From 76d8b01dc9f62f5340d5028ed8b44e5fbc12194b Mon Sep 17 00:00:00 2001 From: sebkuip Date: Thu, 2 Mar 2023 22:54:43 +0100 Subject: [PATCH 1/4] Added the option for secure_plugins_only --- .env.example | 1 + app.json | 4 ++++ cogs/plugins.py | 8 ++++++++ core/config.py | 2 ++ 4 files changed, 15 insertions(+) diff --git a/.env.example b/.env.example index 44c91c59c7..ec0e3c409e 100644 --- a/.env.example +++ b/.env.example @@ -4,3 +4,4 @@ GUILD_ID=1234567890 MODMAIL_GUILD_ID=1234567890 OWNERS=Owner1ID,Owner2ID,Owner3ID CONNECTION_URI=mongodb+srv://mongodburi +SECURE_PLUGINS_ONLY=False \ No newline at end of file diff --git a/app.json b/app.json index 66b5c77752..e9a249d889 100644 --- a/app.json +++ b/app.json @@ -34,6 +34,10 @@ "GITHUB_TOKEN": { "description": "A github personal access token with the repo scope.", "required": false + }, + "SECURE_PLUGINS_ONLY": { + "description": "If set to true, only plugins that are in the registry can be loaded", + "required": false } } } \ No newline at end of file diff --git a/cogs/plugins.py b/cogs/plugins.py index 2bfac509af..0eabf66a36 100644 --- a/cogs/plugins.py +++ b/cogs/plugins.py @@ -302,6 +302,14 @@ async def parse_user_input(self, ctx, plugin_name, check_version=False): plugin = Plugin(user, repo, plugin_name, branch) else: + if not self.bot.config.get("secure_plugins_only", False): + embed = discord.Embed( + description="This plugin is not in the registry. " + "To install it, you must set `SECURE_PLUGINS_ONLY=false` in your .env file or config settings.", + color=self.bot.error_color, + ) + await ctx.send(embed=embed) + return try: plugin = Plugin.from_string(plugin_name) except InvalidPluginError: diff --git a/core/config.py b/core/config.py index 56db40c7b0..f18cbe655e 100644 --- a/core/config.py +++ b/core/config.py @@ -167,6 +167,7 @@ class ConfigManager: "connection_uri": None, # replace mongo uri in the future "owners": None, "enable_presence_intent": False, + "secure_plugins_only": False, # bot "token": None, "enable_plugins": True, @@ -223,6 +224,7 @@ class ConfigManager: "thread_show_join_age", "use_hoisted_top_role", "enable_presence_intent", + "secure_plugins_only", } enums = { From 6436509f96a7e07b01c1f0babcf5d48722e39b3a Mon Sep 17 00:00:00 2001 From: sebkuip Date: Wed, 8 Mar 2023 23:39:32 +0100 Subject: [PATCH 2/4] Change config name --- .env.example | 1 - cogs/plugins.py | 4 ++-- core/config.py | 4 ++-- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.env.example b/.env.example index ec0e3c409e..44c91c59c7 100644 --- a/.env.example +++ b/.env.example @@ -4,4 +4,3 @@ GUILD_ID=1234567890 MODMAIL_GUILD_ID=1234567890 OWNERS=Owner1ID,Owner2ID,Owner3ID CONNECTION_URI=mongodb+srv://mongodburi -SECURE_PLUGINS_ONLY=False \ No newline at end of file diff --git a/cogs/plugins.py b/cogs/plugins.py index 0eabf66a36..c99f74ef40 100644 --- a/cogs/plugins.py +++ b/cogs/plugins.py @@ -302,10 +302,10 @@ async def parse_user_input(self, ctx, plugin_name, check_version=False): plugin = Plugin(user, repo, plugin_name, branch) else: - if not self.bot.config.get("secure_plugins_only", False): + if not self.bot.config.get("registry_plugins_only", False): embed = discord.Embed( description="This plugin is not in the registry. " - "To install it, you must set `SECURE_PLUGINS_ONLY=false` in your .env file or config settings.", + "To install it, you must set `REGISTRY_PLUGINS_ONLY=false` in your .env file or config settings.", color=self.bot.error_color, ) await ctx.send(embed=embed) diff --git a/core/config.py b/core/config.py index f18cbe655e..9a033167b7 100644 --- a/core/config.py +++ b/core/config.py @@ -167,7 +167,7 @@ class ConfigManager: "connection_uri": None, # replace mongo uri in the future "owners": None, "enable_presence_intent": False, - "secure_plugins_only": False, + "registry_plugins_only": False, # bot "token": None, "enable_plugins": True, @@ -224,7 +224,7 @@ class ConfigManager: "thread_show_join_age", "use_hoisted_top_role", "enable_presence_intent", - "secure_plugins_only", + "registry_plugins_only", } enums = { From a862b78b3603985170c4a4e415ecabaf5b043028 Mon Sep 17 00:00:00 2001 From: sebkuip Date: Wed, 8 Mar 2023 23:40:17 +0100 Subject: [PATCH 3/4] Forgot to update app.json --- app.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app.json b/app.json index e9a249d889..093b5a0642 100644 --- a/app.json +++ b/app.json @@ -35,7 +35,7 @@ "description": "A github personal access token with the repo scope.", "required": false }, - "SECURE_PLUGINS_ONLY": { + "REGISTRY_PLUGINS_ONLY": { "description": "If set to true, only plugins that are in the registry can be loaded", "required": false } From 813647f06f1e39870f3971e79fab3f6470c6826d Mon Sep 17 00:00:00 2001 From: sebkuip Date: Wed, 8 Mar 2023 23:44:31 +0100 Subject: [PATCH 4/4] Forgot a period. Thanks taku :( --- app.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app.json b/app.json index 093b5a0642..1cf5d107e4 100644 --- a/app.json +++ b/app.json @@ -36,7 +36,7 @@ "required": false }, "REGISTRY_PLUGINS_ONLY": { - "description": "If set to true, only plugins that are in the registry can be loaded", + "description": "If set to true, only plugins that are in the registry can be loaded.", "required": false } }