teamhartex / hartex Goto Github PK

View Code? Open in Web Editor NEW

42.0 6.0 9.0 96.18 MB

Discord server management, reimagined.

License: GNU Affero General Public License v3.0

Rust 88.99% TypeScript 0.24% Vue 3.17% Fluent 5.94% Lua 0.43% Python 1.09% RenderScript 0.13%

discord-bot twilight-rs discord-rust discordbot rust rust-discord rust-lang twilight hartex hartex-bot

hartex's People

Contributors

Stargazers

Watchers

Forkers

mike1017 mod-tc htgazurex1212 penguin-number-123 kane50613 xzihnago madonuko teddyji christolis

hartex's Issues

Tracking Issue for RFC 4: Rework Buildsystem

Feature Name (A Unique Identifier)

buildsystem_rework

Starting Date

8 Feb 2023

Feature Implementation Pull Request

No response

Summary

This RFC proposes a rework of the current buildsystem in the Rust programming language rather than the current one written in Kotlin.

Motivation

The current Kotlin implementation still runs on the JVM which means there are some performance penalties and bottlenecks which negatively affects the developer experience as with time-sensitive work.

Guide-level Explanation

The buildsystem will be implemented in a way to minimize as much breaking changes as possible to be on par with the behaviour of the current Kotlin buildsystem.

The Kotlin scripting component of the current Kotlin buildsystem will be reworked completely so a breaking change for that cannot be avoided.

Reference-level Explanation

No response

Drawbacks

Adds unnecessary work, may take a longer time to stabilize the new buildsystem.

Rationale & Alternatives

Just stay with the current Kotlin buildsystem.

Unresolved Questions

None yet.

Future Possibilities

Having a Kotlin buildsystem opens the possibility for plugins as they are much easier to implement on a VM-based language rather than a compiled language. Probably a non-issue because extending the buildsystem for plugins is not currently a valid use case.

Tracking Issue for Pull Request #2

This is the tracking issue for Pull Request:

Command struct Declaration
Derive Command and implement the underlying methods
- Fully implement the levelling_system_rank_command function
Add the command to the command parser

Fix Required: this code does not run concurrently

https://github.com/HT-Studios/HarTex-rust-discord-bot/blob/89ecd32bb661d2381e567d5d1ae2c79e0081340e/src/main.rs#L555-L576

Reimagine Entity Macro

Generating the entities from the twilight-model crate itself would be more convenient than manually writing all the fields out.

This typically requires some form of "compile-time reflection".

Potential Memory Leak

A possible memory leak is detected. Currently attempting to troubleshoot the leak with the Rust MIR Interpreter.

Issue Encountered: rust-lang/miri#1719

Tracking Issue: Ticket System

This issue tracks the implementation of the ticketing system.

Items

hartex_backend_ratelimiter-0.1.0: 1 vulnerabilities (highest severity is: 4.7)

Vulnerable Library - hartex_backend_ratelimiter-0.1.0

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (hartex_backend_ratelimiter version)	Remediation Available
CVE-2023-26964	Medium	4.7	hyper-0.14.25.crate	Transitive	N/A*	❌

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2023-26964

Vulnerable Library - hyper-0.14.25.crate

A fast and correct HTTP library.

Library home page: https://crates.io/api/v1/crates/hyper/0.14.25/download

Dependency Hierarchy:

hartex_backend_ratelimiter-0.1.0 (Root Library)
- rocket-0.5.0-rc.3.crate
  - rocket_codegen-0.5.0-rc.3.crate
    - rocket_http-0.5.0-rc.3.crate
      - ❌ hyper-0.14.25.crate (Vulnerable Library)

Found in base branch: nightly

Vulnerability Details

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).

Publish Date: 2023-04-11

URL: CVE-2023-26964

CVSS 3 Score Details (4.7)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

Tracking Issue: Reorganize Interaction Commands

This is a tracking issue for implementing reorganization for interaction commands, specifically grouping information-related (except about) commands into a single info command with corresponding subcommands.

Tasks

This task list is not complete, and is subject to change.

Tracking Issue: Starboard

This issue tracks the implementation of starboard.

Items

Move Caching to Leader or Isolate Caching

Tracking Issue for RFC 1 - DSL Configuration

Tracking Issue: Support Fleet Configuration in `./x.py setup`

This is currently blocked by Fleet itself. Waiting on Fleet to release their 1.30.whatever version, which supposedly allows user to override the version of rust-analyzer used by Fleet to fix the procedural macro server invocations.

Hence, the milestone for this will be updated as time goes, until that specific version is released.

Steps:

Initial Implementation #1988
Add rust-analyzer.linkedProjects

Reimagine Localization

The current macro-based implementation is too messy.

Generating some bindings to the localization messages that can be accessed by invoking the underlying bundle would be more desirable.

Tracking Issue: Auto Moderation System

This issue tracks the implementation of the auto moderation system.

Items

Bug: Member Count Bug in Guildinfo

The numbers in the guildinfo command are currently flipped. Debugging required.

`clap` Command Option Parsing is Malfunctioning

Currently, the register command is blocked due to the fact that the inability to detect the <command> positional argument/keyword argument. Which makes it impossible to test whether the filesystem traversal for file search works.

Further investigation is to be carried out with respect to this issue:

Panic occurred in thread "main": called `Option::unwrap()` on a `None` value
        at alloc::boxed::impl$47::call(/rustc/4c83bd03a9d94af35c97a6b8b595d40e291af84a/library\alloc\src\boxed.rs:2002)
        at hartex_discord_commands_manager::commands::register::register_command::async_fn$0(D:\projects\github\TeamHarTex\HarTex\discord-frontend\hartex-discord-commands-manager\src\commands\register.rs:44)
        at hartex_discord_commands_manager::cmdline::handle::async_fn$0(D:\projects\github\TeamHarTex\HarTex\discord-frontend\hartex-discord-commands-manager\src\cmdline.rs:30)
        at hartex_discord_commands_manager::main::async_block$0(D:\projects\github\TeamHarTex\HarTex\discord-frontend\hartex-discord-commands-manager\src\main.rs:61)
        at tokio::runtime::park::impl$4::block_on::closure$0(C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.24.2\src\runtime\park.rs:283)
        at tokio::runtime::coop::with_budget(C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.24.2\src\runtime\coop.rs:102)
        at tokio::runtime::coop::budget(C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.24.2\src\runtime\coop.rs:68)
        at tokio::runtime::park::CachedParkThread::block_on<enum2$<hartex_discord_commands_manager::main::async_block_env$0> >(C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.24.2\src\runtime\park.rs:283)
        at tokio::runtime::context::BlockingRegionGuard::block_on(C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.24.2\src\runtime\context.rs:315)
        at tokio::runtime::scheduler::multi_thread::MultiThread::block_on<enum2$<hartex_discord_commands_manager::main::async_block_env$0> >(C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.24.2\src\runtime\scheduler\multi_thread\mod.rs:66)
        at tokio::runtime::runtime::Runtime::block_on(C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.24.2\src\runtime\runtime.rs:284)
        at hartex_discord_commands_manager::main(D:\projects\github\TeamHarTex\HarTex\discord-frontend\hartex-discord-commands-manager\src\main.rs:63)

Note: this is an internal error.
Help: please report this issue at https://github.com/TeamHarTex/HarTex/issues/new?assignees=&labels=Bot%3A+Bug%2CBot%3A+Internal+Error&template=internal-error.yml

Refractor: use gRPC instead of HTTP

Refractor the code again to use gRPC instead of raw HTTP for microservices.

