsoleUtils::safe_execute_command(SettingsManager::getYTDLP_CMD(), {
"-f",
"ba*",
"--print",
"urls",
"https://youtu.be/" + ids.front()
});
cluster->log(dpp::ll_debug, "url: " + urls.front());
@@ -75,8 +89,11 @@ void AsyncDownloadManager::downloadWorker() {
cluster->log(dpp::ll_info, "Thread id: " + tid.str() + ": " + downloadID + " accepted.");
std::string command = std::string("./streamOpus.sh " + SettingsManager::getYTDLP_CMD() + " " + downloadID + " " + SettingsManager::getFFMPEG_CMD());
stream = popen(command.c_str(), "r");
stream = ConsoleUtils::safe_open_pipe("./streamOpus.sh", {
SettingsManager::getYTDLP_CMD(),
downloadID,
SettingsManager::getFFMPEG_CMD()
});
cluster->log(dpp::ll_info, "Thread id: " + tid.str() + " Opened stream: " + downloadID);
});