Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Users can spam commands to destroy the CPU #624

Closed
lokka30 opened this issue Apr 25, 2021 · 1 comment · Fixed by #722 or #721
Closed

Users can spam commands to destroy the CPU #624

lokka30 opened this issue Apr 25, 2021 · 1 comment · Fixed by #722 or #721
Labels
core commands This issues involves piqueserver's core commands enhancement This issue is a feature request for improvement of an already existing feature priority:normal This issue has a limited impact or is only noticable in specific circumstances

Comments

@lokka30
Copy link
Contributor

lokka30 commented Apr 25, 2021

Describe the bug
Users can spam commands such as /commands to destroy the CPU.

I believe this issue is solely caused by the 'send user a list of messages' code. See Expected behavior below.

To fix this, I believe the commands should be locked until the previous usage of the command has finished sending the entire list of messages.

To Reproduce
Have a bot rapidly run list-based commands such as /commands, and most likely also /scripts, /help, and so on.

Expected behavior
This is where the issue kind-of separates into a feature request. Here's the intended behavior I am thinking of:

  1. User runs /commands
  2. Commands start to display to the user
  3. Two seconds later, whilst the previous command is still being ran, the user runs /commands again
  4. Second command fails as the user is already being displayed the output of /commands from their first usage.

Stack Trace or logs
Well, my logs would be full of someone destroying the server by constantly running such commands.

Server (please complete the following information):
Not applicable to the issue.

Client (if relevant)
Not applicable to the issue.

Additional context
I have temporarily disabled these commands on The Hallway due to their misuse.
@lokka30 lokka30 added bug This issue reports a bug in piqueserver code and/or docs triage The Priority of this Bug has not been decided yet. labels Apr 25, 2021
@lokka30 lokka30 mentioned this issue Jun 9, 2022
Merged
4 tasks
@lokka30
Copy link
Contributor Author

lokka30 commented Jun 11, 2022

This is resolved by my two PRs, #721 and #722

@utf-4096 utf-4096 added enhancement This issue is a feature request for improvement of an already existing feature core commands This issues involves piqueserver's core commands priority:normal This issue has a limited impact or is only noticable in specific circumstances and removed bug This issue reports a bug in piqueserver code and/or docs triage The Priority of this Bug has not been decided yet. labels May 16, 2024
This was linked to pull requests May 16, 2024
Patch send_lines exploit #722
Merged
Add command anti-spam #721
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
core commands This issues involves piqueserver's core commands enhancement This issue is a feature request for improvement of an already existing feature priority:normal This issue has a limited impact or is only noticable in specific circumstances
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Patch send_lines exploit lokka30/piqueserver
Add command anti-spam lokka30/piqueserver
2 participants
@utf-4096 @lokka30