Skip to content

Block CDN attachment scam #1293

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Zabuzard merged 4 commits into from
Aug 4, 2025
Merged

Block CDN attachment scam #1293

Zabuzard merged 4 commits into from
Aug 4, 2025

Conversation

@Zabuzard
Copy link
Member

@Zabuzard Zabuzard commented Aug 1, 2025

Summary

This extends the scam blocker to also detect CDN based attachment scam. That is, people posting discord-provided image links containing scam, such as:

example

We already had similiar logic but only for actual attachments. These are "just links" in the message and not technicially attachments from Discords perspective.

The new case is also covered by unit tests and was tested locally.

Details

The existing code for handling suspicious attachments was tweaked so it can also be used for this scenario. Therefore, we created a small wrapper for Attachment that can now either represent an actual Discord attachment or just an URL. The logic then uses this wrapper instead.

The URL analyse code received some rework, in particular the introduction of AnalyseUrlResult. This allows us to hold additional details for each URL (for example the contained attachment, if any).

These data classes received a couple of helper methods that mostly deal with string extraction (some indexOf and substring fun).

All this was done to keep the main flow of how the analyse works intact and not add a bunch of extra if-else branching just for this new edge case.

Config

No changes are required.

The host-whitelist addition "cdn.discordapp.com" was already added to the TEST and PROD bots config.

@Zabuzard Zabuzard self-assigned this Aug 1, 2025
@Zabuzard Zabuzard requested a review from a team as a code owner August 1, 2025 09:08
@Zabuzard Zabuzard added enhancement New feature or request priority: major labels Aug 1, 2025
SquidXTV
SquidXTV previously approved these changes Aug 1, 2025
View reviewed changes
@Zabuzard
improved readability by moving stuff around
2f2a1db 
* analyse went into its own TokenAnalyse class
* data holder classes were extracted as well
* added unit test for non trivial stuff in Attachment class
@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 2, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@Zabuzard Zabuzard requested a review from SquidXTV August 4, 2025 07:06
@Zabuzard Zabuzard merged commit 6d085af into develop Aug 4, 2025
11 checks passed
@Zabuzard Zabuzard deleted the feature/block_cdn_attachment_scam branch August 4, 2025 07:37
@Zabuzard Zabuzard mentioned this pull request Aug 10, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SquidXTV SquidXTV SquidXTV approved these changes

Assignees

@Zabuzard Zabuzard

Labels

enhancement New feature or request priority: major

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Zabuzard @SquidXTV