Add SQL injection commands

2024-10-02 18:23:12 +00:00 · 2023-06-21 09:43:11 -04:00 · 2023-06-21 09:43:11 -04:00 · efe166d999
commit efe166d999
parent ab0573b2fa
5 changed files with 87 additions and 35 deletions
--- a/db/database.py
+++ b/db/database.py
@ -15,16 +15,13 @@ def create_connection():
 def execute_query(query, values=None):
    conn = create_connection()
    cursor = conn.cursor()
-    try:
-        if values:
-            cursor.execute(query, values)
-        else:
-            cursor.execute(query)

-        conn.commit()
-    except Error as e:
-        print("'execute_query()' Error occurred: {}".format(e))
+    if values:
+        cursor.execute(query, values)
+    else:
+        cursor.execute(query)

+    conn.commit()
    return cursor


@ -32,30 +29,22 @@ def select_query(query, values=None):
    conn = create_connection()
    cursor = conn.cursor()

-    try:
-        if values:
-            return cursor.execute(query, values).fetchall()
-        else:
-            return cursor.execute(query).fetchall()
-
-    except Error as e:
-        return f"ERROR: {e}"
+    if values:
+        return cursor.execute(query, values).fetchall()
+    else:
+        return cursor.execute(query).fetchall()


 def select_query_one(query, values=None):
    conn = create_connection()
    cursor = conn.cursor()

-    try:
-        if values:
-            output = cursor.execute(query, values).fetchone()
-        else:
-            output = cursor.execute(query).fetchone()
+    if values:
+        output = cursor.execute(query, values).fetchone()
+    else:
+        output = cursor.execute(query).fetchone()

-        if output:
-            return output[0]
+    if output:
+        return output[0]

-        return None
-
-    except Error as e:
-        return f"ERROR: {e}"
+    return None
--- a/modules/basic.py
+++ b/modules/basic.py
@ -13,7 +13,8 @@ class Basic(commands.Cog):

    @commands.slash_command(
        name="ping",
-        description="Show the bot's latency."
+        description="Show the bot's latency.",
+        guild_only=True
    )
    @commands.check(universal.channel_check)
    async def ping(self, ctx):
--- a/modules/owneronly.py
+++ b/modules/owneronly.py
@ -0,0 +1,60 @@
+import json
+import os
+import sqlite3
+
+import discord
+from discord.ext import commands
+from dotenv import load_dotenv
+
+from db import database
+from sb_tools import universal
+
+load_dotenv('.env')
+
+active_blackjack_games = {}
+special_balance_name = os.getenv("SPECIAL_BALANCE_NAME")
+cash_balance_name = os.getenv("CASH_BALANCE_NAME")
+
+with open("config/economy.json") as file:
+    json_data = json.load(file)
+
+
+class OwnerOnly(commands.Cog):
+    def __init__(self, sbbot):
+        self.bot = sbbot
+
+    sql = discord.SlashCommandGroup(name="sql", description="Perform SQL commands (DANGEROUS)")
+
+    @sql.command(
+        name="select",
+        description="Perform a SELECT query in the database.",
+        guild_only=True
+    )
+    @commands.check(universal.owner_check)
+    async def select(self, ctx, *, query: discord.Option(str)):
+        if query.lower().startswith("select "):
+            query = query[7:]
+
+        try:
+            results = database.select_query(f"SELECT {query}")
+        except sqlite3.Error as error:
+            results = error
+
+        return await ctx.respond(content=f"```SELECT {query}```\n```{results}```", ephemeral=True)
+
+    @sql.command(
+        name="inject",
+        description="Change a value in the database. (DANGEROUS)",
+        guild_only=True
+    )
+    @commands.check(universal.owner_check)
+    async def inject(self, ctx, *, query: discord.Option(str)):
+        try:
+            database.execute_query(query)
+            await ctx.respond(content=f"That worked!\n```{query}```", ephemeral=True)
+        except sqlite3.Error as error:
+            await ctx.respond(content=f"Query:\n```{query}```\nError message:\n```{error}```", ephemeral=True)
+
+
+def setup(sbbot):
+    sbbot.add_cog(OwnerOnly(sbbot))
--- a/modules/stats.py
+++ b/modules/stats.py
@ -27,7 +27,8 @@ class Stats(commands.Cog):

    @stats.command(
        name="all",
-        description="Show the stats for all Racu users."
+        description="Show the stats for all Racu users.",
+        guild_only=True
    )
    # @commands.check(universal.channel_check)
    @commands.check(universal.beta_check)
@ -69,7 +70,8 @@ class Stats(commands.Cog):

    @stats.command(
        name="me",
-        description="Show your personal Racu stats."
+        description="Show your personal Racu stats.",
+        guild_only=True
    )
    # @commands.check(universal.channel_check)
    @commands.check(universal.beta_check)
--- a/sb_tools/universal.py
+++ b/sb_tools/universal.py
@ -1,8 +1,8 @@
-import discord
-from discord.ext import commands
-from dotenv import load_dotenv
 import os

+import discord
+from dotenv import load_dotenv
+
 load_dotenv('.env')


@ -25,7 +25,7 @@ async def beta_check(ctx):
                                          f"fine-tuning to ensure the best experience for all users. Stay tuned for its "
                                          f"official release.",
                              color=discord.Color.red())
-        await ctx.respond(embed=embed)
+        await ctx.respond(embed=embed, ephemeral=True)
        return False

    return True
@ -36,7 +36,7 @@ async def owner_check(ctx):
    if ctx.author.id != int(owner_id):
        embed = discord.Embed(description=f"Only Tess can do this command.",
                              color=discord.Color.red())
-        await ctx.respond(embed=embed)
+        await ctx.respond(embed=embed, ephemeral=True)
        return False

    return True