Development v3.3.0 future release PR

.bandit_baseline.json

@@ -0,0 +1,243 @@
+{
+  "errors": [],
+  "generated_at": "2019-10-07T08:19:22Z",
+  "metrics": {
+    "./bot.py": {
+      "CONFIDENCE.HIGH": 0.0,
+      "CONFIDENCE.LOW": 0.0,
+      "CONFIDENCE.MEDIUM": 0.0,
+      "CONFIDENCE.UNDEFINED": 0.0,
+      "SEVERITY.HIGH": 0.0,
+      "SEVERITY.LOW": 0.0,
+      "SEVERITY.MEDIUM": 0.0,
+      "SEVERITY.UNDEFINED": 0.0,
+      "loc": 933,
+      "nosec": 0
+    },
+    "_totals": {
+      "CONFIDENCE.HIGH": 2.0,
+      "CONFIDENCE.LOW": 0.0,
+      "CONFIDENCE.MEDIUM": 1.0,
+      "CONFIDENCE.UNDEFINED": 0.0,
+      "SEVERITY.HIGH": 0.0,
+      "SEVERITY.LOW": 2.0,
+      "SEVERITY.MEDIUM": 1.0,
+      "SEVERITY.UNDEFINED": 0.0,
+      "loc": 7299,
+      "nosec": 0
+    },
+    "cogs/modmail.py": {
+      "CONFIDENCE.HIGH": 0.0,
+      "CONFIDENCE.LOW": 0.0,
+      "CONFIDENCE.MEDIUM": 0.0,
+      "CONFIDENCE.UNDEFINED": 0.0,
+      "SEVERITY.HIGH": 0.0,
+      "SEVERITY.LOW": 0.0,
+      "SEVERITY.MEDIUM": 0.0,
+      "SEVERITY.UNDEFINED": 0.0,
+      "loc": 973,
+      "nosec": 0
+    },
+    "cogs/plugins.py": {
+      "CONFIDENCE.HIGH": 1.0,
+      "CONFIDENCE.LOW": 0.0,
+      "CONFIDENCE.MEDIUM": 0.0,
+      "CONFIDENCE.UNDEFINED": 0.0,
+      "SEVERITY.HIGH": 0.0,
+      "SEVERITY.LOW": 1.0,
+      "SEVERITY.MEDIUM": 0.0,
+      "SEVERITY.UNDEFINED": 0.0,
+      "loc": 537,
+      "nosec": 0
+    },
+    "cogs/utility.py": {
+      "CONFIDENCE.HIGH": 1.0,
+      "CONFIDENCE.LOW": 0.0,
+      "CONFIDENCE.MEDIUM": 0.0,
+      "CONFIDENCE.UNDEFINED": 0.0,
+      "SEVERITY.HIGH": 0.0,
+      "SEVERITY.LOW": 0.0,
+      "SEVERITY.MEDIUM": 1.0,
+      "SEVERITY.UNDEFINED": 0.0,
+      "loc": 1587,
+      "nosec": 0
+    },
+    "core/_color_data.py": {
+      "CONFIDENCE.HIGH": 0.0,
+      "CONFIDENCE.LOW": 0.0,
+      "CONFIDENCE.MEDIUM": 0.0,
+      "CONFIDENCE.UNDEFINED": 0.0,
+      "SEVERITY.HIGH": 0.0,
+      "SEVERITY.LOW": 0.0,
+      "SEVERITY.MEDIUM": 0.0,
+      "SEVERITY.UNDEFINED": 0.0,
+      "loc": 1168,
+      "nosec": 0
+    },
+    "core/changelog.py": {
+      "CONFIDENCE.HIGH": 0.0,
+      "CONFIDENCE.LOW": 0.0,
+      "CONFIDENCE.MEDIUM": 0.0,
+      "CONFIDENCE.UNDEFINED": 0.0,
+      "SEVERITY.HIGH": 0.0,
+      "SEVERITY.LOW": 0.0,
+      "SEVERITY.MEDIUM": 0.0,
+      "SEVERITY.UNDEFINED": 0.0,
+      "loc": 154,
+      "nosec": 0
+    },
+    "core/checks.py": {
+      "CONFIDENCE.HIGH": 0.0,
+      "CONFIDENCE.LOW": 0.0,
+      "CONFIDENCE.MEDIUM": 0.0,
+      "CONFIDENCE.UNDEFINED": 0.0,
+      "SEVERITY.HIGH": 0.0,
+      "SEVERITY.LOW": 0.0,
+      "SEVERITY.MEDIUM": 0.0,
+      "SEVERITY.UNDEFINED": 0.0,
+      "loc": 75,
+      "nosec": 0
+    },
+    "core/clients.py": {
+      "CONFIDENCE.HIGH": 0.0,
+      "CONFIDENCE.LOW": 0.0,
+      "CONFIDENCE.MEDIUM": 0.0,
+      "CONFIDENCE.UNDEFINED": 0.0,
+      "SEVERITY.HIGH": 0.0,
+      "SEVERITY.LOW": 0.0,
+      "SEVERITY.MEDIUM": 0.0,
+      "SEVERITY.UNDEFINED": 0.0,
+      "loc": 200,
+      "nosec": 0
+    },
+    "core/config.py": {
+      "CONFIDENCE.HIGH": 0.0,
+      "CONFIDENCE.LOW": 0.0,
+      "CONFIDENCE.MEDIUM": 0.0,
+      "CONFIDENCE.UNDEFINED": 0.0,
+      "SEVERITY.HIGH": 0.0,
+      "SEVERITY.LOW": 0.0,
+      "SEVERITY.MEDIUM": 0.0,
+      "SEVERITY.UNDEFINED": 0.0,
+      "loc": 276,
+      "nosec": 0
+    },
+    "core/decorators.py": {
+      "CONFIDENCE.HIGH": 0.0,
+      "CONFIDENCE.LOW": 0.0,
+      "CONFIDENCE.MEDIUM": 0.0,
+      "CONFIDENCE.UNDEFINED": 0.0,
+      "SEVERITY.HIGH": 0.0,
+      "SEVERITY.LOW": 0.0,
+      "SEVERITY.MEDIUM": 0.0,
+      "SEVERITY.UNDEFINED": 0.0,
+      "loc": 7,
+      "nosec": 0
+    },
+    "core/models.py": {
+      "CONFIDENCE.HIGH": 0.0,
+      "CONFIDENCE.LOW": 0.0,
+      "CONFIDENCE.MEDIUM": 0.0,
+      "CONFIDENCE.UNDEFINED": 0.0,
+      "SEVERITY.HIGH": 0.0,
+      "SEVERITY.LOW": 0.0,
+      "SEVERITY.MEDIUM": 0.0,
+      "SEVERITY.UNDEFINED": 0.0,
+      "loc": 91,
+      "nosec": 0
+    },
+    "core/paginator.py": {
+      "CONFIDENCE.HIGH": 0.0,
+      "CONFIDENCE.LOW": 0.0,
+      "CONFIDENCE.MEDIUM": 0.0,
+      "CONFIDENCE.UNDEFINED": 0.0,
+      "SEVERITY.HIGH": 0.0,
+      "SEVERITY.LOW": 0.0,
+      "SEVERITY.MEDIUM": 0.0,
+      "SEVERITY.UNDEFINED": 0.0,
+      "loc": 214,
+      "nosec": 0
+    },
+    "core/thread.py": {
+      "CONFIDENCE.HIGH": 0.0,
+      "CONFIDENCE.LOW": 0.0,
+      "CONFIDENCE.MEDIUM": 0.0,
+      "CONFIDENCE.UNDEFINED": 0.0,
+      "SEVERITY.HIGH": 0.0,
+      "SEVERITY.LOW": 0.0,
+      "SEVERITY.MEDIUM": 0.0,
+      "SEVERITY.UNDEFINED": 0.0,
+      "loc": 716,
+      "nosec": 0
+    },
+    "core/time.py": {
+      "CONFIDENCE.HIGH": 0.0,
+      "CONFIDENCE.LOW": 0.0,
+      "CONFIDENCE.MEDIUM": 0.0,
+      "CONFIDENCE.UNDEFINED": 0.0,
+      "SEVERITY.HIGH": 0.0,
+      "SEVERITY.LOW": 0.0,
+      "SEVERITY.MEDIUM": 0.0,
+      "SEVERITY.UNDEFINED": 0.0,
+      "loc": 169,
+      "nosec": 0
+    },
+    "core/utils.py": {
+      "CONFIDENCE.HIGH": 0.0,
+      "CONFIDENCE.LOW": 0.0,
+      "CONFIDENCE.MEDIUM": 1.0,
+      "CONFIDENCE.UNDEFINED": 0.0,
+      "SEVERITY.HIGH": 0.0,
+      "SEVERITY.LOW": 1.0,
+      "SEVERITY.MEDIUM": 0.0,
+      "SEVERITY.UNDEFINED": 0.0,
+      "loc": 199,
+      "nosec": 0
+    }
+  },
+  "results": [
+    {
+      "code": "14 from site import USER_SITE\n15 from subprocess import PIPE\n16 \n17 import discord\n",
+      "filename": "cogs/plugins.py",
+      "issue_confidence": "HIGH",
+      "issue_severity": "LOW",
+      "issue_text": "Consider possible security implications associated with PIPE module.",
+      "line_number": 15,
+      "line_range": [
+        15,
+        16
+      ],
+      "more_info": "https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess",
+      "test_id": "B404",
+      "test_name": "blacklist"
+    },
+    {
+      "code": "1824         try:\n1825             exec(to_compile, env)  # pylint: disable=exec-used\n1826         except Exception as exc:\n",
+      "filename": "cogs/utility.py",
+      "issue_confidence": "HIGH",
+      "issue_severity": "MEDIUM",
+      "issue_text": "Use of exec detected.",
+      "line_number": 1825,
+      "line_range": [
+        1825
+      ],
+      "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b102_exec_used.html",
+      "test_id": "B102",
+      "test_name": "exec_used"
+    },
+    {
+      "code": "219         for token in shlex.shlex(alias, punctuation_chars=\"&\"):\n220             if token != \"&&\":\n221                 buffer += \" \" + token\n",
+      "filename": "core/utils.py",
+      "issue_confidence": "MEDIUM",
+      "issue_severity": "LOW",
+      "issue_text": "Possible hardcoded password: '&&'",
+      "line_number": 220,
+      "line_range": [
+        220
+      ],
+      "more_info": "https://bandit.readthedocs.io/en/latest/plugins/b105_hardcoded_password_string.html",
+      "test_id": "B105",
+      "test_name": "hardcoded_password_string"
+    }
+  ]
+}

