[BUG] It's possible to break modmail's internal thread cache and simultanously open many threads #3022
Comments
bast0006
changed the title
What do you mean by close the thread before modmail can respond? |
|
Click both the check and X mark reactions before modmail is able to remove them |
|
Thanks for the explanation. |
|
If you have an instance available for testing I'd love to reproduce it for you? |
|
Sure, can you DM me on discord? |
|
I have been able to half reproduce this on the latest version, running on Heroku. |
|
|
|
2021-05-10 14:54:06 main[1331] - ERROR: Ignoring exception in on_message. Logs. Was able to reproduce a 2nd time. |
|
Can reproduce.
I've found a simpler reproduction step as well. On step three, don't even both reacting to open a thread, just react to close the thread. It works better, and is more reliable to recreate the issue. |
|
I can reproduce successfully multiple times in a row
|
Did the bot create multiple channels for you as well? |
Just did this and it spammed me with "Cancelled." |
Yes
|
You still need to react with the checkbox for all later messages. The first one during the block didn't the checkbox tho. |
|
Ahh! I confused the steps. Also have been able to reproduce on one version out of date, running on VPS, multiple times, same thing in the logs. |
|
Welp. I managed to reproduce this on my local machine.
I had a patch ready for this issue a while back when I encountered similar issue using react to contact. The issue is probably from here: Should also add Also need to handle the exception when sending "Cancelled" embed, this probably what causes the bot to hang without returning the Thread instance (which |
fourjr
added
bug
* Sending files in threads (non-images) now work. resolves modmail-dev#2926 * Deleting messages no longer shows a false error, resolves modmail-dev#2910 * Linting * Fix `?perms get` command showing IDs instead of user or role mentions. * Support discord.py v1.6 & LOTTIE stickers * Release v3.8 * Linting & Changelog * Fix bug when sending multiple images at once. * Fix error when reacting on confirm thread creation message. * Update changelog * Autotriggers no longer sends attachments back. resolves modmail-dev#2932 * Fix `logs` command without argument in thread channel when the recipient is not cached. * Fix error raised when recipient is not cached and reacts to reactions in DM channel. * Fixed bug with update notifiations * Retry with diff name if channel cant be created resolves modmail-dev#2934 * Retrieve user from Discord API if user has left the server, modmail-dev#2935 modmail-dev#2936 * IDs in `<member>` commands work now. * update version in discord version error string * Hotfix: Corrupted data no longer saved to thread cache * Bump version * 3.8.4 - Another fix attempt * Improved cache saving methods * Ability to disable mention on thread creation. * Update thread move message in case `mention` was set to disable/None. * Formatting... * Apply suggestions from code review Co-authored-by: Jia Rong Yee <[email protected]> * Fix typo in 'config_help.json' (modmail-dev#2957) * Update README.md (modmail-dev#2955) fix a sentence which said to join the old deleted plugin server * Add msglink command to get DM message URLs. * Add DM channel ID to genesis message footer. * Amend typo and black formatting. * Improve messages * Changelog update * Non-master/development branch deployments no longer cause erros to be raised. * Update changelog * Fix bug where autotriggers are in dm context, resolve modmail-dev#2961 * Use the ID attribute of DM Channel. Originally used the channel instance by mistake, causing the `__str__` to be used instead of the intended ID. * Confirm thread creation when user opens a thread using react to contact. * Block new thread from react to contact when Modmail DM is disabled (new or all). * Bot will not attempt to find for linked message when the recipient reacts to reactions on confirm thread creation message. * Fix previous commit. * Fix a few bad refs and typos * Add local plugins * Add local plugin dir * Add local plugins * Updated version, deps, and plugins code * Forgot to finish sentence * new plugin A little plugin I was working on * Potentially breaking: improved plugin events * Fix bug where cancelled still attempts to start thread * Changelog & Ghost errors are no longer raised when threads are created using non-organic methods. * Add reaciton menu plugin * better run command, 3.9.1 * add music plugin added music plugin on taki's request * Update registry.json try to fix install issue * Update bot.py add hosting methods: screen and systemd * Update models.py add hosting methods: screen and systemd * Force update dev? Weird history * Add docker hostingmethod * Update config_help.json Change disabled to enabled, as it is enabled on a new bot creation * Bump versions * Update readme * did i not commit this * Update `mention` command. * Add Coolguy (Prime Servers) to SPONSORS * Small correction * Add Coolguy (Prime Servers) to SPONSORS * Update to HTTPS * Update to HTTPS * v3.9.3 add use_user_id_channel_name * black * Possibly fix emoji problem * Cleaner code :D * Bump python runtime version Security update * Update sponsors * Add docker-compose configuration for self hosting Adds a docker-compose configuration file for running both the bot and logviewer with a shared mongo database in a single container stack. Exposes port 8000 and ensure the mongo database can not be accessed remotely. * Change Max Channel per Category to 49, fix fallback save logic * There is now a proper message when trying to contact a bot. * Changelog - v3.9.4 * Fix typo * add fourjr claim * Add volume for persistent data storage to Mongo * Update pyproject.toml * Update README.md * Update sponsors * Fix typo in config help. * Update 'bot.py' and 'clients.py': - Fix return types, type hints, and unresolved references. * Update database after resetting/purging all plugins. * `plugin reset`, remove unloaded plugins from `self.loaded_plugins` * turn mentions into set * Hopefully resolves modmail-dev#3022. * Improve