From 5fae8ed4904716bcfeaa946f3687ed5d20506ad1 Mon Sep 17 00:00:00 2001
From: Nxllpointer <Nxllpointer@users.noreply.github.com>
Date: Fri, 21 Oct 2022 16:01:52 +0200
Subject: [PATCH 1/2] Fix Top-Helper message length exploit

One was able to farm Top-Helper message length points by adding invisible characters to help messages
---
 .../commands/tophelper/TopHelpersMessageListener.java      | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/application/src/main/java/org/togetherjava/tjbot/commands/tophelper/TopHelpersMessageListener.java b/application/src/main/java/org/togetherjava/tjbot/commands/tophelper/TopHelpersMessageListener.java
index 58603474cd..a2be00aea3 100644
--- a/application/src/main/java/org/togetherjava/tjbot/commands/tophelper/TopHelpersMessageListener.java
+++ b/application/src/main/java/org/togetherjava/tjbot/commands/tophelper/TopHelpersMessageListener.java
@@ -18,6 +18,8 @@
  * {@link TopHelpersCommand} to pick them up.
  */
 public final class TopHelpersMessageListener extends MessageReceiverAdapter {
+    private static final String UNCOUNTED_CHARS = "[^\\x20-\\x7E]";
+
     private final Database database;
 
     private final Predicate<String> isStagingChannelName;
@@ -65,13 +67,16 @@ private boolean isHelpThread(MessageReceivedEvent event) {
     }
 
     private void addMessageRecord(MessageReceivedEvent event) {
+        String messageContent = event.getMessage().getContentRaw();
+        long messageLength = messageContent.replaceAll(UNCOUNTED_CHARS, "").length();
+
         database.write(context -> context.newRecord(HELP_CHANNEL_MESSAGES)
             .setMessageId(event.getMessage().getIdLong())
             .setGuildId(event.getGuild().getIdLong())
             .setChannelId(event.getChannel().getIdLong())
             .setAuthorId(event.getAuthor().getIdLong())
             .setSentAt(event.getMessage().getTimeCreated().toInstant())
-            .setMessageLength((long) event.getMessage().getContentRaw().length())
+            .setMessageLength(messageLength)
             .insert());
     }
 }

From 2bc7e18bccd2480b4d52c219475bec855e25d0e1 Mon Sep 17 00:00:00 2001
From: Nxllpointer <Nxllpointer@users.noreply.github.com>
Date: Fri, 21 Oct 2022 16:32:49 +0200
Subject: [PATCH 2/2] Made RegEx more readable and added info

---
 .../commands/tophelper/TopHelpersMessageListener.java     | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/application/src/main/java/org/togetherjava/tjbot/commands/tophelper/TopHelpersMessageListener.java b/application/src/main/java/org/togetherjava/tjbot/commands/tophelper/TopHelpersMessageListener.java
index a2be00aea3..52815bbdb6 100644
--- a/application/src/main/java/org/togetherjava/tjbot/commands/tophelper/TopHelpersMessageListener.java
+++ b/application/src/main/java/org/togetherjava/tjbot/commands/tophelper/TopHelpersMessageListener.java
@@ -18,7 +18,13 @@
  * {@link TopHelpersCommand} to pick them up.
  */
 public final class TopHelpersMessageListener extends MessageReceiverAdapter {
-    private static final String UNCOUNTED_CHARS = "[^\\x20-\\x7E]";
+    /**
+     * Matches invisible control characters and unused code points
+     * 
+     * @see <a href="https://www.regular-expressions.info/unicode.html#category">Unicode
+     *      Categories</a>
+     */
+    private static final String UNCOUNTED_CHARS = "\\P{C}";
 
     private final Database database;