small updates and fixes for 1.40

This commit is contained in:
Kay Marquardt (Gnadelwartz) 2021-02-02 20:33:22 +01:00
parent 1440d56f48
commit f9dab50f84
11 changed files with 56 additions and 50 deletions

View File

@ -350,8 +350,9 @@ It features background tasks and interactive chats, and can serve as an interfac
<p><strong>Never run your Bot as root, this is the most dangerous you can do!</strong> Usually the user 'nobody' has almost no rights on Linux/Unix systems. See <a href="doc/4_expert.md">Expert use</a> on how to run your Bot as an other user.</p> <p><strong>Never run your Bot as root, this is the most dangerous you can do!</strong> Usually the user 'nobody' has almost no rights on Linux/Unix systems. See <a href="doc/4_expert.md">Expert use</a> on how to run your Bot as an other user.</p>
<h3>Secure your Bot installation</h3> <h3>Secure your Bot installation</h3>
<p><strong>Your Bot configuration must not be readable by other users.</strong> Everyone who can read your Bots token is able to act as your Bot and has access to all chats the Bot is in!</p> <p><strong>Your Bot configuration must not be readable by other users.</strong> Everyone who can read your Bots token is able to act as your Bot and has access to all chats the Bot is in!</p>
<p>Everyone with read access to your Bot files can extract your Bots data. Especially your Bot config in<code>config.jssh</code> must be protected against other users. No one except you should have write access to the Bot files. The Bot should be restricted to have write access to<code>count.jssh</code> and <code>data-bot-bash</code> only, all other files must be write protected.</p> <p>Everyone with read access to your Bot files can extract your Bots data. Especially your Bot config in <code>config.jssh</code> must be protected against other users. No one except you should have write access to the Bot files. The Bot should be restricted to have write access to <code>count.jssh</code>, <code>data-bot-bash/</code> and <code>logs/</code> only, all other files must be write protected.</p>
<p>To set access rights for your bashbot installation to a reasonable default run <code>sudo ./bashbot.sh init</code> after every update or change to your installation directory.</p> <p>To set access rights for your bashbot installation to a reasonable default run <code>sudo ./bashbot.sh init</code> after every update or change to your installation directory.</p>
<p><em>Note</em>: Keep old log files in a safe place or even better delete them, they are GDPR relevant and <a href="https://github.com/topkecleon/telegram-bot-bash/issues/174">may contain information</a> you don't want to be public.</p>
<h2>FAQ</h2> <h2>FAQ</h2>
<h3>Is this Bot insecure?</h3> <h3>Is this Bot insecure?</h3>
<p>Bashbot is not more (in)secure than a Bot written in another language. We have done our best to make it as secure as possible. But YOU are responsible for the bot commands you wrote and you should know about the risks ...</p> <p>Bashbot is not more (in)secure than a Bot written in another language. We have done our best to make it as secure as possible. But YOU are responsible for the bot commands you wrote and you should know about the risks ...</p>
@ -391,6 +392,6 @@ It features background tasks and interactive chats, and can serve as an interfac
<p>@Gnadelwartz</p> <p>@Gnadelwartz</p>
<h2>That's it all guys!</h2> <h2>That's it all guys!</h2>
<p>If you feel that there's something missing or if you found a bug, feel free to submit a pull request!</p> <p>If you feel that there's something missing or if you found a bug, feel free to submit a pull request!</p>
<h4>$$VERSION$$ v1.40-dev-29-g737be16</h4> <h4>$$VERSION$$ v1.40-dev-34-g1440d56</h4>
</body> </body>
</html> </html>

View File

@ -169,10 +169,12 @@ For the same reason every file your Bot can read is in danger of being disclosed
### Secure your Bot installation ### Secure your Bot installation
**Your Bot configuration must not be readable by other users.** Everyone who can read your Bots token is able to act as your Bot and has access to all chats the Bot is in! **Your Bot configuration must not be readable by other users.** Everyone who can read your Bots token is able to act as your Bot and has access to all chats the Bot is in!
Everyone with read access to your Bot files can extract your Bots data. Especially your Bot config in`config.jssh` must be protected against other users. No one except you should have write access to the Bot files. The Bot should be restricted to have write access to`count.jssh` and `data-bot-bash` only, all other files must be write protected. Everyone with read access to your Bot files can extract your Bots data. Especially your Bot config in `config.jssh` must be protected against other users. No one except you should have write access to the Bot files. The Bot should be restricted to have write access to `count.jssh`, `data-bot-bash/` and `logs/` only, all other files must be write protected.
To set access rights for your bashbot installation to a reasonable default run `sudo ./bashbot.sh init` after every update or change to your installation directory. To set access rights for your bashbot installation to a reasonable default run `sudo ./bashbot.sh init` after every update or change to your installation directory.
*Note*: Keep old log files in a safe place or even better delete them, they are GDPR relevant and [may contain information](https://github.com/topkecleon/telegram-bot-bash/issues/174) you don't want to be public.
## FAQ ## FAQ
### Is this Bot insecure? ### Is this Bot insecure?
@ -239,4 +241,4 @@ See `mycommnds.sh.dist` for an example.
If you feel that there's something missing or if you found a bug, feel free to submit a pull request! If you feel that there's something missing or if you found a bug, feel free to submit a pull request!
#### $$VERSION$$ v1.40-dev-29-g737be16 #### $$VERSION$$ v1.40-dev-34-g1440d56

View File

@ -233,10 +233,13 @@ Your Bot configuration must not be readable by other users. Everyone who can rea
Bots token is able to act as your Bot and has access to all chats the Bot is in! Bots token is able to act as your Bot and has access to all chats the Bot is in!
Everyone with read access to your Bot files can extract your Bots data. Especially your Everyone with read access to your Bot files can extract your Bots data. Especially your
Bot config in config.jssh must be protected against other users. No one except you should Bot config in config.jssh must be protected against other users. No one except you should
have write access to the Bot files. The Bot should be restricted to have write access have write access to the Bot files. The Bot should be restricted to have write access to
tocount.jssh and data-bot-bash only, all other files must be write protected. count.jssh, data-bot-bash/ and logs/ only, all other files must be write protected.
To set access rights for your bashbot installation to a reasonable default run sudo ./ To set access rights for your bashbot installation to a reasonable default run sudo ./
bashbot.sh init after every update or change to your installation directory. bashbot.sh init after every update or change to your installation directory.
Note: Keep old log files in a safe place or even better delete them, they are GDPR
relevant and may contain information [https://github.com/topkecleon/telegram-bot-bash/
issues/174] you don't want to be public.
FAQ FAQ
@ -315,5 +318,5 @@ That's it all guys!
If you feel that there's something missing or if you found a bug, feel free to submit a If you feel that there's something missing or if you found a bug, feel free to submit a
pull request! pull request!
$$VERSION$$ v1.40-dev-29-g737be16 $$VERSION$$ v1.40-dev-34-g1440d56

View File

@ -30,7 +30,7 @@ BOTCOMMANDS="-h help init start stop status suspendback resumeback killb
# 8 - curl/wget missing # 8 - curl/wget missing
# 10 - not bash! # 10 - not bash!
# #
#### $$VERSION$$ v1.40-dev-32-gd876f75 #### $$VERSION$$ v1.40-dev-34-g1440d56
################################################################## ##################################################################
# are we running in a terminal? # are we running in a terminal?
@ -390,13 +390,13 @@ fi
# $1 URL, $2 filename in DATADIR # $1 URL, $2 filename in DATADIR
# outputs final filename # outputs final filename
#download() { download() {
# local empty="no.file" file="${2:-${empty}}" local empty="no.file" file="${2:-${empty}}"
# if [[ "${file}" = *"/"* ]] || [[ "${file}" = "."* ]]; then file="${empty}"; fi if [[ "${file}" = *"/"* ]] || [[ "${file}" = "."* ]]; then file="${empty}"; fi
# while [ -f "${DATADIR:-.}/${file}" ] ; do file="${RANDOM}-${file}"; done while [ -f "${DATADIR:-.}/${file}" ] ; do file="${RANDOM}-${file}"; done
# getJson "$1" >"${DATADIR:-.}/${file}" || return getJson "$1" >"${DATADIR:-.}/${file}" || return
# printf '%s\n' "${DATADIR:-.}/${file}" printf '%s\n' "${DATADIR:-.}/${file}"
#} }
# $1 postfix, e.g. chatid # $1 postfix, e.g. chatid
# $2 prefix, back- or startbot- # $2 prefix, back- or startbot-

View File

@ -8,14 +8,14 @@
# | |__/ / |_| | | | | | |_| | |__ | |____( (_| | | |__ _ # | |__/ / |_| | | | | | |_| | |__ | |____( (_| | | |__ _
# |_____/ \___/ |_| |_|\___/ \___) |_______)____|_|\___)_| # |_____/ \___/ |_| |_|\___/ \___) |_______)____|_|\___)_|
# #
# this file *MUST* not be edited! place your config and commands in # this file *MUST* not edited! place your config in the file "mycommands.conf"
# the file "mycommands.sh". a clean version is provided as "mycommands.sh.clean" # and commands in "mycommands.sh", a clean version is provided as "mycommands.sh.clean"
# #
# This file is public domain in the USA and all free countries. # This file is public domain in the USA and all free countries.
# Elsewhere, consider it to be WTFPLv2. (wtfpl.net/txt/copying) # Elsewhere, consider it to be WTFPLv2. (wtfpl.net/txt/copying)
# #
#### $$VERSION$$ v1.35-dev-14-g08a0524 #### $$VERSION$$ v1.40-dev-34-g1440d56
# #
# bashbot locale defaults to c.UTF-8, adjust locale in mycommands.sh if needed # bashbot locale defaults to c.UTF-8, adjust locale in mycommands.sh if needed