contact and react to contact: - Checks if user is blocked when `?contact` command or react to contact is used. * Remove publish plugin * Initial 3.9.5-dev1 * Update registry.json removal of profanity filter, trying to download will result in a infinite download loop and will stop any plugin from loading/break the usage of removing/adding new plugins * Group conversation ALPHA modmail-dev#143 * Remove debug * Push ver * Fix closes for group conversations * Bump version * Update registry.json * Changelog * Add solution to CERTIFICATE_VERIFY_FAILED * New issue forms * formatting * Update SPONSORS.json * fix issue template * Update requirements system and removed poetry * Sort pipfile * Remove flake8 from req, use new rec line-width of 110, black format * Remove flake8 from req, use new rec line-width of 110, black format * Add dnspython (pymongo[srv]) as req * Updates channel.move, bot.close, emoji changes * Keep more log files * Bump version * Black format * Updated sponsors * Improved dockerfile * Add restart and environment for bot * Update sponsors * Update modmail.py fix typo { modmail-dev#3067 } { https://usagi.xn--6frz82g/6DEshJ } * Formatting and final updates to deps * formatting * Fix SSL Error * Changelog * bump v * Fix failing Docker build * Fix UnicodeEncodeError on Windows. (modmail-dev#3043) * Fix UnionEncodeError on Windows when logging unicode emojis or special characters. * Formatting... * Plugins: add Python Discord's - **Case insensitive snippets**: Allow snippets to be ran even if with the wrong case. For example, `?Dm-RePort` will be recognized as `?dm-report`. - **Close message:** Add a `?closemessage` command that will close the thread after 15 minutes with a default message. - **MDLink**: Generate a ready to paste link to the thread logs. - **Reply cooldown**: Forbid you from sending the same message twice in ten seconds. - **Tagging**: Add a `?tag` command capable of adding a `$message|` header to the channel name. * Let snippets be invoked case-insensitively. * Update changelogs * Update changelog * Improved way to do case insensitive snippets * Update changelog and merge issues * Formatting * Fix contact with category and silent, modmail-dev#3076 * Resolve close_on_leave_reason not properly working * Invalid arguments are now properly catched and a proper error message is sent (BadUnionArg) * Removeuser (resolve modmail-dev#3065), silent adding/removing (modmail-dev#3054) * Formatting * add multiple users to a thread (resolve modmail-dev#3066), new group config options * Formatting * Fix formatter, allow add by roles (resolve modmail-dev#3053) * Remove tagging and case insensitive plugins * Changelog * Use highest hoisted role as default tag, resolves modmail-dev#3014 * Reload thread cache only when it's the first on_ready trigger. Resolves modmail-dev#3037 * Resolve linked messages issues, improve group functionality (bugfixes), resolves modmail-dev#3041 * Persistent notes are now properly deleted,resolve modmail-dev#3013 * Fix changelog formatting * Fix changelog formatting * Fix changelog formatting * New thread related config, resolves modmail-dev#3072 * Resolve issues with deleting messages * use_timestamp_channel_name config * formatting * add documentation and fix timestamp related bugs * Initial commit * Bug fixes and debug removal * Remove debug * Remove additional debug * Update bot.py * Edit error message * move format_channel_name to Bot, resolve modmail-dev#2982 * Formatting * bump ver * Bug fixes * Redo alias conversion * Remove redundant category checks * ?contact accepts multiple users, or role modmail-dev#3082 * Changelog and fix bot perm level * Remove extra loop.close * Push version to 3.10 * Quick bugfix on config help and debug hastebin * Fix bug where snippet add did not check command name * v3.10.1 - fix edit cmd * Fix contact * bump ver * oops * Add phish checker plugin * Added sponsor * Update SPONSORS.json * Update bandit baseline: * 3.10.3 contact fix Co-authored-by: Jia Rong Yee <[email protected]> Co-authored-by: Jerrie-Aries <[email protected]> Co-authored-by: Ayam Dobhal <[email protected]> Co-authored-by: lorenzo132 <[email protected]> Co-authored-by: scragly <[email protected]> Co-authored-by: Taku <[email protected]> Co-authored-by: ❥sora <[email protected]> Co-authored-by: Ralph <[email protected]> Co-authored-by: codeinteger6 <[email protected]> Co-authored-by: redstonedesigner <[email protected]> Co-authored-by: Stephen <[email protected]> Co-authored-by: Cyrus Yip <[email protected]> Co-authored-by: Cyrus <[email protected]> Co-authored-by: Matt Nikkel <[email protected]> Co-authored-by: Matteo Bertucci <[email protected]> Co-authored-by: Qwerty-133 <[email protected]> Co-authored-by: popeeyy <[email protected]> Co-authored-by: kato <[email protected]>
Describe the bug
If
confirm_thread_creationis used, a user can break the thread creation flow and somehow cause modmail's DM response to freeze. This then results in modmail sending as manyconfirm_thread_creationprompts as messages were sent during the freeze, and if the user reacts to each one, they can open one thread per message.Bot Info
Bot version (check with
@modmail about): 3.9.4Host method (Heroku, self-host, etc): self-hosted
To Reproduce
Steps to reproduce the behavior:
.1. DM modmail, wait for the
confirm_thread_creationmessage to come up..2. Block modmail
.3. React to create the thread and close the thread before modmail can respond
.4. Unblock modmail, and while it's frozen (~10-15s depending), send a few messages. The effect is worse if you wait a short time between each one
.5. Observe many
confirm_thread_creationmessages that all work.Error Logs
https://paste.pythondiscord.com/luyevadeyu.txt
Screenshots
https://cdn.discordapp.com/attachments/620607373828030464/840607305586049034/Screen_Shot_test1.png
https://cdn.discordapp.com/attachments/620607373828030464/840607475187449866/Screen_Shot_test2.png
https://cdn.discordapp.com/attachments/620607373828030464/840607476554792990/Screen_Shot_test3.png
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: