Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: modmail-dev/Modmail
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v2.1.0
Choose a base ref
...
head repository: modmail-dev/Modmail
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
26 contributors
Loading
Showing with 18,874 additions and 1,975 deletions.
  1. +342 −0 .bandit_baseline.json
  2. +154 −0 .dockerignore
  3. +5 −0 .env.example
  4. +76 −0 .github/CODE_OF_CONDUCT.md
  5. +64 −0 .github/CONTRIBUTING.md
  6. +1 −0 .github/FUNDING.yml
  7. +55 −0 .github/ISSUE_TEMPLATE/bug_report.yml
  8. +5 −0 .github/ISSUE_TEMPLATE/config.yml
  9. +46 −0 .github/ISSUE_TEMPLATE/feature_request.yml
  10. +8 −0 .github/pull.yml
  11. +42 −0 .github/workflows/docker-image.yml
  12. +33 −0 .github/workflows/lints.yml
  13. +40 −5 .gitignore
  14. +1,595 −65 CHANGELOG.md
  15. +38 −0 Dockerfile
  16. +661 −21 LICENSE
  17. +122 −0 PRIVACY.md
  18. +30 −0 Pipfile
  19. +1,388 −0 Pipfile.lock
  20. +1 −1 Procfile
  21. +154 −35 README.md
  22. +162 −0 SPONSORS.json
  23. +36 −20 app.json
  24. +1,693 −314 bot.py
  25. +2,069 −270 cogs/modmail.py
  26. +770 −0 cogs/plugins.py
  27. +1,975 −437 cogs/utility.py
  28. +0 −6 config.json.example
  29. +1,194 −0 core/_color_data.py
  30. +0 −119 core/api.py
  31. +177 −54 core/changelog.py
  32. +142 −0 core/checks.py
  33. +771 −0 core/clients.py
  34. +454 −56 core/config.py
  35. +1,226 −0 core/config_help.json
  36. +0 −45 core/decorators.py
  37. +489 −0 core/models.py
  38. +353 −94 core/paginator.py
  39. +1,357 −302 core/thread.py
  40. +287 −120 core/time.py
  41. +609 −0 core/utils.py
  42. +28 −0 docker-compose.yml
  43. +3 −0 modmail.sh
  44. +2 −0 plugins/@local/.gitignore
  45. +137 −0 plugins/registry.json
  46. +38 −0 pyproject.toml
  47. +41 −10 requirements.txt
  48. +1 −1 runtime.txt
342 changes: 342 additions & 0 deletions .bandit_baseline.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,342 @@
{
"errors": [],
"generated_at": "2022-09-06T16:19:31Z",
"metrics": {
"./bot.py": {
"CONFIDENCE.HIGH": 1,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 1,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 1507,
"nosec": 0,
"skipped_tests": 0
},
"./cogs/modmail.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 1837,
"nosec": 0,
"skipped_tests": 0
},
"./cogs/plugins.py": {
"CONFIDENCE.HIGH": 1,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 1,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 597,
"nosec": 0,
"skipped_tests": 0
},
"./cogs/utility.py": {
"CONFIDENCE.HIGH": 2,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 1,
"SEVERITY.MEDIUM": 1,
"SEVERITY.UNDEFINED": 0,
"loc": 1794,
"nosec": 0,
"skipped_tests": 0
},
"./core/_color_data.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 1166,
"nosec": 0,
"skipped_tests": 0
},
"./core/changelog.py": {
"CONFIDENCE.HIGH": 1,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 1,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 159,
"nosec": 0,
"skipped_tests": 0
},
"./core/checks.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 105,
"nosec": 0,
"skipped_tests": 0
},
"./core/clients.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 1,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 1,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 644,
"nosec": 0,
"skipped_tests": 0
},
"./core/config.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 388,
"nosec": 0,
"skipped_tests": 0
},
"./core/models.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 210,
"nosec": 0,
"skipped_tests": 0
},
"./core/paginator.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 312,
"nosec": 0,
"skipped_tests": 0
},
"./core/thread.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 1184,
"nosec": 0,
"skipped_tests": 0
},
"./core/time.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 265,
"nosec": 0,
"skipped_tests": 0
},
"./core/utils.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 396,
"nosec": 0,
"skipped_tests": 0
},
"./plugins/Cordila/cord/jishaku-migration/jishaku.py": {
"CONFIDENCE.HIGH": 0,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 0,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 0,
"SEVERITY.MEDIUM": 0,
