[SECURITY] DoS vulnerability: Infinite loop in ParseMention#member_mention #151
Description
DiscordChatExporterPy Version
3.0.1 (Although first noticed in a much older version)
Discord Version
2.6.4 (Not relevant)
Bug Description
Noticed my discord bot was stuck at 100% and checked the profile, noticed that it was spending 100% of the CPU time inside the member_mention function
Issue: a cleverly crafted Member#display_name can cause member_mention to infinitely match the input content if the user's display_name itself is formatted like a mention.
Example reproduction:
import asyncio
from unittest.mock import Mock
from chat_exporter.parse.mention import ParseMention
print("=== Working Case ===")
member1 = Mock(name="member")
member1.id = 1234567890
member1.display_name = "NormalUser"
guild1 = Mock(name="guild")
guild1.get_member = Mock(return_value=member1)
parse_mention1 = ParseMention("<@1234567890>", guild1)
asyncio.run(parse_mention1.member_mention())
print(parse_mention1.content)
print("\n=== Problematic Case (would cause infinite loop) ===")
member2 = Mock(name="member")
member2.id = 1234567890
member2.display_name = "<@999999999>"
guild2 = Mock(name="guild")
guild2.get_member = Mock(return_value=member2)
parse_mention2 = ParseMention("<@1234567890>", guild2)
asyncio.run(parse_mention2.member_mention())
print(parse_mention2.content)Bug Traceback
No response
Additional Information
No response