From 01352925e128f1be6d489609b1c5a4f6fabee33c Mon Sep 17 00:00:00 2001 From: pixelbitie <118837180+pixelbitie@users.noreply.github.com> Date: Sat, 10 May 2025 00:11:29 +0800 Subject: [PATCH 1/4] Create .gitignore Makes it so that the .env file storing the discord bot token is never actually committed --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4c49bd7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.env From 6bb44f33dff04b6a4582dea22298c141b2558be8 Mon Sep 17 00:00:00 2001 From: pixelbitie <118837180+pixelbitie@users.noreply.github.com> Date: Sat, 10 May 2025 00:12:51 +0800 Subject: [PATCH 2/4] Create requirements.txt Dependencies for all the imports in lowchi.py --- requirements.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 requirements.txt diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..55e21fc --- /dev/null +++ b/requirements.txt @@ -0,0 +1,3 @@ +discord.py>=2.3.2 +simpleeval>=0.9.13 +python-dotenv>=1.0.1 From b5eeaec10a0a819f365b6ae16fb1bcf6e2358761 Mon Sep 17 00:00:00 2001 From: pixelbitie <118837180+pixelbitie@users.noreply.github.com> Date: Sat, 10 May 2025 00:22:17 +0800 Subject: [PATCH 3/4] Update README.md Updated installation instructions for the new .env file and dependencies --- README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/README.md b/README.md index 1816042..2ec1693 100644 --- a/README.md +++ b/README.md @@ -21,3 +21,14 @@ A fun little Discord bot built with `discord.py` that can greet users and answer ```bash git clone https://github.com/your-username/discord-math-bot.git cd discord-math-bot + +2. Create ``.env`` file that stores your discord bot token as: + ```env + DISCORD_TOKEN=your-discord-bot-token-here + +> [!WARNING] +> NOTE: Never commit your ``.env`` file to version control, as it will expose your bot token. It will automatically be ignored via ``.gitignore``. + +3. Install dependencies by running: + ```bash + pip install -r requirements.txt From d4d1417e85d3c60489e20a150d15b7b1b5e64fcb Mon Sep 17 00:00:00 2001 From: pixelbitie <118837180+pixelbitie@users.noreply.github.com> Date: Sat, 10 May 2025 00:25:06 +0800 Subject: [PATCH 4/4] Update lowchi.py Update lowchi.py Fixes the following: - Exchanges eval() function (which was vulnerable) to safer simpleeval function - Makes it so that the bot token is loaded from an environment variable instead of being directly exposed in the code Added requirements.txt and .gitignore files to facilitate these changes. Resolves #1 --- lowchi.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lowchi.py b/lowchi.py index 0b1957e..ec315d0 100644 --- a/lowchi.py +++ b/lowchi.py @@ -1,5 +1,8 @@ import discord +import os from discord.ext import commands +from simpleeval import simple_eval +from dotenv import load_dotenv bot = discord.Bot() # Create a bot instance @@ -21,7 +24,7 @@ async def math(ctx, *, question: str): expression = question.lower().replace('what is', '').strip() # Evaluate the expression try: - result = eval(expression) + result = simple_eval(expression) # Respond to the user await ctx.send(f"Hi {ctx.author.name}, the answer is {result}! Do you want to know why?") # Wait for user response @@ -41,4 +44,6 @@ async def math(ctx, *, question: str): await ctx.send("Sorry, I couldn't understand the expression. Please provide a valid math question.") # Run the bot with your Discord bot token -bot.run('DISCORD.TOKEN') +load_dotenv() # Load from .env +token = os.getenv("DISCORD_TOKEN") +bot.run(token)