From ae38fb3c483c39eafa9e4dabacedd9fca41865bf Mon Sep 17 00:00:00 2001
From: Leshana <Leshana@users.noreply.github.com>
Date: Thu, 20 Jul 2017 22:24:27 -0400
Subject: [PATCH] Disable all shell() exec prox for extra security.

We do not use python or nodejs scripts. Our discord bot makes HTTP
requests.  Therefore we can entirely disable this code.  Even if we ever
want to start using these procs for discord integration, we would pipe it
through our HTTP discord proxy, not use shell().
With all instances of shell() disabled, we can't be attacked by it.
---
 code/modules/ext_scripts/irc.dm    | 1 +
 code/modules/ext_scripts/python.dm | 1 +
 2 files changed, 2 insertions(+)

diff --git a/code/modules/ext_scripts/irc.dm b/code/modules/ext_scripts/irc.dm
index 4b125a9604..aef07472d1 100644
--- a/code/modules/ext_scripts/irc.dm
+++ b/code/modules/ext_scripts/irc.dm
@@ -1,4 +1,5 @@
 /proc/send2irc(var/channel, var/msg)
+	return  // VOREStation Edit - Can't exploit shell if we never call shell!
 	if (config.use_irc_bot)
 		if (config.use_node_bot)
 			shell("node bridge.js -h \"[config.irc_bot_host]\" -p \"[config.irc_bot_port]\" -c \"[channel]\" -m \"[msg]\"")
diff --git a/code/modules/ext_scripts/python.dm b/code/modules/ext_scripts/python.dm
index 9b798d80ca..14ec183c35 100644
--- a/code/modules/ext_scripts/python.dm
+++ b/code/modules/ext_scripts/python.dm
@@ -1,4 +1,5 @@
 /proc/ext_python(var/script, var/args, var/scriptsprefix = 1)
+	return  // VOREStation Edit - Can't exploit shell if we never call shell!
 	if(scriptsprefix) script = "scripts/" + script
 
 	if(world.system_type == MS_WINDOWS)