DIA
discord.js - Imagine an app•6mo ago
zaki 🇱🇰

Probably a stupid question, but is there security against RCE/ACE?

Hi, I don't like slash commands so i like to code a bot with messageCreate parsing. now, with the syntax 
client.on("messageCreate", (message) => {
    if (!message.content.startsWith(prefix) || message.author.bot) return false; 
        
    console.log(`Message from ${message.author.username}: ${message.content}`);
client.on("messageCreate", (message) => {
    if (!message.content.startsWith(prefix) || message.author.bot) return false; 
        
    console.log(`Message from ${message.author.username}: ${message.content}`);
for example, are there any preventative measures within djs to ensure the someone can't just "$insert code here" to run arbitrary code in the node instance of the bot? Else, should I find a way to parse the message in such a way that it prevents this? I'm pretty inexperienced with js so I appreciate your patience. Thanks!
9 Replies
d.js toolkit
d.js toolkit•6mo ago
- What's your exact discord.js npm list discord.js and node node -v version? - Not a discord.js issue? Check out #other-js-ts. - Consider reading #how-to-get-help to improve your question! - Explain what exactly your issue is. - Post the full error stack trace, not just the top part! - Show your code! - Issue solved? Press the button! - ✅ Marked as resolved by OP
treble/luna
treble/luna•6mo ago
not really no unless you use eval somewhere
monbrey
monbrey•6mo ago
Remote code execution implies injecting something into a script that actually executes code This really doesnt with the exception of an eval command like wolvinny said
treble/luna
treble/luna•6mo ago
though ive seen funky stuff with SQL injection
monbrey
monbrey•6mo ago
As far as I know, its not possible to enter something that would break out of this template literal and cause execution, no
zaki 🇱🇰
zaki 🇱🇰OP•6mo ago
:Think: So i just need to ensure I never have an eval() called on the message.content, yes?
monbrey
monbrey•6mo ago
pretty much
zaki 🇱🇰
zaki 🇱🇰OP•6mo ago
js is fun 🙂 thanks!
monbrey
monbrey•6mo ago
Closest thing I've seen to "exploits" is tricking your bot into pinging everyone
Want results from more Discord servers?
Add your server