RFC #2: Split Bot into Several Processes

Feature Name (A Unique Identifier)

process_split

Starting Date

28 January 2022

Feature Implementation Pull Request

No response

Summary

This RFC proposes to split the bot into separate REST, cache and gateway processes.

Motivation

This is to provide seamless updates for the bot as the REST, cache and gateway would then not be affected by a restart at all.

Guide-level Explanation

With this implemented, the bot may have seamless updates as only the bot binary needs to be recompiled and restarted - the REST, cache and gateway processes are intact, and incoming events are to be queued; resuming firing those events after the bot is up again.

Reference-level Explanation

This RFC comes with a major structural modification.

Processes will communicate with each other using HTTP Requests, with extra security built on top with authorization keys as well as process sandboxing (if possible).

Drawbacks

more complication to the code, but it is worth it for a more seamless user experience.

Rationale & Alternatives

None (for now).

Unresolved Questions

None (for now).

Future Possibilities

None (for now).

Tracking Issue: Bot Panic Message Sending

This issue is for the deployment of the fix such that there will be a background task updating the message channel in case the bot panics, the bot will then send that message to the specific channel.

Currently this only sends it to the default set channel as defined in the event handler.

[FEATURE REQUEST] Add a matrix bridge feature

Hi, I'd like to know if it is possible to implement a matrix bridge, to be able to transmit events from discord to element and vice versa.

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Repository problems

These problems occurred while renovating this repository. View logs.

WARN: Detected empty commit - aborting git push

Warning

These dependencies are deprecated:

Datasource	Name	Replacement PR?
bun	`@studio-freight/lenis`

Other Branches

These updates are pending. To force PRs open, click the checkbox below.

chore(deps): update rust crate postgres to v0.19.8
fix(deps): update rust crate postgres-types to v0.2.7
fix(deps): update rust crate tokio-postgres to v0.7.11

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

fix(deps): update rust crate serde to v1.0.207

Detected dependencies

bun

web-frontend/package.json

@hypernym/nuxt-gsap ^2.4.2

@iconify-json/carbon ^1.1.27

@nuxt/content ^2.12.1

@nuxt/image ^1.3.0

@studio-freight/lenis ^1.0.34

@types/node ^22.0.0

@unocss/nuxt ^0.62.0

@unocss/preset-icons ^0.62.0

@unocss/preset-web-fonts ^0.62.0

@unocss/transformer-directives ^0.62.0

@vueuse/core ^10.7.2

@vueuse/nuxt ^10.7.2

nuxt ^3.9.3

typescript ^5.3.3

unocss ^0.62.0

cargo

api-backend/hartex-backend-driver/Cargo.toml

axum 0.7.5

bb8-postgres 0.8.1

dotenvy 0.15.7

hyper 1.3.1

hyper-util 0.1.5

miette 7.2.0

serde 1.0.203

serde_json 1.0.117

tokio 1.38.0

tower 0.4.13

tower-http 0.5.2

tower-service 0.3.2

tracing 0.1.40

api-backend/hartex-backend-models/Cargo.toml

axum 0.7.5

serde 1.0.203

api-backend/hartex-backend-routes/Cargo.toml

axum 0.7.5

bb8-postgres 0.8.1

serde_json 1.0.117

time 0.3.36

database/hartex-database-migrate/Cargo.toml

barrel 0.7.0

dotenvy 0.15.7

miette 7.2.0

refinery 0.8.14

tokio 1.38.0

tokio-postgres 0.7.10

database/hartex-database-queries/Cargo.toml

cornucopia_async 0.6.0

tokio 1.38.0

futures 0.3.30

serde_json 1.0.117

time 0.3.36

tokio-postgres 0.7.10

postgres-types 0.2.6

cornucopia 0.9.0

dotenvy 0.15.7

postgres 0.19.7

discord-frontend/hartex-discord-cdn/Cargo.toml

discord-frontend/hartex-discord-commands-core/Cargo.toml

async-trait 0.1.80

miette 7.2.0

discord-frontend/hartex-discord-commands-macros/Cargo.toml

proc-macro2 1.0.84

quote 1.0.36

syn 2.0.66

discord-frontend/hartex-discord-commands-manager/Cargo.toml

clap 4.5.4

hyper 1.3.1

hyper-trust-dns 0.5.0

hyper-util 0.1.5

http-body-util 0.1.1

miette 7.2.0

minify 1.3.0

owo-colors 4.0.0

serde 1.0.203

serde_json 1.0.117

walkdir 2.5.0

discord-frontend/hartex-discord-commands/Cargo.toml

async-trait 0.1.80

fluent-bundle 0.15.3

futures 0.3.30

http-body-util 0.1.1

hyper 1.3.1

hyper-util 0.1.5

lazy_static 1.4.0

miette 7.2.0

rand 0.9.0-alpha.1

regex 1.10.4

serde_json 1.0.117

tokio-postgres 0.7.10

discord-frontend/hartex-discord-configuration-luart/Cargo.toml

mlua 0.9.8

expect-test 1.5.0

discord-frontend/hartex-discord-configuration-models/Cargo.toml

bitflags 2.6.0

itertools 0.13.0

mlua 0.9.8

serde 1.0.203

discord-frontend/hartex-discord-configuration-provider/Cargo.toml

miette 7.2.0

tokio-postgres 0.7.10

discord-frontend/hartex-discord-core/Cargo.toml

dotenvy 0.15.7

num_enum 0.7.2

num_enum_derive 0.7.2

tokio 1.38.0

discord-frontend/hartex-discord-entitycache-cacheupdaters/Cargo.toml

discord-frontend/hartex-discord-entitycache-core/Cargo.toml

bb8 0.8.3

tokio-postgres 0.7.10

discord-frontend/hartex-discord-entitycache-entities/Cargo.toml

tokio-postgres 0.7.10

discord-frontend/hartex-discord-entitycache-macros/Cargo.toml

convert_case 0.6.0

itertools 0.13.0

lazy_static 1.4.0

pluralizer 0.4.0

proc-macro2 1.0.84

quote 1.0.36

syn 2.0.66

convert_case 0.6.0

proc-macro2 1.0.84

quote 1.0.36

reqwest 0.12.4

syn 2.0.66

zip 2.1.1

discord-frontend/hartex-discord-entitycache-repositories/Cargo.toml

serde_scan 0.4.1

time 0.3.36

tokio-postgres 0.7.10

discord-frontend/hartex-discord-entitycache-service/Cargo.toml

futures-util 0.3.30

miette 7.2.0

rdkafka 0.36.2

serde_json 1.0.117

serde 1.0.203

serde_scan 0.4.1

tracing 0.1.40

discord-frontend/hartex-discord-leader/Cargo.toml

futures-util 0.3.30

miette 7.2.0

rdkafka 0.36.2

serde_json 1.0.117

serde_scan 0.4.1

once_cell 1.19.0

tracing 0.1.40

discord-frontend/hartex-discord-worker/Cargo.toml

chrono 0.4.38

futures-util 0.3.30

hyper 1.3.1

hyper-util 0.1.5

miette 7.2.0

once_cell 1.19.0

rdkafka 0.36.2

serde 1.0.203

serde_json 1.0.117

serde_scan 0.4.1

sha2 0.11.0-pre.3

strip-ansi-escapes 0.2.0

tokio-postgres 0.7.10

tracing 0.1.40

time 0.3.36

localization/hartex-localization-bindings/Cargo.toml

fluent-bundle 0.15.3

fluent-syntax 0.11.1

intl-memoizer 0.5.2

miette 7.2.0

proc-macro2 1.0.84

quote 1.0.36

syn 2.0.66

unic-langid 0.9.5

localization/hartex-localization-core/Cargo.toml

fluent-bundle 0.15.3

fluent-syntax 0.11.1

intl-memoizer 0.5.2

lazy_static 1.4.0

miette 7.2.0

unic-langid 0.9.5

localization/hartex-localization-loader/Cargo.toml

fluent-bundle 0.15.3

fluent-syntax 0.11.1

intl-memoizer 0.5.2

miette 7.2.0

unic-langid 0.9.5

walkdir 2.5.0

rust-utilities/hartex-bitflags-utils/Cargo.toml

bitflags 2.6.0

rust-utilities/hartex-discord-utils/Cargo.toml

async-once-cell 0.5.3

bb8-postgres 0.8.1

miette 7.2.0

once_cell 1.19.0

tokio-postgres 0.7.10

tokio-rustls 0.26.0

unic-langid 0.9.5

webpki-roots 0.26.1

rust-utilities/hartex-errors/Cargo.toml

miette 7.2.0

thiserror 1.0.61

rust-utilities/hartex-kafka-utils/Cargo.toml

rdkafka 0.36.2

rust-utilities/hartex-log/Cargo.toml

log 0.4.21

rust-utilities/hartex-macro-utils/Cargo.toml

quote 1.0.36

syn 2.0.66

tools/bootstrap/Cargo.toml

clap 4.5.4

fd-lock 4.0.2

serde 1.0.203

toml 0.8.13

tools/testsuite/Cargo.toml

clap 4.5.4

console 0.15.8

path-slash 0.2.1

similar 2.5.0

walkdir 2.5.0

docker-compose

docker/docker-compose.yml

github-actions

.github/workflows/lints.yml

actions/checkout v4

dtolnay/rust-toolchain v1

actions/setup-python v5

actions/checkout v4

.github/workflows/tests.yml

actions/checkout v4

dtolnay/rust-toolchain v1

actions/setup-python v5

actions/checkout v4

dtolnay/rust-toolchain v1

actions/setup-python v5

Check this box to trigger a request for Renovate to run again on this repository

Tracking Issue: Moderation Logging

This issue tracks the implementation of moderation logging.

Items

Panic when Launching Bot

Bot Version

0.0.0 (latest main)

Description

Attempting to start the bot results in a panic.

Steps to Reproduce

Run the gateway process.
See the panic.

