From fafaefa1fbafddf9216d2f5ddaad0177cf3fb4bc Mon Sep 17 00:00:00 2001
From: Dragory <2606411+Dragory@users.noreply.github.com>
Date: Sat, 25 Nov 2023 12:28:28 +0200
Subject: [PATCH] feat: limit logs timestamp_format length

---
 backend/src/plugins/Logs/LogsPlugin.ts |  5 +++--
 backend/src/plugins/Logs/types.ts      |  5 +++--
 backend/src/utils/iotsUtils.ts         | 17 +++++++++++++++++
 3 files changed, 23 insertions(+), 4 deletions(-)
 create mode 100644 backend/src/utils/iotsUtils.ts

diff --git a/backend/src/plugins/Logs/LogsPlugin.ts b/backend/src/plugins/Logs/LogsPlugin.ts
index bd970160..e56ba756 100644
--- a/backend/src/plugins/Logs/LogsPlugin.ts
+++ b/backend/src/plugins/Logs/LogsPlugin.ts
@@ -110,6 +110,7 @@ import { logVoiceChannelForceMove } from "./logFunctions/logVoiceChannelForceMov
 import { logVoiceChannelJoin } from "./logFunctions/logVoiceChannelJoin";
 import { logVoiceChannelLeave } from "./logFunctions/logVoiceChannelLeave";
 import { logVoiceChannelMove } from "./logFunctions/logVoiceChannelMove";
+import { asBoundedString } from "../../utils/iotsUtils";
 
 // The `any` cast here is to prevent TypeScript from locking up from the circular dependency
 function getCasesPlugin(): Promise<any> {
@@ -120,12 +121,12 @@ const defaultOptions: PluginOptions<LogsPluginType> = {
   config: {
     channels: {},
     format: {
-      timestamp: FORMAT_NO_TIMESTAMP, // Legacy/deprecated, use timestamp_format below instead
+      timestamp: asBoundedString(FORMAT_NO_TIMESTAMP), // Legacy/deprecated, use timestamp_format below instead
       ...DefaultLogMessages,
     },
     ping_user: true, // Legacy/deprecated, if below is false mentions wont actually ping. In case you really want the old behavior, set below to true
     allow_user_mentions: false,
-    timestamp_format: "[<t:]X[>]",
+    timestamp_format: asBoundedString("[<t:]X[>]"),
     include_embed_timestamp: true,
   },
 
diff --git a/backend/src/plugins/Logs/types.ts b/backend/src/plugins/Logs/types.ts
index 62008aab..759f680d 100644
--- a/backend/src/plugins/Logs/types.ts
+++ b/backend/src/plugins/Logs/types.ts
@@ -23,6 +23,7 @@ import {
   TemplateSafeUser,
 } from "../../utils/templateSafeObjects";
 import { TRegex } from "../../validatorUtils";
+import { tBoundedString } from "../../utils/iotsUtils";
 
 export const tLogFormats = t.record(t.string, t.union([t.string, tMessageContent]));
 export type TLogFormats = t.TypeOf<typeof tLogFormats>;
@@ -53,12 +54,12 @@ export const ConfigSchema = t.type({
   format: t.intersection([
     tLogFormats,
     t.type({
-      timestamp: t.string, // Legacy/deprecated
+      timestamp: tBoundedString(0, 64), // Legacy/deprecated
     }),
   ]),
   ping_user: t.boolean, // Legacy/deprecated, if below is false mentions wont actually ping
   allow_user_mentions: t.boolean,
-  timestamp_format: t.string,
+  timestamp_format: tBoundedString(0, 64),
   include_embed_timestamp: t.boolean,
 });
 export type TConfigSchema = t.TypeOf<typeof ConfigSchema>;
diff --git a/backend/src/utils/iotsUtils.ts b/backend/src/utils/iotsUtils.ts
new file mode 100644
index 00000000..a3636c84
--- /dev/null
+++ b/backend/src/utils/iotsUtils.ts
@@ -0,0 +1,17 @@
+import * as t from "io-ts";
+
+interface BoundedStringBrand {
+  readonly BoundedString: unique symbol;
+}
+
+export function asBoundedString(str: string) {
+  return str as t.Branded<string, BoundedStringBrand>;
+}
+
+export function tBoundedString(min: number, max: number) {
+  return t.brand(
+    t.string,
+    (str): str is t.Branded<string, BoundedStringBrand> => (str.length >= min && str.length <= max),
+    "BoundedString",
+  );
+}