.lint.py

@@ -1,16 +1,17 @@
-import sys
-from os import listdir
-from os.path import join
+if __name__ == "__main__":
+    import sys
+    from os import listdir
+    from os.path import join
 
-from pylint.lint import Run
+    from pylint.lint import Run
 
-THRESHOLD = 9.75
+    THRESHOLD = 9.75
 
-cogs = [join("cogs", c) for c in listdir("cogs") if c.endswith(".py")]
-core = [join("core", c) for c in listdir("core") if c.endswith(".py")]
+    cogs = [join("cogs", c) for c in listdir("cogs") if c.endswith(".py")]
+    core = [join("core", c) for c in listdir("core") if c.endswith(".py")]
 
-results = Run(["bot.py", *cogs, *core], do_exit=False)
+    results = Run(["bot.py", *cogs, *core], do_exit=False)
 
-score = results.linter.stats["global_note"]
-if score <= THRESHOLD:
-    sys.exit(1)
+    score = results.linter.stats["global_note"]
+    if score <= THRESHOLD:
+        sys.exit(1)

.travis.yml

@@ -3,10 +3,27 @@ language: python
 matrix:
   include:
   - python: '3.7'
-    dist: xenial
+    name: "Python 3.7.1 on Xenial Linux"
+  - python: '3.6'
+    name: "Python 3.6.7 on Xenial Linux"
+  - name: "Python 3.7.4 on macOS"
+    os: osx
+    osx_image: xcode11.2
+    language: shell
+  - name: "Python 3.7.5 on Windows"
+    os: windows
+    language: shell
+    before_install:
+      - choco install python --version=3.7.5
+      - python -m pip install --upgrade pip
+    env: PATH=/c/Python37:/c/Python37/Scripts:$PATH
 
 install:
+  - pip3 install --upgrade pip
+  - pip3 install pipenv
   - pipenv install -d
 
 script:
+  - pipenv run bandit ./bot.py cogs/*.py core/*.py -b .bandit_baseline.json
   - pipenv run python .lint.py
+  - pipenv run flake8 ./bot.py cogs/*.py core/*.py --ignore=E501,E203,W503 --exit-zero

CHANGELOG.md

@@ -6,6 +6,74 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 This project mostly adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html);
 however, insignificant breaking changes does not guarantee a major version bump, see the reasoning [here](https://github.com/kyb3r/modmail/issues/319).
 