Error/Stack Backtrace

thread 'main' panicked at 'called `Option::unwrap()` on a `None` value', C:\Users\USER\.cargo\git\checkouts\twilight-20a3f67ed033cc0f\22290ad\twilight-gateway\src\shard.rs:761:18
stack backtrace:
   0:     0x7ff63c9361a2 - std::sys_common::backtrace::_print_fmt
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\std\src\sys_common\backtrace.rs:66
   1:     0x7ff63c9361a2 - std::sys_common::backtrace::_print::impl$0::fmt
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\std\src\sys_common\backtrace.rs:45
   2:     0x7ff63c94e72b - core::fmt::write
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\core\src\fmt\mod.rs:1209
   3:     0x7ff63c92fdda - std::io::Write::write_fmt<std::sys::windows::stdio::Stderr>
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\std\src\io\mod.rs:1679
   4:     0x7ff63c9388c4 - std::sys_common::backtrace::_print
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\std\src\sys_common\backtrace.rs:48
   5:     0x7ff63c9388c4 - std::sys_common::backtrace::print
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\std\src\sys_common\backtrace.rs:35
   6:     0x7ff63c9388c4 - std::panicking::default_hook::closure$1
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\std\src\panicking.rs:267
   7:     0x7ff63c9384fa - std::panicking::default_hook
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\std\src\panicking.rs:286
   8:     0x7ff63c9390bc - std::panicking::rust_panic_with_hook
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\std\src\panicking.rs:669
   9:     0x7ff63c938f7a - std::panicking::begin_panic_handler::closure$0
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\std\src\panicking.rs:558
  10:     0x7ff63c936bcf - std::sys_common::backtrace::__rust_end_short_backtrace<std::panicking::begin_panic_handler::closure_env$0,never$>
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\std\src\sys_common\backtrace.rs:138
  11:     0x7ff63c938c80 - std::panicking::begin_panic_handler
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\std\src\panicking.rs:556
  12:     0x7ff63c97bf15 - core::panicking::panic_fmt
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\core\src\panicking.rs:142
  13:     0x7ff63c97bdbc - core::panicking::panic
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\core\src\panicking.rs:48
  14:     0x7ff63c65478b - enum2$<core::option::Option<u64> >::unwrap
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523\library\core\src\option.rs:775
  15:     0x7ff63c65478b - twilight_gateway::shard::impl$2::heartbeat::async_fn$0
                               at C:\Users\USER\.cargo\git\checkouts\twilight-20a3f67ed033cc0f\22290ad\twilight-gateway\src\shard.rs:759
  16:     0x7ff63c65478b - core::future::from_generator::impl$1::poll<enum2$<twilight_gateway::shard::impl$2::heartbeat::async_fn_env$0> >
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523\library\core\src\future\mod.rs:91
  17:     0x7ff63c6516c9 - core::future::from_generator::impl$1::poll<enum2$<twilight_gateway::shard::impl$2::next_message::async_fn_env$0> >
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523\library\core\src\future\mod.rs:91
  18:     0x7ff63c64e35c - core::future::from_generator::impl$1::poll<enum2$<twilight_gateway::shard::impl$2::next_event::async_fn_env$0> >
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523\library\core\src\future\mod.rs:91
  19:     0x7ff63c64fd0c - twilight_gateway::stream::impl$8::drop::async_block$0
                               at C:\Users\USER\.cargo\git\checkouts\twilight-20a3f67ed033cc0f\22290ad\twilight-gateway\src\stream.rs:321
  20:     0x7ff63c64fd0c - core::future::from_generator::impl$1::poll<enum2$<twilight_gateway::stream::impl$8::drop::async_block_env$0> >
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523\library\core\src\future\mod.rs:91
  21:     0x7ff63c682505 - futures_util::stream::futures_unordered::impl$7::poll_next
                               at C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\futures-util-0.3.24\src\stream\futures_unordered\mod.rs:514
  22:     0x7ff63c682505 - futures_util::stream::stream::StreamExt::poll_next_unpin<futures_util::stream::futures_unordered::FuturesUnordered<core::pin::Pin<alloc::boxed::Box<dyn$<core::future::future::Future<assoc$<Output,twilight_gateway::stream::NextItemOutput<enum2$<twilight_mo
                               at C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\futures-util-0.3.24\src\stream\stream\mod.rs:1626
  23:     0x7ff63c6160e9 - twilight_gateway::stream::impl$3::poll_next
                               at C:\Users\USER\.cargo\git\checkouts\twilight-20a3f67ed033cc0f\22290ad\twilight-gateway\src\stream.rs:170
  24:     0x7ff63c470d9f - futures_util::stream::stream::StreamExt::poll_next_unpin
                               at C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\futures-util-0.3.24\src\stream\stream\mod.rs:1626
  25:     0x7ff63c470d9f - futures_util::stream::stream::next::impl$3::poll
                               at C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\futures-util-0.3.24\src\stream\stream\next.rs:32
  26:     0x7ff63c470d9f - hartex_gateway::inbound::handle_inbound::async_fn$0
                               at D:\projects\github\HarTexTeam\HarTex-rust-discord-bot\discord-frontend\hartex-gateway\src\inbound.rs:31
  27:     0x7ff63c470d9f - core::future::from_generator::impl$1::poll
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523\library\core\src\future\mod.rs:91
  28:     0x7ff63c470d9f - hartex_gateway::main::async_block$0::async_block$0
                               at D:\projects\github\HarTexTeam\HarTex-rust-discord-bot\discord-frontend\hartex-gateway\src\main.rs:127
  29:     0x7ff63c470d9f - core::future::from_generator::impl$1::poll<enum2$<hartex_gateway::main::async_block$0::async_block_env$0> >
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523\library\core\src\future\mod.rs:91
  30:     0x7ff63c481509 - tokio::runtime::task::core::impl$3::poll::closure$0
                               at C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.21.2\src\runtime\task\core.rs:184
  31:     0x7ff63c481509 - tokio::loom::std::unsafe_cell::UnsafeCell<enum2$<tokio::runtime::task::core::Stage<core::future::from_generator::GenFuture<enum2$<hartex_gateway::main::async_block$0::async_block_env$0> > > > >::with_mut
                               at C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.21.2\src\loom\std\unsafe_cell.rs:14
  32:     0x7ff63c481509 - tokio::runtime::task::core::CoreStage<core::future::from_generator::GenFuture<enum2$<hartex_gateway::main::async_block$0::async_block_env$0> > >::poll
                               at C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.21.2\src\runtime\task\core.rs:174
  33:     0x7ff63c481509 - tokio::runtime::task::harness::poll_future::closure$0
                               at C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.21.2\src\runtime\task\harness.rs:480
  34:     0x7ff63c481509 - core::panic::unwind_safe::impl$23::call_once
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523\library\core\src\panic\unwind_safe.rs:271
  35:     0x7ff63c481509 - std::panicking::try::do_call
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523\library\std\src\panicking.rs:464
  36:     0x7ff63c481509 - std::panicking::try<enum2$<core::task::poll::Poll<tuple$<> > >,core::panic::unwind_safe::AssertUnwindSafe<tokio::runtime::task::harness::poll_future::closure_env$0<core::future::from_generator::GenFuture<enum2$<hartex_gateway::main::async_block$0::async_b
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523\library\std\src\panicking.rs:428
  37:     0x7ff63c42d238 - std::panic::catch_unwind
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523\library\std\src\panic.rs:137
  38:     0x7ff63c42d238 - tokio::runtime::task::harness::poll_future
                               at C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.21.2\src\runtime\task\harness.rs:468
  39:     0x7ff63c42d238 - tokio::runtime::task::harness::Harness<core::future::from_generator::GenFuture<enum2$<hartex_gateway::main::async_block$0::async_block_env$0> >,alloc::sync::Arc<tokio::task::local::Shared> >::poll_inner
                               at C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.21.2\src\runtime\task\harness.rs:104
  40:     0x7ff63c42d238 - tokio::runtime::task::harness::Harness<core::future::from_generator::GenFuture<enum2$<hartex_gateway::main::async_block$0::async_block_env$0> >,alloc::sync::Arc<tokio::task::local::Shared> >::poll<core::future::from_generator::GenFuture<enum2$<hartex_gate
                               at C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.21.2\src\runtime\task\harness.rs:57
  41:     0x7ff63c910898 - std::thread::local::LocalKey<core::cell::Cell<tokio::coop::Budget> >::try_with
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523\library\std\src\thread\local.rs:446
  42:     0x7ff63c910898 - std::thread::local::LocalKey<core::cell::Cell<tokio::coop::Budget> >::with<core::cell::Cell<tokio::coop::Budget>,tokio::coop::with_budget::closure_env$0<tuple$<>,tokio::task::local::impl$2::tick::closure_env$0>,tuple$<> >
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523\library\std\src\thread\local.rs:422
  43:     0x7ff63c8fd945 - tokio::task::local::LocalSet::tick
                               at C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.21.2\src\task\local.rs:578
  44:     0x7ff63c91077d - std::thread::local::LocalKey<core::cell::Cell<enum2$<core::option::Option<alloc::rc::Rc<tokio::task::local::Context> > > > >::try_with
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523\library\std\src\thread\local.rs:446
  45:     0x7ff63c91077d - std::thread::local::LocalKey<core::cell::Cell<enum2$<core::option::Option<alloc::rc::Rc<tokio::task::local::Context> > > > >::with<core::cell::Cell<enum2$<core::option::Option<alloc::rc::Rc<tokio::task::local::Context> > > >,tokio::task::local::impl$2::wi
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523\library\std\src\thread\local.rs:422
  46:     0x7ff63c8fda4f - tokio::task::local::impl$4::poll
                               at C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.21.2\src\task\local.rs:753
  47:     0x7ff63c4635c4 - futures_util::future::future::fuse::impl$3::poll
                               at C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\futures-util-0.3.24\src\future\future\fuse.rs:86
  48:     0x7ff63c4635c4 - core::future::future::impl$1::poll
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523\library\core\src\future\future.rs:124
  49:     0x7ff63c4635c4 - futures_util::future::future::FutureExt::poll_unpin
                               at C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\futures-util-0.3.24\src\future\future\mod.rs:562
  50:     0x7ff63c4635c4 - hartex_gateway::main::async_block$0::closure$1::closure$0
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523\library\core\src\ops\function.rs:251
  51:     0x7ff63c4797bd - core::ops::function::impls::impl$3::call_mut
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523\library\core\src\ops\function.rs:297
  52:     0x7ff63c4797bd - hartex_gateway::main::async_block$0::closure$1
                               at C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\futures-util-0.3.24\src\async_await\select_mod.rs:321
  53:     0x7ff63c4797bd - futures_util::future::poll_fn::impl$2::poll
                               at C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\futures-util-0.3.24\src\future\poll_fn.rs:56
  54:     0x7ff63c4797bd - hartex_gateway::main::async_block$0
                               at D:\projects\github\HarTexTeam\HarTex-rust-discord-bot\discord-frontend\hartex-gateway\src\main.rs:132
  55:     0x7ff63c440e7f - tokio::park::thread::CachedParkThread::block_on<core::future::from_generator::GenFuture<enum2$<hartex_gateway::main::async_block_env$0> > >
                               at C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.21.2\src\park\thread.rs:267
  56:     0x7ff63c4413a7 - tokio::runtime::enter::Enter::block_on
                               at C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.21.2\src\runtime\enter.rs:152
  57:     0x7ff63c4413a7 - tokio::runtime::scheduler::multi_thread::MultiThread::block_on
                               at C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.21.2\src\runtime\scheduler\multi_thread\mod.rs:79
  58:     0x7ff63c4413a7 - tokio::runtime::Runtime::block_on<core::future::from_generator::GenFuture<enum2$<hartex_gateway::main::async_block_env$0> > >
                               at C:\Users\USER\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.21.2\src\runtime\mod.rs:492
  59:     0x7ff63c43d0f4 - hartex_gateway::main
                               at D:\projects\github\HarTexTeam\HarTex-rust-discord-bot\discord-frontend\hartex-gateway\src\main.rs:139
  60:     0x7ff63c48d4c6 - core::ops::function::FnOnce::call_once
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523\library\core\src\ops\function.rs:251
  61:     0x7ff63c48d4c6 - std::sys_common::backtrace::__rust_begin_short_backtrace<enum2$<core::result::Result<tuple$<>,eyre::Report> > (*)(),enum2$<core::result::Result<tuple$<>,eyre::Report> > >
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523\library\std\src\sys_common\backtrace.rs:122
  62:     0x7ff63c48d4dc - std::rt::lang_start::closure$0<enum2$<core::result::Result<tuple$<>,eyre::Report> > >
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523\library\std\src\rt.rs:166
  63:     0x7ff63c92a95e - core::ops::function::impls::impl$2::call_once
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\core\src\ops\function.rs:286
  64:     0x7ff63c92a95e - std::panicking::try::do_call
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\std\src\panicking.rs:464
  65:     0x7ff63c92a95e - std::panicking::try
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\std\src\panicking.rs:428
  66:     0x7ff63c92a95e - std::panic::catch_unwind
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\std\src\panic.rs:137
  67:     0x7ff63c92a95e - std::rt::lang_start_internal::closure$2
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\std\src\rt.rs:148
  68:     0x7ff63c92a95e - std::panicking::try::do_call
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\std\src\panicking.rs:464
  69:     0x7ff63c92a95e - std::panicking::try
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\std\src\panicking.rs:428
  70:     0x7ff63c92a95e - std::panic::catch_unwind
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\std\src\panic.rs:137
  71:     0x7ff63c92a95e - std::rt::lang_start_internal
                               at /rustc/9c56d9d6fec6262bbb1549cfe466a812ae2c6523/library\std\src\rt.rs:148
  72:     0x7ff63c43d27c - main
  73:     0x7ff63c96b40c - invoke_main
                               at D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:78
  74:     0x7ff63c96b40c - __scrt_common_main_seh
                               at D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
  75:     0x7ffabf72244d - BaseThreadInitThunk
  76:     0x7ffabff6df78 - RtlUserThreadStart

Extra Information

No response

model-0.1.0.crate: 1 vulnerabilities (highest severity is: 8.1)

Vulnerable Library - model-0.1.0.crate

model-based testing for data structures, with linearizability checking

Library home page: https://crates.io/api/v1/crates/model/0.1.0/download

Found in HEAD commit: d6647fd8e593c1cb3202b793fde8ea61860b3c87

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (model version)	Remediation Available
CVE-2020-36460	High	8.1	model-0.1.0.crate	Direct	N/A	❌

Details

CVE-2020-36460

Vulnerable Library - model-0.1.0.crate

model-based testing for data structures, with linearizability checking

Library home page: https://crates.io/api/v1/crates/model/0.1.0/download

Dependency Hierarchy:

❌ model-0.1.0.crate (Vulnerable Library)

Found in HEAD commit: d6647fd8e593c1cb3202b793fde8ea61860b3c87

Found in base branch: nightly

Vulnerability Details

An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type.

Publish Date: 2021-08-08

URL: CVE-2020-36460

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

RFC #3: Rework Ratelimiting

Feature Name (A Unique Identifier)

rework_ratelimiting

Starting Date

2 August 2022

Feature Implementation Pull Request

No response

Summary

This RFC proposes a rework for the ratelimiting algorithm for the rest proxy.

Motivation

The current implementation is based on a single-lock queue for requests, which such an implementation hinders increasing the throughput of sending requests on a concurrent basis.

Guide-level Explanation

The implementation of this RFC enables requests to be sent concurrently.

Reference-level Explanation

No response

Drawbacks

None (for now).

Rationale & Alternatives

Prior Art

discord.py implementation: https://github.com/Rapptz/discord.py/blob/master/discord/http.py#L322-L474

Unresolved Questions

None (for now).

Future Possibilities

None (for now).

unlocalized specification

Incorrect `HomePage` Layout

For whatever reason, the home page currently has it's header and footer elements duplicated, as well as the head meta-attributes:

Currently investigating the cause.

parse_duration bugs

Hello!
There seem to be some bugs in your parse_duration-function. I hope it is fine if I quickly list them here, instead of opening a pull-request:

Parsing durations including the digit '9' will fail [1], due to the range being non-inclusive. One might use ..=
Seconds are parsed as minutes, due to the *60-multiplication [2]
This function is used with user-input, so it will crash on a typo [3]. Would returning a Result be more applicable here?

[1] https://github.com/HT-Studios/HarTex-rust-discord-bot/blob/infdev/src/utilities/duration/mod.rs#L29
[2] https://github.com/HT-Studios/HarTex-rust-discord-bot/blob/infdev/src/utilities/duration/mod.rs#L46
[3] https://github.com/HT-Studios/HarTex-rust-discord-bot/blob/infdev/src/utilities/duration/mod.rs#L49

Cheers!

XML Deserialization Issue

Currently the XML Deserialization doesn't work for the CensorshipPlugin.

This needs to be fixed before continuing the development of the censorship plugin.

Related Issue: tafia/quick-xml#277

Tracking Issue: Complete Codebase Revamp (Part 1)

The current codebase has everything in 1 crate which makes things very messy. This tracking issue is for tracking progress into revamping the entire codebase for the 1.21.0 version of the bot.

Tracking Issue for Coloured Output in Buildsystem

Currently, coloured output from cargo is discarded by the buildsystem when printing its output. This should be fixed so that the colours are displayed normally as if a user is running cargo directly.

hartex_rdkafka_utils-0.1.0: 3 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - hartex_rdkafka_utils-0.1.0

Found in HEAD commit: 832f2d57aec599d0998c7f2833f47f59b2327d92

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (hartex_rdkafka_utils version)	Remediation Available
CVE-2022-37434	High	9.8	libz-sys-1.1.8.crate	Transitive	N/A*	❌
CVE-2018-25032	High	7.5	libz-sys-1.1.8.crate	Transitive	N/A*	❌
WS-2020-0368	Medium	6.5	libz-sys-1.1.8.crate	Transitive	N/A*	❌

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2022-37434

Vulnerable Library - libz-sys-1.1.8.crate

Low-level bindings to the system libz library (also known as zlib).

Library home page: https://crates.io/api/v1/crates/libz-sys/1.1.8/download

Dependency Hierarchy:

hartex_rdkafka_utils-0.1.0 (Root Library)
- rdkafka-0.29.0.crate
  - rdkafka-sys-4.3.0+1.9.2.crate
    - ❌ libz-sys-1.1.8.crate (Vulnerable Library)

Found in HEAD commit: 832f2d57aec599d0998c7f2833f47f59b2327d92

Found in base branch: nightly

Vulnerability Details

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Publish Date: 2022-08-05

URL: CVE-2022-37434

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

CVE-2018-25032

Vulnerable Library - libz-sys-1.1.8.crate

Low-level bindings to the system libz library (also known as zlib).

Library home page: https://crates.io/api/v1/crates/libz-sys/1.1.8/download

Dependency Hierarchy:

hartex_rdkafka_utils-0.1.0 (Root Library)
- rdkafka-0.29.0.crate
  - rdkafka-sys-4.3.0+1.9.2.crate
    - ❌ libz-sys-1.1.8.crate (Vulnerable Library)

Found in HEAD commit: 832f2d57aec599d0998c7f2833f47f59b2327d92

Found in base branch: nightly

Vulnerability Details

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Publish Date: 2022-03-25

URL: CVE-2018-25032

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-25032

Release Date: 2022-03-25

Fix Resolution: libstd-rs - 1.57.0;bioconductor-netreg - 1.13.1;tcl - 8.6.11;sudo - 1.8.32;bjam-native - 1.74.0;ccache - 4.1,3.3.4;libgit2 - 1.3.0;cmake - 3.19.5,3.7.2,3.7.0,3.22.0,3.17.3;slamdunk - 0.4.0;rsync - 3.2.1;cmake-native - 3.15.5,3.18.4,3.17.3,3.22.0,3.7.0;mentalist - 0.2.3;ghostscript - 9.55.0

Step up your Open Source Security Game with Mend here

WS-2020-0368

Vulnerable Library - libz-sys-1.1.8.crate

Low-level bindings to the system libz library (also known as zlib).

Library home page: https://crates.io/api/v1/crates/libz-sys/1.1.8/download

Dependency Hierarchy:

hartex_rdkafka_utils-0.1.0 (Root Library)
- rdkafka-0.29.0.crate
  - rdkafka-sys-4.3.0+1.9.2.crate
    - ❌ libz-sys-1.1.8.crate (Vulnerable Library)

Found in HEAD commit: 832f2d57aec599d0998c7f2833f47f59b2327d92

Found in base branch: nightly

Vulnerability Details

Zlib in versions v0.8 to v1.2.11 is vulnerable to use-of-uninitialized-value in inflate.
There are a couple of places in inflate() where UPDATE is called with state->check as its first parameter, without a guarantee that this value has been initialized (state comes from a ZALLOC in inflateInit). This causes use of uninitialized check value.

Publish Date: 2020-02-22

URL: WS-2020-0368

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/WS-2020-0368

Release Date: 2020-02-22

Fix Resolution: cmake-native - 3.15.5;binutils-cross-testsuite - 2.35;libstd-rs - 1.57.0;gdb - 11.1,9.2;tcl - 8.6.11;sudo - 1.8.32;binutils - 2.35,2.28;ccache - 3.3.3,4.1;libgit2 - 1.3.0;cmake - 3.19.5,3.7.0,3.7.2,3.22.0,3.17.3;cmake-native - 3.17.3,3.7.0,3.22.0,3.18.4;ghostscript - 9.55.0

Step up your Open Source Security Game with Mend here

hartex_bors_database-0.1.0: 1 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - hartex_bors_database-0.1.0

Found in HEAD commit: 5f35a338360fea458dfbec9f4562355c05a7f1f0

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (hartex_bors_database version)	Remediation Available
CVE-2022-35737	High	7.5	libsqlite3-sys-0.24.2.crate	Transitive	N/A*	❌

Details

CVE-2022-35737

Vulnerable Library - libsqlite3-sys-0.24.2.crate

Native bindings to the libsqlite3 library

Library home page: https://crates.io/api/v1/crates/libsqlite3-sys/0.24.2/download

Dependency Hierarchy:

hartex_bors_database-0.1.0 (Root Library)
- sqlx-0.6.3.crate
  - sqlx-core-0.6.3.crate
    - ❌ libsqlite3-sys-0.24.2.crate (Vulnerable Library)

Found in HEAD commit: 5f35a338360fea458dfbec9f4562355c05a7f1f0

Found in base branch: nightly

Vulnerability Details

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

Publish Date: 2022-08-03

URL: CVE-2022-35737

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://security-tracker.debian.org/tracker/CVE-2022-35737

Release Date: 2022-08-03

Fix Resolution: version-3.39.2

Step up your Open Source Security Game with Mend here

Code Cleanup for Command Handling

The current handle_command function is purely a giant match expression and is quite messy and unreadable.

The use of macros is proposed. The syntax should look like this:

handle_command!(<CommandStructureName>);

Or something similar to that.

The declaration of the macro is planned to be:

pub macro handle_command {

}

With the use of the decl_macro nightly-only feature.

Tracking Issue: Infraction System

This issue tracks the implementation of the infraction system.

Items

Cannot go back to the previous page if it's in the DocumentPage.

Reason

Most likely it's because of redirect. Not a groundbreaking bug, but it's annoying.

RFC #1: `userinfo_string_id`

Feature Name (A Unique Identifier)

userinfo_string_id

Starting Date

19 November 2021

Feature Implementation Pull Request

Summary

This RFC proposes to change the option type of the user option in the userinfo command from CommandOption::Mentionable(..) to CommandOption::String(..).

Motivation

Currently the user option only supports mentionable entities, and specifically, users. This typically hinders the use case when someone would like to check the information of a user with its Discord User ID. This RFC is to facilitate this use case.

Guide-level Explanation

With this change, the user option can now accept raw user IDs.

Reference-level Explanation

This change typically changes the type of the user option from CommandOption::Mentionable(..), which limits to mentions, to CommandOption::String(..), where anything can be accepted. Manual parsing shall be implemented to handle both cases, for when the option is a mention (<@0000000000000000>), parse it as a mention; and when it is a raw ID (0000000000000000), parse it as a raw ID.

Drawbacks

None yet.

Rationale & Alternatives

Rationale

As expressed in the Motivation section.

Alternatives

do not handle the case of raw user IDs at all.
separate command to handle the use case.

Unresolved Questions

None yet.

Future Possibilities

None yet.

react-1.1.4.tgz: 1 vulnerabilities (highest severity is: 7.1)

Vulnerable Library - react-1.1.4.tgz

Found in HEAD commit: c5c3eb8522b87105e1771e70e7959f1a0887faa2

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (react version)	Remediation Available
CVE-2022-46175	High	7.1	json5-2.2.1.tgz	Transitive	N/A*	❌

Details

CVE-2022-46175

Vulnerable Library - json5-2.2.1.tgz

JSON for humans.

Library home page: https://registry.npmjs.org/json5/-/json5-2.2.1.tgz

Dependency Hierarchy:

react-1.1.4.tgz (Root Library)
- core-7.19.3.tgz
  - ❌ json5-2.2.1.tgz (Vulnerable Library)

Found in HEAD commit: c5c3eb8522b87105e1771e70e7959f1a0887faa2

Found in base branch: nightly

Vulnerability Details

JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The parse method of the JSON5 library before and including version 2.2.1 does not restrict parsing of keys named __proto__, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by JSON5.parse and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. JSON5.parse should restrict parsing of __proto__ keys when parsing JSON strings to objects. As a point of reference, the JSON.parse method included in JavaScript ignores __proto__ keys. Simply changing JSON5.parse to JSON.parse in the examples above mitigates this vulnerability. This vulnerability is patched in json5 version 2.2.2 and later.

Publish Date: 2022-12-24

URL: CVE-2022-46175

CVSS 3 Score Details (7.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2022-46175

Release Date: 2022-12-24

Fix Resolution: json5 - 2.2.2

Step up your Open Source Security Game with Mend here

Unexpected Internal Bot Error when Executing `about` command

Bot Version

1.26.0-nightly (e2492de 2021-12-25)

Description

Running the about command is enough to cause an IBE (only visible in local terminal, however).

Steps to Reproduce

Execute any bot command.
IBE appears in the console (after making the interaction reponse).

