From fed86cdbb2fc5cbb6f9be56be451bc08aad14245 Mon Sep 17 00:00:00 2001
From: ChomeNS <95471003+ChomeNS@users.noreply.github.com>
Date: Sat, 1 Apr 2023 12:45:57 +0700
Subject: [PATCH] actually fix a major exploit

---
 .../chayapak/chomens_bot/commands/CloopCommand.java       | 8 ++++----
 .../chayapak/chomens_bot/commands/EndCommand.java         | 2 +-
 .../chayapak/chomens_bot/commands/ServerEvalCommand.java  | 2 +-
 .../chayapak/chomens_bot/commands/SudoAllCommand.java     | 2 +-
 .../chomens_bot/plugins/CommandHandlerPlugin.java         | 6 ++++--
 5 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/src/main/java/land/chipmunk/chayapak/chomens_bot/commands/CloopCommand.java b/src/main/java/land/chipmunk/chayapak/chomens_bot/commands/CloopCommand.java
index 4100812..d4556fb 100644
--- a/src/main/java/land/chipmunk/chayapak/chomens_bot/commands/CloopCommand.java
+++ b/src/main/java/land/chipmunk/chayapak/chomens_bot/commands/CloopCommand.java
@@ -21,10 +21,10 @@ public class CloopCommand implements Command {
 
     public List<String> usage() {
         final List<String> usages = new ArrayList<>();
-        usages.add("add <interval> <{command}>");
-        usages.add("remove <index>");
-        usages.add("clear");
-        usages.add("list");
+        usages.add("<hash> add <interval> <{command}>");
+        usages.add("<hash> remove <index>");
+        usages.add("<hash> clear");
+        usages.add("<hash> list");
 
         return usages;
     }
diff --git a/src/main/java/land/chipmunk/chayapak/chomens_bot/commands/EndCommand.java b/src/main/java/land/chipmunk/chayapak/chomens_bot/commands/EndCommand.java
index 4caee50..ee69cda 100644
--- a/src/main/java/land/chipmunk/chayapak/chomens_bot/commands/EndCommand.java
+++ b/src/main/java/land/chipmunk/chayapak/chomens_bot/commands/EndCommand.java
@@ -17,7 +17,7 @@ public class EndCommand implements Command {
 
     public List<String> usage() {
         final List<String> usages = new ArrayList<>();
-        usages.add("");
+        usages.add("<hash>");
 
         return usages;
     }
diff --git a/src/main/java/land/chipmunk/chayapak/chomens_bot/commands/ServerEvalCommand.java b/src/main/java/land/chipmunk/chayapak/chomens_bot/commands/ServerEvalCommand.java
index 96c0e51..438db7b 100644
--- a/src/main/java/land/chipmunk/chayapak/chomens_bot/commands/ServerEvalCommand.java
+++ b/src/main/java/land/chipmunk/chayapak/chomens_bot/commands/ServerEvalCommand.java
@@ -20,7 +20,7 @@ public class ServerEvalCommand implements Command {
 
     public List<String> usage() {
         final List<String> usages = new ArrayList<>();
-        usages.add("<{code}>");
+        usages.add("<ownerHash> <{code}>");
 
         return usages;
     }
diff --git a/src/main/java/land/chipmunk/chayapak/chomens_bot/commands/SudoAllCommand.java b/src/main/java/land/chipmunk/chayapak/chomens_bot/commands/SudoAllCommand.java
index 4ce49f6..7ee88b1 100644
--- a/src/main/java/land/chipmunk/chayapak/chomens_bot/commands/SudoAllCommand.java
+++ b/src/main/java/land/chipmunk/chayapak/chomens_bot/commands/SudoAllCommand.java
@@ -19,7 +19,7 @@ public class SudoAllCommand implements Command {
 
     public List<String> usage() {
         final List<String> usages = new ArrayList<>();
-        usages.add("<{c:message|command}>");
+        usages.add("<hash> <{c:message|command}>");
 
         return usages;
     }
diff --git a/src/main/java/land/chipmunk/chayapak/chomens_bot/plugins/CommandHandlerPlugin.java b/src/main/java/land/chipmunk/chayapak/chomens_bot/plugins/CommandHandlerPlugin.java
index 23ff3bf..a664c12 100644
--- a/src/main/java/land/chipmunk/chayapak/chomens_bot/plugins/CommandHandlerPlugin.java
+++ b/src/main/java/land/chipmunk/chayapak/chomens_bot/plugins/CommandHandlerPlugin.java
@@ -53,6 +53,7 @@ public class CommandHandlerPlugin {
         commands.add(command);
     }
 
+    // literally the same quality as the js chomens bot
     public Component executeCommand (String input, CommandContext context, boolean inGame, boolean discord, String hash, String ownerHash, MessageReceivedEvent event) {
         final String[] splitInput = input.split("\\s+");
 
@@ -72,12 +73,13 @@ public class CommandHandlerPlugin {
         if (fullArgs.length < minimumArgs) return Component.text("Excepted minimum of " + minimumArgs + " argument(s), got " + fullArgs.length).color(NamedTextColor.RED);
         if (fullArgs.length > maximumArgs && !usage.contains("{")) return Component.text("Too much arguments, expected " + maximumArgs + " max").color(NamedTextColor.RED);
 
+        if (trustLevel > 0 && splitInput.length < 2) return Component.text("Please provide a hash").color(NamedTextColor.RED);
+
         String userHash = "";
-        if (trustLevel > 0 && splitInput.length >= 2) userHash = splitInput[1];
+        if (trustLevel > 0) userHash = splitInput[1];
 
         final String[] args = Arrays.copyOfRange(splitInput, (trustLevel > 0 && inGame) ? 2 : 1, splitInput.length);
 
-        // fix shit random messy code
         if (command.trustLevel() > 0) {
             if (discord) {
                 final List<Role> roles = event.getMember().getRoles();