Add command whitelist/blacklist support (#133)

* Stub in whitelist

* Add blacklist/whitelist checking with test

* Implement blacklist/whitelist checking

* Remove :reload on requires and add whitelist/blacklist docs

* Add test for no whitelist or blacklist

Author: devth

config/config.sample.edn

@@ -56,6 +56,21 @@
             :embedded {:enabled "false"}
             ;; Whether to enable having a fallback command. Default is true.
             :fallback {:enabled "true"}
+
+            ;; Whitelists and blackists: these can be used to enable/disable
+            ;; specific commands. Only one of these must be specified. If both
+            ;; are specified, it is considered an error and will crash Yetibot
+            ;; on startup. By default there is no whitelist or blacklist.
+            ;;
+            ;; Whitelist: when whitelist is specified, all commands are disabled
+            ;; except those present in the `whitelist` collection. Example:
+            ;;
+            ;; :whitelist ["echo" "list"]
+            ;;
+            ;; Blacklist: when blacklist is specified, all commands are enabled
+            ;; except those present in the `blacklist` collection. Example:
+            ;;
+            ;; :blackist ["echo" "list"]
             }
   ;; the default command to fall back to if no other commands match
   :default {:command "giphy"}

config/profiles.sample.clj

@@ -22,6 +22,23 @@
    ;; Whether to enable having a fallback command. Default is true.
    :yetibot-command-fallback-enabled "true"
 
+   ;; Whitelists and blackists: these can be used to enable/disable specific
+   ;; commands. Only one of these must be specified. If both are specified, it
+   ;; is considered an error and will crash Yetibot on startup. By default there
+   ;; is no whitelist or blacklist.
+   ;;
+   ;; Whitelist: when whitelist is specified, all commands are disabled except
+   ;; those present in the `whitelist` collection. Example:
+   ;;
+   ;; :yetibot-command-whitelist-0 "echo"
+   ;; :yetibot-command-whitelist-1 "list"
+   ;;
+   ;; Blacklist: when blacklist is specified, all commands are enabled except
+   ;; those present in the `blacklist` collection. Example:
+   ;;
+   ;; :yetibot-command-blacklist-0 "echo"
+   ;; :yetibot-command-blacklist-1 "list"
+
    ;; Yetibot needs a Postgres instance to run against.
    :yetibot-db-url "postgresql://localhost:5432/yetibot"
    :yetibot-db-table-prefix "yetibot_"

config/sample.env

@@ -11,6 +11,23 @@ YETIBOT_COMMAND_EMBEDDED_ENABLED="false"
 # Whether to enable having a fallback command. Default is true.
 YETIBOT_COMMAND_FALLBACK_ENABLED="true"
 
+# Whitelists and blackists: these can be used to enable/disable specific
+# commands. Only one of these must be specified. If both are specified, it
+# is considered an error and will crash Yetibot on startup. By default there
+# is no whitelist or blacklist.
+#
+# Whitelist: when whitelist is specified, all commands are disabled except
+# those present in the `whitelist` collection. Example:
+
+# YETIBOT_COMMAND_WHITELIST_0="echo"
+# YETIBOT_COMMAND_WHITELIST_1="list"
+
+# Blacklist: when blacklist is specified, all commands are enabled except
+# those present in the `blacklist` collection. Example:
+#
+# :yetibot-command-blacklist-0 "echo"
+# :yetibot-command-blacklist-1 "list"
+
 # Yetibot needs a Postgres instance to run against.
 YETIBOT_DB_URL="postgresql://localhost:5432/yetibot"
 YETIBOT_DB_TABLE_PREFIX="yetibot_"

src/yetibot/core/hooks.clj

@@ -1,16 +1,16 @@
 (ns yetibot.core.hooks
   (:require
-    [yetibot.core.models.admin :as admin]
-    [clojure.set :refer [difference intersection]]
-    [taoensso.timbre :refer [color-str trace debug info warn error]]
-    [yetibot.core.handler]
-    [clojure.string :as s]
-    [metrics.timers :as timers]
-    [yetibot.core.models.channel :as c]
-    [yetibot.core.interpreter :refer [handle-cmd]]
-    [yetibot.core.models.help :as help]
-    [robert.hooke :as rh]
-    [clojure.stacktrace :as st]))
+   [yetibot.core.models.admin :as admin]
+   [clojure.set :refer [intersection]]
+   [taoensso.timbre :refer [color-str trace debug info warn error]]
+   [yetibot.core.handler]
+   [clojure.string :as s]
+   [metrics.timers :as timers]
+   [yetibot.core.models.channel :as c]
+   [yetibot.core.interpreter :refer [handle-cmd]]
+   [yetibot.core.models.help :as help]
+   [robert.hooke :as rh]
+   [yetibot.core.util.command :refer [command-enabled?]]))
 
 (def ^:private Pattern java.util.regex.Pattern)
 
@@ -80,25 +80,28 @@
     ;; ensure the user is allowed to run this command
     (if (and admin-only-command? (not user-is-admin?))
       {:result/error (format
-                       "Only admins are allowed to execute %s commands" cmd)}
+                      "Only admins are allowed to execute %s commands" cmd)}
       ;; find the top level command and its corresponding sub-cmds
       (if-let [[cmd-re sub-cmds] (find-sub-cmds cmd)]
         ;; Now try to find a matching sub-commands
         (if-let [[match sub-fn] (match-sub-cmds args sub-cmds)]
+          ;; TODO check if command is whitelisted or blacklisted
           ;; extract category settings
-          (let [disabled-cats (if settings (settings c/cat-settings-key) #{})
-                fn-cats (set (:yb/cat (meta sub-fn)))]
-            (if-let [matched-disabled-cats (seq (intersection disabled-cats fn-cats))]
-              (str
-                (s/join ", " (map name matched-disabled-cats))
-                " commands are disabled in this channel🖐")
-              (timers/time!
-               (timers/timer ["yetibot" cmd (str (:name (meta sub-fn)))])
-               (sub-fn (merge extra {:cmd cmd :args args :match match})))))
+          (if (command-enabled? cmd)
+            (let [disabled-cats (if settings (settings c/cat-settings-key) #{})
+                  fn-cats (set (:yb/cat (meta sub-fn)))]
+              (if-let [matched-disabled-cats (seq (intersection disabled-cats fn-cats))]
+                (str
+                 (s/join ", " (map name matched-disabled-cats))
+                 " commands are disabled in this channel🖐")
+                (timers/time!
+                 (timers/timer ["yetibot" cmd (str (:name (meta sub-fn)))])
+                 (sub-fn (merge extra {:cmd cmd :args args :match match})))))
+            {:result/error (format "`%s` is disabled in this Yetibot" cmd)})
           ;; couldn't find any sub commands so default to help.
           (:value
-            (yetibot.core.handler/handle-unparsed-expr
-              (str "help " (get @re-prefix->topic (str cmd-re))))))
+           (yetibot.core.handler/handle-unparsed-expr
+            (str "help " (get @re-prefix->topic (str cmd-re))))))
         (callback cmd-with-args extra)))))
 
 ;; Hook the actual handle-cmd called during interpretation.

src/yetibot/core/loader.clj

@@ -32,7 +32,7 @@
 
 (defn load-ns [arg]
   (debug "Loading" arg)
-  (try (require arg :reload)
+  (try (require arg)
        arg
        (catch Exception e
          (warn "WARNING: problem requiring" arg "hook:" (.getMessage e))

src/yetibot/core/util/command.clj

@@ -5,6 +5,60 @@
     [yetibot.core.models.help :as help]
     [yetibot.core.parser :refer [parser]]))
 