Error/Stack Backtrace

2021-12-25T08:52:02.973609Z ERROR panic handler: hartex_driver: unexpected panic occurred, invoking panic handler...
2021-12-25T08:52:02.974121Z ERROR panic handler: hartex_driver: error: internal bot error: unexpected panic
2021-12-25T08:52:02.974534Z ERROR panic handler: hartex_driver: note: the bot unexpectedly panicked. this is a bug.
2021-12-25T08:52:02.9748513Z ERROR panic handler: hartex_driver: note: we would appreciate a bug report: https://github.com/HarTexTeam/HarTex-rust-discord-bot/issues/new?assignees=&labels=Bot%3A+Bug%2CBot%3A+IBE&template=internal-bot-error.yml
thread 'hartex' panicked at 'Duration too far into the future: TryFromIntError(())', C:\Users\harry\.cargo\registry\src\github.com-1ecc6299db9ec823\tokio-1.15.0\src\time\driver\mod.rs:132:23
stack backtrace:
   0:     0x7ff7d137d20f - std::backtrace_rs::backtrace::dbghelp::trace
                               at /rustc/c09a9529c51cde41c1101e56049d418edb07bf71\/library\std\src\..\..\backtrace\src\backtrace\dbghelp.rs:98
   1:     0x7ff7d137d20f - std::backtrace_rs::backtrace::trace_unsynchronized
                               at /rustc/c09a9529c51cde41c1101e56049d418edb07bf71\/library\std\src\..\..\backtrace\src\backtrace\mod.rs:66
   2:     0x7ff7d137d20f - std::sys_common::backtrace::_print_fmt
                               at /rustc/c09a9529c51cde41c1101e56049d418edb07bf71\/library\std\src\sys_common\backtrace.rs:67
   3:     0x7ff7d137d20f - std::sys_common::backtrace::_print::impl$0::fmt
                               at /rustc/c09a9529c51cde41c1101e56049d418edb07bf71\/library\std\src\sys_common\backtrace.rs:46
   4:     0x7ff7d139744a - core::fmt::write
                               at /rustc/c09a9529c51cde41c1101e56049d418edb07bf71\/library\core\src\fmt\mod.rs:1149
   5:     0x7ff7d1375bc8 - std::io::Write::write_fmt<std::sys::windows::stdio::Stderr>
                               at /rustc/c09a9529c51cde41c1101e56049d418edb07bf71\/library\std\src\io\mod.rs:1660
   6:     0x7ff7d137fdf6 - std::sys_common::backtrace::_print
                               at /rustc/c09a9529c51cde41c1101e56049d418edb07bf71\/library\std\src\sys_common\backtrace.rs:49
   7:     0x7ff7d137fdf6 - std::sys_common::backtrace::print
                               at /rustc/c09a9529c51cde41c1101e56049d418edb07bf71\/library\std\src\sys_common\backtrace.rs:36
   8:     0x7ff7d137fdf6 - std::panicking::default_hook::closure$1
                               at /rustc/c09a9529c51cde41c1101e56049d418edb07bf71\/library\std\src\panicking.rs:211
   9:     0x7ff7d137f8d9 - std::panicking::default_hook
                               at /rustc/c09a9529c51cde41c1101e56049d418edb07bf71\/library\std\src\panicking.rs:228
  10:     0x7ff7d0e6b582 - hartex_driver::pre_startup::pre_startup::h0d6a974b6dc492e3
  11:     0x7ff7d13804e9 - std::panicking::rust_panic_with_hook
                               at /rustc/c09a9529c51cde41c1101e56049d418edb07bf71\/library\std\src\panicking.rs:610
  12:     0x7ff7d138026b - std::panicking::begin_panic_handler::closure$0
                               at /rustc/c09a9529c51cde41c1101e56049d418edb07bf71\/library\std\src\panicking.rs:502
  13:     0x7ff7d137db37 - std::sys_common::backtrace::__rust_end_short_backtrace<std::panicking::begin_panic_handler::closure$0,never$>
                               at /rustc/c09a9529c51cde41c1101e56049d418edb07bf71\/library\std\src\sys_common\backtrace.rs:139
  14:     0x7ff7d137ff99 - std::panicking::begin_panic_handler
                               at /rustc/c09a9529c51cde41c1101e56049d418edb07bf71\/library\std\src\panicking.rs:498
  15:     0x7ff7d13b8d90 - core::panicking::panic_fmt
                               at /rustc/c09a9529c51cde41c1101e56049d418edb07bf71\/library\core\src\panicking.rs:107
  16:     0x7ff7d13b8ea3 - core::result::unwrap_failed
                               at /rustc/c09a9529c51cde41c1101e56049d418edb07bf71\/library\core\src\result.rs:1661
  17:     0x7ff7d133c3e2 - tokio::time::driver::ClockTime::instant_to_tick::hb09fc61af4f5ae7e
  18:     0x7ff7d13255f2 - tokio::time::driver::entry::TimerEntry::reset::h980cbb0a6a2b97d6
  19:     0x7ff7d13258be - tokio::time::driver::entry::TimerEntry::poll_elapsed::h1c937c14242e2710
  20:     0x7ff7d13402fa - <tokio::time::driver::sleep::Sleep as core::future::future::Future>::poll::h94dbecead22191dd
  21:     0x7ff7d1276921 - <tokio::time::timeout::Timeout<T> as core::future::future::Future>::poll::hfed0b72676b119b3
  22:     0x7ff7d127cf23 - <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll::h69c4e9f92bde682c
  23:     0x7ff7d127d704 - <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll::hf8ba951c0be352ba
  24:     0x7ff7d127c682 - <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll::h3f2a734b680a7dd6
  25:     0x7ff7d127e3ea - tokio::runtime::task::core::CoreStage<T>::poll::hfd8abba14a71190d
  26:     0x7ff7d1275b84 - <core::panic::unwind_safe::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once::hfab6fec72e8f0dcf
  27:     0x7ff7d127f470 - std::panicking::try::h6ce3b95beeb909de
  28:     0x7ff7d127f379 - tokio::runtime::task::harness::poll_future::h8999752409be1045
  29:     0x7ff7d127ea68 - tokio::runtime::task::harness::Harness<T,S>::poll_inner::hf7a2919a07266b0e
  30:     0x7ff7d127e882 - tokio::runtime::task::harness::Harness<T,S>::poll::h01590a56374291f3
  31:     0x7ff7d132ccf0 - std::thread::local::LocalKey<T>::with::hf145840727bd0dbb
  32:     0x7ff7d1331d53 - tokio::runtime::thread_pool::worker::Context::run::h76cf10d010c42a82
  33:     0x7ff7d13314ef - tokio::runtime::thread_pool::worker::Context::run::h76cf10d010c42a82
  34:     0x7ff7d1329a17 - tokio::macros::scoped_tls::ScopedKey<T>::set::h0a2edf51c33d187a
  35:     0x7ff7d133130f - tokio::runtime::thread_pool::worker::run::hb34f282aeff08b7b
  36:     0x7ff7d133c295 - <tokio::runtime::blocking::task::BlockingTask<T> as core::future::future::Future>::poll::h955239ac3604b766
  37:     0x7ff7d132da44 - tokio::runtime::task::core::CoreStage<T>::poll::h1691e27151592b8a
  38:     0x7ff7d132abd9 - <core::panic::unwind_safe::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once::he91893e612a75b7d
  39:     0x7ff7d132b33d - std::panicking::try::h5653e34b5c490fa3
  40:     0x7ff7d1338f22 - tokio::runtime::task::harness::poll_future::habe7f4d6be185394
  41:     0x7ff7d133815d - tokio::runtime::task::harness::Harness<T,S>::poll_inner::hf6063241bdd2fc26
  42:     0x7ff7d1337f75 - tokio::runtime::task::harness::Harness<T,S>::poll::hff4cee5968e8965a
  43:     0x7ff7d1337b37 - tokio::runtime::task::UnownedTask<S>::run::h2afaa8df098d5141
  44:     0x7ff7d133bb6e - tokio::runtime::blocking::pool::Inner::run::h372a533e83fab8f9
  45:     0x7ff7d132a46e - std::sys_common::backtrace::__rust_begin_short_backtrace::h400672831341a7ba
  46:     0x7ff7d132b7e2 - std::panicking::try::hb4dd544ea0494359
  47:     0x7ff7d132c08f - <&T as core::fmt::Debug>::fmt::hb60d762610cf095a
  48:     0x7ff7d138447c - alloc::boxed::impl$44::call_once
                               at /rustc/c09a9529c51cde41c1101e56049d418edb07bf71\library\alloc\src\boxed.rs:1811
  49:     0x7ff7d138447c - alloc::boxed::impl$44::call_once
                               at /rustc/c09a9529c51cde41c1101e56049d418edb07bf71\library\alloc\src\boxed.rs:1811
  50:     0x7ff7d138447c - std::sys::windows::thread::impl$0::new::thread_start
                               at /rustc/c09a9529c51cde41c1101e56049d418edb07bf71\/library\std\src\sys\windows\thread.rs:58
  51:     0x7ff8d3367034 - BaseThreadInitThunk
  52:     0x7ff8d5062651 - RtlUserThreadStart