+
+# v3.3.0-dev6
+
+
+### Important
+
+- Recommend all users to unblock and re-block all blocked users upon updating to this release.
+
+### Added
+
+- Three new config vars:
+  - `enable_plugins` (yes/no default yes)
+    - When set to no, plugins will not be loaded into the bot.
+  - `error_color` (color format, defaults discord red)
+    - The color of error messages.
+  - `anon_reply_without_command` (yes/no default no) (Thanks to papiersnipper PR#288)
+    - When set, all non-command messages sent to thread channels are forwarded to the recipient anonymously without the need of `?anonreply`.
+    - This config takes precedence over `reply_without_command`.
+- `?logs responded [user]` command, it will show all logs that the user has sent an reply. (Thanks to papiersnipper PR#288)
+  - `user` when not provided, defaults to the user who ran the command.
+- Open threads in limbo now auto closes if the channel cannot be found. This check is done every time the bot restarts.
+- Ability to disable new threads from getting created.
+  - `?disable`
+- Ability to fully disable Modmail DM.
+  - `?disable all`
+- To re-enable DM: `?enable`, and to see the current status: `?isenable`.
+- This disabled Modmail interface is customizable with the following config vars:
+  - `disabled_new_thread_title`
+  - `disabled_new_thread_response`
+  - `disabled_new_thread_footer`
+  - `disabled_current_thread_title`
+  - `disabled_current_thread_response`
+  - `disabled_current_thread_footer`
+- Ability to delete notes when providing their ID. (Thanks to papiersnipper PR#402)
+- Ability to delete log entries. (Thanks to papiersnipper PR#402)
+
+### Changed
+
+- `?contact` no longer send the "thread created" message to where the command is ran, instead, it's now sent to the newly created thread channel. (Thanks to DAzVise)
+- Automatically delete notes command `?note` when there's no attachments attached.
+- Embed author links used to be inaccessible in many cases, now:
+  - `?anonreply`, `?reply`, and `?note` in thread channel will link to the sender's profile.
+  - `?reply` and recipient's DM will also link the sender's profile.
+  - `?anonreply` in DM channel will link to the first channel of the main guild.
+- Plugins update (mostly internal).
+  - `git` is no longer used to install plugins, it now downloads through zip files.
+  - `?plugins enabled` renamed to `?plugins loaded` while `enabled` is still an alias to that command.
+  - Reorganised plugins folder structure.
+  - Logging / plugin-related messages changes.
+  - Updating one plugin will not update all other plugins (plugins are no longer separated by repos, but the plugin name itself).
+- Help command is in alphabetical order grouped by permissions.
+- Notes are no longer always blurple, its set to `MAIN_COLOR` now.
+- Added `?plugins update` for updating all installed plugins.
+- Reintroduce flake8 and use bandit for security issues detection.
+- Add travis checks for 3.6 in Linux and 3.7 for MacOS and Windows.
+- Eval commands are logged in debug logs.
+- Presence updates 30 minutes instead of 45 now.
+- Fixed an assortment of problems to do with block.
+- Existing aliases can be used when creating new aliases. (Thanks to papiersnipper PR#402)
+
+### Internal
+
+- Reworked `config.get` and `config.set`, it feeds through the converters before setting/getting.
+  - To get/set the raw value, access through `config[]`.
+- Prerelease naming scheme is now `x.x.x-devN`.
+- `trigger_typing` has been moved to `core.utils.trigger_typing`, original location is deprecated.
+- Simpler status and activity logic.
+
 # v3.2.2
 
 Security update!

Dockerfile

@@ -1,5 +1,4 @@
 FROM python:3.7.4-alpine
-RUN apk add --no-cache git
 WORKDIR /modmailbot
 COPY . /modmailbot
 RUN pip install --no-cache-dir -r requirements.min.txt