+(s/def ::whitelist-config (s/coll-of string?))
+(s/def ::blacklist-config (s/coll-of string?))
+
+(defn pattern-config-set
+  [spec path]
+  (set
+   (->>
+    (get-config spec path)
+    :value
+    (map re-pattern))))
+
+(defn whitelist []
+  (pattern-config-set ::whitelist-config [:command :whitelist]))
+
+(defn blacklist []
+  (pattern-config-set ::blacklist-config [:command :blacklist]))
+
+(defn throw-config-error! []
+  (throw
+   (ex-info
+    "Invalid configuration: whitelist and blacklist cannot both be specified"
+    {:whitelist whitelist
+     :blacklist blacklist})))
+
+;; check config and error on startup if invalid
+(when (and (seq (whitelist)) (seq (blacklist)))
+  (throw-config-error!))
+
+(defn any-match? [patterns s]
+  (some #(re-find % s) patterns))
+
+(defn command-enabled?
+  "Given a command prefix, determine whether or not it is enabled.
+
+   Users can specify either a whitelist collection of command patterns or a
+   blacklist collection of patterns, but not both.
+
+   If a whitelist is specified, all commands are disabled *except* those in the
+   whitelist.
+
+   If a blacklist is specified, all commands are enabled *except* those in the
+   blacklist."
+  [command]
+  (boolean
+   (cond
+     ;; blow up if both
+     (and (seq (whitelist)) (seq (blacklist))) (throw-config-error!)
+     ;; whitelist checking
+     (seq (whitelist)) (any-match? (whitelist) command)
+     ;; blacklist checking
+     (seq (blacklist)) (not (any-match? (blacklist) command))
+     ;; neither blacklist nor whitelist are configured
+     :else true)))
+
 (defn error?
   "Determine whether a value is an error map"
   [x]

src/yetibot/core/webapp/route_loader.clj

@@ -11,7 +11,7 @@
 ;; TODO: remove dupe between loader ns and this
 (defn load-ns [arg]
   (info "Loading" arg)
-  (try (require arg :reload)
+  (try (require arg)
        arg
        (catch Exception e
          (warn "WARNING: problem requiring" arg (.getMessage e))

test/yetibot/core/test/util/command.clj

@@ -1,25 +1,38 @@
 (ns yetibot.core.test.util.command
   (:require
-    ;; yetibot.core.commands.echo
-    [clojure.test :refer :all]
-    [yetibot.core.util.command :refer :all]))
+   yetibot.core.commands.echo
+   [midje.sweet :refer [fact facts => against-background]]
+   [yetibot.core.util.command :refer [whitelist blacklist
+                                      embedded-cmds command-enabled?]]))
 
-;; embedded commands
+(facts "About embedded commands"
+       (fact "Embedded commands that aren't actually known commands are not parsed"
+             (embedded-cmds "`these` are the `invalid embedded commands`") => empty?)
+       (fact
+        "Known embedded commands are properly extracted"
+        (embedded-cmds "`echo your temp:` wonder what the `temp 98101` is")
+        => [[:expr
+             [:cmd
+              [:words "echo" [:space " "] "your" [:space " "] "temp:"]]]]))
 
-(deftest test-embedded-cmds
-  (testing
-    "Embedded commands that aren't actually known commands are not parsed"
-    (is
-      (empty?
-        (embedded-cmds "`these` are the `invalid embedded commands`"))))
+(facts "About whitelists and blacklists"
+       (against-background
+        [(whitelist) => #{#"list"} (blacklist) => #{}]
+        (fact "echo is not whitelisted"
+              (command-enabled? "echo") => false)
+        (fact "list is whitelisted"
+              (command-enabled? "list") => true))
 
-  (testing
-    "Known embedded commands are properly extracted"
-    (is
-      (=
-       ;; temp shouldn't be included because it's not a command/alias in the
-       ;; test env
-       (embedded-cmds "`echo your temp:` wonder what the `temp 98101` is")
-       [[:expr
-         [:cmd
-          [:words "echo" [:space " "] "your" [:space " "] "temp:"]]]]))))
+       (against-background
+        [(whitelist) => #{} (blacklist) => #{#"list"}]
+        (fact "echo is not blacklisted"
+              (command-enabled? "echo") => true)
+        (fact "list is blacklisted"
+              (command-enabled? "list") => false))
+
+       (against-background
+        [(whitelist) => #{} (blacklist) => #{}]
+        (fact "echo is enabled by default"
+              (command-enabled? "echo") => true)
+        (fact "list is enabled by default"
+              (command-enabled? "list") => true)))

tests.edn

@@ -0,0 +1,8 @@
+#kaocha/v1
+{:tests [{:id :unit
+          :type :kaocha.type/midje
+          ;; OPTIONAL. default value is "test"
+          :test-paths ["test"]
+          ;; OPTIONAL. default value is ".*-test"
+          :ns-patterns [".*"]
+          }]}