Tracking Issue: Codebase Revamp (Part 2)

This tracking issue is to track progress for further migration from the old codebase to the new one.

hartex_kafka_utils-0.1.0: 1 vulnerabilities (highest severity is: 5.4)

Vulnerable Library - hartex_kafka_utils-0.1.0

Found in HEAD commit: 81864fc790a328d66ad114ea2a0b85861823f94e

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (hartex_kafka_utils version)	Remediation Available
CVE-2023-22466	Medium	5.4	tokio-1.23.0.crate	Transitive	N/A*	❌

Details

CVE-2023-22466

Vulnerable Library - tokio-1.23.0.crate

An event-driven, non-blocking I/O platform for writing asynchronous I/O backed applications.

Library home page: https://crates.io/api/v1/crates/tokio/1.23.0/download

Dependency Hierarchy:

hartex_kafka_utils-0.1.0 (Root Library)
- rdkafka-0.29.0.crate
  - ❌ tokio-1.23.0.crate (Vulnerable Library)

Found in HEAD commit: 81864fc790a328d66ad114ea2a0b85861823f94e

Found in base branch: nightly

Vulnerability Details

Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting pipe_mode will reset reject_remote_clients to false. If the application has previously configured reject_remote_clients to true, this effectively undoes the configuration. Remote clients may only access the named pipe if the named pipe's associated path is accessible via a publicly shared folder (SMB). Versions 1.23.1, 1.20.3, and 1.18.4 have been patched. The fix will also be present in all releases starting from version 1.24.0. Named pipes were introduced to Tokio in version 1.7.0, so releases older than 1.7.0 are not affected. As a workaround, ensure that pipe_mode is set first after initializing a ServerOptions.

Publish Date: 2023-01-04

URL: CVE-2023-22466

CVSS 3 Score Details (5.4)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-7rrj-xr53-82p7

Release Date: 2023-01-04

Fix Resolution: tokio - 1.18.4,1.20.3,1.23.1

Step up your Open Source Security Game with Mend here

Tracking Issue: Bors V2: Running `bors try` With Specific Parent

From this issue on rust-lang/bors, it is proposed to allow try builds to be created with a specific parent commit via a parent parameter.

This issue is created s a tracking issue for the implementation of this feature for Bors V2.

modify parsing to support parameters #1105
adapt the try command implementation to take a parent commit #1106
modify the try command such that it creates try builds with a parent commit if specified #1106

ETA: 0.2.0

Tracking Issue: Levelling System

This issue tracks the implementation of the levelling system.

Items

Tracking Issue: Logging Plugin

Tracking Issue for RFC 3: Rework Ratelimiting

This is a tracking issue for the RFC "rework ratelimiting" (#145).

About tracking issues

Tracking issues are used to record the overall progress of implementation.
They are also used as hubs connecting to other relevant issues, e.g., bugs or open design questions.

Steps

Implement the RFC

restreq-0.1.0: 3 vulnerabilities (highest severity is: 9.8) - autoclosed

Vulnerable Library - restreq-0.1.0

Found in HEAD commit: d6647fd8e593c1cb3202b793fde8ea61860b3c87

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (restreq version)	Remediation Available
CVE-2022-37434	High	9.8	libz-sys-1.1.8.crate	Transitive	N/A*	❌
CVE-2018-25032	High	7.5	libz-sys-1.1.8.crate	Transitive	N/A*	❌
WS-2020-0368	Medium	6.5	libz-sys-1.1.8.crate	Transitive	N/A*	❌

Details

CVE-2022-37434

Vulnerable Library - libz-sys-1.1.8.crate

Low-level bindings to the system libz library (also known as zlib).

Library home page: https://crates.io/api/v1/crates/libz-sys/1.1.8/download

Dependency Hierarchy:

restreq-0.1.0 (Root Library)
- ext-0.1.0
  - base-0.1.0.crate
    - twilight-gateway-0.14.0.crate
      - flate2-1.0.24.crate
        
        ❌ libz-sys-1.1.8.crate (Vulnerable Library)

Found in HEAD commit: d6647fd8e593c1cb3202b793fde8ea61860b3c87

Found in base branch: nightly

Vulnerability Details

Publish Date: 2022-08-05

URL: CVE-2022-37434

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

CVE-2018-25032

Vulnerable Library - libz-sys-1.1.8.crate

Low-level bindings to the system libz library (also known as zlib).

Library home page: https://crates.io/api/v1/crates/libz-sys/1.1.8/download

Dependency Hierarchy:

restreq-0.1.0 (Root Library)
- ext-0.1.0
  - base-0.1.0.crate
    - twilight-gateway-0.14.0.crate
      - flate2-1.0.24.crate
        
        ❌ libz-sys-1.1.8.crate (Vulnerable Library)

Found in HEAD commit: d6647fd8e593c1cb3202b793fde8ea61860b3c87

Found in base branch: nightly

Vulnerability Details

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Publish Date: 2022-03-25

URL: CVE-2018-25032

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-25032

Release Date: 2022-03-25

Step up your Open Source Security Game with Mend here

WS-2020-0368

Vulnerable Library - libz-sys-1.1.8.crate

Low-level bindings to the system libz library (also known as zlib).

Library home page: https://crates.io/api/v1/crates/libz-sys/1.1.8/download

Dependency Hierarchy:

restreq-0.1.0 (Root Library)
- ext-0.1.0
  - base-0.1.0.crate
    - twilight-gateway-0.14.0.crate
      - flate2-1.0.24.crate
        
        ❌ libz-sys-1.1.8.crate (Vulnerable Library)

Found in HEAD commit: d6647fd8e593c1cb3202b793fde8ea61860b3c87

Found in base branch: nightly

Vulnerability Details

Publish Date: 2020-02-22

URL: WS-2020-0368

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/WS-2020-0368

Release Date: 2020-02-22

Step up your Open Source Security Game with Mend here

Tracking Issue: `localization` Feature

This is the tracking issue for the localization nightly feature, which implements localization facilities (languages, timezones, etc.)

Currently implemented locales:

en_AU (full translations, cc @Mrcomputer1)
en_GB (full translations, cc @HTG-YT)
en_US (full translations, cc @HTG-YT)
zh_HK (full translations, cc @Lunari8546)
zh_TW (no translations yet)

Planned locales:

Tracking Issue for `twilight-gateway` Migration

As of twilight-rs/twilight#1809, the twilight-gateway crate is completely revamped.

This issue is for raising awareness of this and track progress over rewriting the gateway process to conform to the revamped twilight-gateway.