View File

@ -132,5 +132,5 @@ You must update to [Version 1.20](https://github.com/topkecleon/telegram-bot-bas
#### [Next Create Bot](1_firstbot.md) #### [Next Create Bot](1_firstbot.md)
#### $$VERSION$$ v1.30-0-g3266427 #### $$VERSION$$ v1.40-dev-34-g1440d56

View File

@ -372,5 +372,5 @@ send_action "${CHAT[ID]}" "action"
#### [Prev Create Bot](1_firstbot.md) #### [Prev Create Bot](1_firstbot.md)
#### [Next Advanced Usage](3_advanced.md) #### [Next Advanced Usage](3_advanced.md)
#### $$VERSION$$ v1.35-dev-31-ga3eec98 #### $$VERSION$$ v1.40-dev-34-g1440d56

View File

@ -190,7 +190,7 @@ Note: Background jobs run independent from main bot and continue running until y
In order to enable **inline mode**, send `/setinline` command to [@BotFather](https://telegram.me/botfather) and provide the placeholder text that the user will see in the input field after typing your bots name. In order to enable **inline mode**, send `/setinline` command to [@BotFather](https://telegram.me/botfather) and provide the placeholder text that the user will see in the input field after typing your bots name.
The following commands allows you to send ansers to *inline queries*. To enable bashbot to process inline queries set `INLINE="1"`in 'mycommands.sh'. The following commands allows you to send ansers to *inline queries*. To enable bashbot to process inline queries set `INLINE="1"` in `mycommands.sh`.
To send messages or links through an *inline query*: To send messages or links through an *inline query*:
```bash ```bash
@ -302,5 +302,5 @@ Note: If you disable automatic retry, se above, you disable also connection prob
#### [Prev Getting started](2_usage.md) #### [Prev Getting started](2_usage.md)
#### [Next Expert Use](4_expert.md) #### [Next Expert Use](4_expert.md)
#### $$VERSION$$ v1.30-0-g3266427 #### $$VERSION$$ v1.40-dev-34-g1440d56

View File

@ -434,5 +434,5 @@ for every poll until the maximum of BASHBOT_SLEEP ms.
#### [Prev Advanced Use](3_advanced.md) #### [Prev Advanced Use](3_advanced.md)
#### [Next Best Practice](5_practice.md) #### [Next Best Practice](5_practice.md)
#### $$VERSION$$ v1.30-0-g3266427 #### $$VERSION$$ v1.40-dev-34-g1440d56

View File

@ -160,5 +160,5 @@ The second warning is about an unused variable, this is true because in our exam
#### [Prev Best Practice](5_practice.md) #### [Prev Best Practice](5_practice.md)
#### [Next Functions Reference](6_reference.md) #### [Next Functions Reference](6_reference.md)
#### $$VERSION$$ v1.30-0-g3266427 #### $$VERSION$$ v1.40-dev-34-g1440d56

View File

@ -4,7 +4,7 @@
# File: processUpdates.sh # File: processUpdates.sh
# Note: DO NOT EDIT! this file will be overwritten on update # Note: DO NOT EDIT! this file will be overwritten on update
# #
#### $$VERSION$$ v1.40-dev-33-g969c7a9 #### $$VERSION$$ v1.40-dev-34-g1440d56
################################################################## ##################################################################
############## ##############
@ -82,7 +82,7 @@ process_update() {
process_message "${num}" "${debug}" process_message "${num}" "${debug}"
printf "%(%c)T: update received FROM=%s CHAT=%s CMD=%s\n" -1 "${USER[USERNAME]:0:20} (${USER[ID]})"\ printf "%(%c)T: update received FROM=%s CHAT=%s CMD=%s\n" -1 "${USER[USERNAME]:0:20} (${USER[ID]})"\
"${CHAT[USERNAME]:0:20}${CHAT[TITLE]:0:30} (${CHAT[ID]})"\ "${CHAT[USERNAME]:0:20}${CHAT[TITLE]:0:30} (${CHAT[ID]})"\
"${MESSAGE:0:30}${CAPTION:0:30}$(: "${URL[*]/bot*:}"; printf "%s" "${_//[A-Z-]}")" >>"${UPDATELOG}" "${MESSAGE:0:30}${CAPTION:0:30}$(: "${URLS[*]//bot*:}"; printf "%s" "${_//[A-Z-]}")" >>"${UPDATELOG}"
fi fi
##### #####
# process inline and message events # process inline and message events