"SEVERITY.UNDEFINED": 0,
"loc": 2,
"nosec": 0,
"skipped_tests": 0
},
"_totals": {
"CONFIDENCE.HIGH": 5,
"CONFIDENCE.LOW": 0,
"CONFIDENCE.MEDIUM": 1,
"CONFIDENCE.UNDEFINED": 0,
"SEVERITY.HIGH": 0,
"SEVERITY.LOW": 5,
"SEVERITY.MEDIUM": 1,
"SEVERITY.UNDEFINED": 0,
"loc": 10566,
"nosec": 0,
"skipped_tests": 0
}
},
"results": [
{
"code": "14 from datetime import datetime, timezone\n15 from subprocess import PIPE\n16 from types import SimpleNamespace\n",
"col_offset": 0,
"filename": "./bot.py",
"issue_confidence": "HIGH",
"issue_cwe": {
"id": 78,
"link": "https://cwe.mitre.org/data/definitions/78.html"
},
"issue_severity": "LOW",
"issue_text": "Consider possible security implications associated with the subprocess module.",
"line_number": 15,
"line_range": [
15
],
"more_info": "https://bandit.readthedocs.io/en/1.7.4/blacklists/blacklist_imports.html#b404-import-subprocess",
"test_id": "B404",
"test_name": "blacklist"
},
{
"code": "13 from site import USER_SITE\n14 from subprocess import PIPE\n15 \n16 import discord\n",
"col_offset": 0,
"filename": "./cogs/plugins.py",
"issue_confidence": "HIGH",
"issue_cwe": {
"id": 78,
"link": "https://cwe.mitre.org/data/definitions/78.html"
},
"issue_severity": "LOW",
"issue_text": "Consider possible security implications associated with the subprocess module.",
"line_number": 14,
"line_range": [
14,
15
],
"more_info": "https://bandit.readthedocs.io/en/1.7.4/blacklists/blacklist_imports.html#b404-import-subprocess",
"test_id": "B404",
"test_name": "blacklist"
},
{
"code": "11 from json import JSONDecodeError, loads\n12 from subprocess import PIPE\n13 from textwrap import indent\n",
"col_offset": 0,
"filename": "./cogs/utility.py",
"issue_confidence": "HIGH",
"issue_cwe": {
"id": 78,
"link": "https://cwe.mitre.org/data/definitions/78.html"
},
"issue_severity": "LOW",
"issue_text": "Consider possible security implications associated with the subprocess module.",
"line_number": 12,
"line_range": [
12
],
"more_info": "https://bandit.readthedocs.io/en/1.7.4/blacklists/blacklist_imports.html#b404-import-subprocess",
"test_id": "B404",
"test_name": "blacklist"
},
{
"code": "2093 try:\n2094 exec(to_compile, env) # pylint: disable=exec-used\n2095 except Exception as exc:\n",
"col_offset": 12,
"filename": "./cogs/utility.py",
"issue_confidence": "HIGH",
"issue_cwe": {
"id": 78,
"link": "https://cwe.mitre.org/data/definitions/78.html"
},
"issue_severity": "MEDIUM",
"issue_text": "Use of exec detected.",
"line_number": 2094,
"line_range": [
2094
],
"more_info": "https://bandit.readthedocs.io/en/1.7.4/plugins/b102_exec_used.html",
"test_id": "B102",
"test_name": "exec_used"
},
{
"code": "2 import re\n3 from subprocess import PIPE\n4 from typing import List\n",
"col_offset": 0,
"filename": "./core/changelog.py",
"issue_confidence": "HIGH",
"issue_cwe": {
"id": 78,
"link": "https://cwe.mitre.org/data/definitions/78.html"
},
"issue_severity": "LOW",
"issue_text": "Consider possible security implications associated with the subprocess module.",
"line_number": 3,
"line_range": [
3
],
"more_info": "https://bandit.readthedocs.io/en/1.7.4/blacklists/blacklist_imports.html#b404-import-subprocess",
"test_id": "B404",
"test_name": "blacklist"
},
{
"code": "70 \n71 def __init__(self, bot, access_token: str = \"\", username: str = \"\", **kwargs):\n72 self.bot = bot\n73 self.session = bot.session\n74 self.headers: Optional[dict] = None\n75 self.access_token = access_token\n76 self.username = username\n77 self.avatar_url: str = kwargs.pop(\"avatar_url\", \"\")\n78 self.url: str = kwargs.pop(\"url\", \"\")\n79 if self.access_token:\n80 self.headers = {\"Authorization\": \"token \" + str(access_token)}\n81 \n82 @property\n83 def BRANCH(self) -> str:\n",
"col_offset": 4,
"filename": "./core/clients.py",
"issue_confidence": "MEDIUM",
"issue_cwe": {
"id": 259,
"link": "https://cwe.mitre.org/data/definitions/259.html"
},
"issue_severity": "LOW",
"issue_text": "Possible hardcoded password: ''",
"line_number": 71,
"line_range": [
71,
72,
73,
74,
75,
76,
77,
78,
79,
80,
81,
82
],
"more_info": "https://bandit.readthedocs.io/en/1.7.4/plugins/b107_hardcoded_password_default.html",
"test_id": "B107",
"test_name": "hardcoded_password_default"
}
]
}
Loading