mirror of
https://github.com/wlinator/luminara.git
synced 2024-10-02 20:23:12 +00:00
Add SQL injection commands
This commit is contained in:
parent
ab0573b2fa
commit
efe166d999
5 changed files with 87 additions and 35 deletions
|
@ -15,16 +15,13 @@ def create_connection():
|
||||||
def execute_query(query, values=None):
|
def execute_query(query, values=None):
|
||||||
conn = create_connection()
|
conn = create_connection()
|
||||||
cursor = conn.cursor()
|
cursor = conn.cursor()
|
||||||
try:
|
|
||||||
if values:
|
|
||||||
cursor.execute(query, values)
|
|
||||||
else:
|
|
||||||
cursor.execute(query)
|
|
||||||
|
|
||||||
conn.commit()
|
if values:
|
||||||
except Error as e:
|
cursor.execute(query, values)
|
||||||
print("'execute_query()' Error occurred: {}".format(e))
|
else:
|
||||||
|
cursor.execute(query)
|
||||||
|
|
||||||
|
conn.commit()
|
||||||
return cursor
|
return cursor
|
||||||
|
|
||||||
|
|
||||||
|
@ -32,30 +29,22 @@ def select_query(query, values=None):
|
||||||
conn = create_connection()
|
conn = create_connection()
|
||||||
cursor = conn.cursor()
|
cursor = conn.cursor()
|
||||||
|
|
||||||
try:
|
if values:
|
||||||
if values:
|
return cursor.execute(query, values).fetchall()
|
||||||
return cursor.execute(query, values).fetchall()
|
else:
|
||||||
else:
|
return cursor.execute(query).fetchall()
|
||||||
return cursor.execute(query).fetchall()
|
|
||||||
|
|
||||||
except Error as e:
|
|
||||||
return f"ERROR: {e}"
|
|
||||||
|
|
||||||
|
|
||||||
def select_query_one(query, values=None):
|
def select_query_one(query, values=None):
|
||||||
conn = create_connection()
|
conn = create_connection()
|
||||||
cursor = conn.cursor()
|
cursor = conn.cursor()
|
||||||
|
|
||||||
try:
|
if values:
|
||||||
if values:
|
output = cursor.execute(query, values).fetchone()
|
||||||
output = cursor.execute(query, values).fetchone()
|
else:
|
||||||
else:
|
output = cursor.execute(query).fetchone()
|
||||||
output = cursor.execute(query).fetchone()
|
|
||||||
|
|
||||||
if output:
|
if output:
|
||||||
return output[0]
|
return output[0]
|
||||||
|
|
||||||
return None
|
return None
|
||||||
|
|
||||||
except Error as e:
|
|
||||||
return f"ERROR: {e}"
|
|
||||||
|
|
|
@ -13,7 +13,8 @@ class Basic(commands.Cog):
|
||||||
|
|
||||||
@commands.slash_command(
|
@commands.slash_command(
|
||||||
name="ping",
|
name="ping",
|
||||||
description="Show the bot's latency."
|
description="Show the bot's latency.",
|
||||||
|
guild_only=True
|
||||||
)
|
)
|
||||||
@commands.check(universal.channel_check)
|
@commands.check(universal.channel_check)
|
||||||
async def ping(self, ctx):
|
async def ping(self, ctx):
|
||||||
|
|
60
modules/owneronly.py
Normal file
60
modules/owneronly.py
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
import json
|
||||||
|
import os
|
||||||
|
import sqlite3
|
||||||
|
|
||||||
|
import discord
|
||||||
|
from discord.ext import commands
|
||||||
|
from dotenv import load_dotenv
|
||||||
|
|
||||||
|
from db import database
|
||||||
|
from sb_tools import universal
|
||||||
|
|
||||||
|
load_dotenv('.env')
|
||||||
|
|
||||||
|
active_blackjack_games = {}
|
||||||
|
special_balance_name = os.getenv("SPECIAL_BALANCE_NAME")
|
||||||
|
cash_balance_name = os.getenv("CASH_BALANCE_NAME")
|
||||||
|
|
||||||
|
with open("config/economy.json") as file:
|
||||||
|
json_data = json.load(file)
|
||||||
|
|
||||||
|
|
||||||
|
class OwnerOnly(commands.Cog):
|
||||||
|
def __init__(self, sbbot):
|
||||||
|
self.bot = sbbot
|
||||||
|
|
||||||
|
sql = discord.SlashCommandGroup(name="sql", description="Perform SQL commands (DANGEROUS)")
|
||||||
|
|
||||||
|
@sql.command(
|
||||||
|
name="select",
|
||||||
|
description="Perform a SELECT query in the database.",
|
||||||
|
guild_only=True
|
||||||
|
)
|
||||||
|
@commands.check(universal.owner_check)
|
||||||
|
async def select(self, ctx, *, query: discord.Option(str)):
|
||||||
|
if query.lower().startswith("select "):
|
||||||
|
query = query[7:]
|
||||||
|
|
||||||
|
try:
|
||||||
|
results = database.select_query(f"SELECT {query}")
|
||||||
|
except sqlite3.Error as error:
|
||||||
|
results = error
|
||||||
|
|
||||||
|
return await ctx.respond(content=f"```SELECT {query}```\n```{results}```", ephemeral=True)
|
||||||
|
|
||||||
|
@sql.command(
|
||||||
|
name="inject",
|
||||||
|
description="Change a value in the database. (DANGEROUS)",
|
||||||
|
guild_only=True
|
||||||
|
)
|
||||||
|
@commands.check(universal.owner_check)
|
||||||
|
async def inject(self, ctx, *, query: discord.Option(str)):
|
||||||
|
try:
|
||||||
|
database.execute_query(query)
|
||||||
|
await ctx.respond(content=f"That worked!\n```{query}```", ephemeral=True)
|
||||||
|
except sqlite3.Error as error:
|
||||||
|
await ctx.respond(content=f"Query:\n```{query}```\nError message:\n```{error}```", ephemeral=True)
|
||||||
|
|
||||||
|
|
||||||
|
def setup(sbbot):
|
||||||
|
sbbot.add_cog(OwnerOnly(sbbot))
|
|
@ -27,7 +27,8 @@ class Stats(commands.Cog):
|
||||||
|
|
||||||
@stats.command(
|
@stats.command(
|
||||||
name="all",
|
name="all",
|
||||||
description="Show the stats for all Racu users."
|
description="Show the stats for all Racu users.",
|
||||||
|
guild_only=True
|
||||||
)
|
)
|
||||||
# @commands.check(universal.channel_check)
|
# @commands.check(universal.channel_check)
|
||||||
@commands.check(universal.beta_check)
|
@commands.check(universal.beta_check)
|
||||||
|
@ -69,7 +70,8 @@ class Stats(commands.Cog):
|
||||||
|
|
||||||
@stats.command(
|
@stats.command(
|
||||||
name="me",
|
name="me",
|
||||||
description="Show your personal Racu stats."
|
description="Show your personal Racu stats.",
|
||||||
|
guild_only=True
|
||||||
)
|
)
|
||||||
# @commands.check(universal.channel_check)
|
# @commands.check(universal.channel_check)
|
||||||
@commands.check(universal.beta_check)
|
@commands.check(universal.beta_check)
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
import discord
|
|
||||||
from discord.ext import commands
|
|
||||||
from dotenv import load_dotenv
|
|
||||||
import os
|
import os
|
||||||
|
|
||||||
|
import discord
|
||||||
|
from dotenv import load_dotenv
|
||||||
|
|
||||||
load_dotenv('.env')
|
load_dotenv('.env')
|
||||||
|
|
||||||
|
|
||||||
|
@ -25,7 +25,7 @@ async def beta_check(ctx):
|
||||||
f"fine-tuning to ensure the best experience for all users. Stay tuned for its "
|
f"fine-tuning to ensure the best experience for all users. Stay tuned for its "
|
||||||
f"official release.",
|
f"official release.",
|
||||||
color=discord.Color.red())
|
color=discord.Color.red())
|
||||||
await ctx.respond(embed=embed)
|
await ctx.respond(embed=embed, ephemeral=True)
|
||||||
return False
|
return False
|
||||||
|
|
||||||
return True
|
return True
|
||||||
|
@ -36,7 +36,7 @@ async def owner_check(ctx):
|
||||||
if ctx.author.id != int(owner_id):
|
if ctx.author.id != int(owner_id):
|
||||||
embed = discord.Embed(description=f"Only Tess can do this command.",
|
embed = discord.Embed(description=f"Only Tess can do this command.",
|
||||||
color=discord.Color.red())
|
color=discord.Color.red())
|
||||||
await ctx.respond(embed=embed)
|
await ctx.respond(embed=embed, ephemeral=True)
|
||||||
return False
|
return False
|
||||||
|
|
||||||
return True
|
return True
|
||||||
|
|
Loading…
Reference in a new issue