AutoMod allowed words can bypass regex filtering rules for the whole message
Description
When an AutoMod rule uses regex to block words from messages but also permits certain matches through the "allowed words and phrases" list, if one of the tokens on that list is matched by the regex first, all further matches beyond it are ignored and allowed as well even if they are not on the “allowed words and phrases” list.
Tests and reproduction steps
As a test, I made a rule containing [ae]n
to block any message containing “an” or “en”, but added the word “bank” to the “allowed words and phrases” list.
I then attempted three tests, two containing the allowed word, one not; but all containing blocked words with “an” or “en”.
Test Results
Test 1 and Test 3 are blocked properly, but Test 2 is not blocked at all.
Both Test 1 and Test 2 contain the allowed word “bank”, and a blocked word “spend”. Test 1 has “spend” before “bank” and is blocked because “spend” is not on the allowed words list. However, Test 2 with “bank” before “spend” is allowed through even though it also has “spend” in it, because “bank” came first and is an allowed word. This causes the AutoMod rule to skip checking the rest of the message, otherwise it would have found “spend” and blocked the message.
Test 3 is a control test with both blocked words “tank” and “spend” not on the allowed words list, so naturally it is blocked properly because of “tank”.
Conclusion
This is not desirable behavior, as bad actors can start their messages with an allowed word if regex is used for an AutoMod rule, disabling the regex for the rest of the message. Please fix this by checking all regex matches rather than only the first one.
This doesn't appear to affect the normal blocked word list, only regex matches.
For Discord Staff: see Zendesk ticket #38695326
Please sign in to leave a comment.
Comments
0 comments