From 11d51f38645eee88cf56f27a26a0edb563b7fcaf Mon Sep 17 00:00:00 2001 From: Rezha Julio Date: Fri, 1 May 2026 23:03:22 +0700 Subject: [PATCH] chore: sanitize spam example references Replace real-looking Telegram invite hashes and @username from spam examples in code comments and tests with obvious placeholders so the repository does not propagate (or appear to endorse) actual scam links. --- src/bot/handlers/bio_bait.py | 8 ++++---- tests/test_bio_bait.py | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/bot/handlers/bio_bait.py b/src/bot/handlers/bio_bait.py index 758e80d..12efed3 100644 --- a/src/bot/handlers/bio_bait.py +++ b/src/bot/handlers/bio_bait.py @@ -11,9 +11,9 @@ 1. Bait phrase in the message text (e.g. "cek bio aku", "liat byoh"). 2. The user's *Telegram profile bio* itself contains promo/scam links - (e.g. "VIP BCL t.me/+KVUG7Nzphek0N2M1"). In this case the group message - may be innocuous; the spam is in the bio. We fetch the bio once per - hour per user and cache it. + (private t.me/+ invite links and/or non-whitelisted @mentions). In + this case the group message may be innocuous; the spam is in the bio. + We fetch the bio once per hour per user and cache it. On match the handler deletes the message, restricts the user, and posts a notification to the warning topic. @@ -99,7 +99,7 @@ ), ) -# Telegram private invite links (e.g. t.me/+KVUG7Nzphek0N2M1). +# Telegram private invite links (t.me/+). TELEGRAM_INVITE_LINK_RE = re.compile( r"(?:https?://)?(?:t\.me|telegram\.me)/\+[A-Za-z0-9_-]{8,}", re.IGNORECASE, diff --git a/tests/test_bio_bait.py b/tests/test_bio_bait.py index 1e1c85f..1ad321f 100644 --- a/tests/test_bio_bait.py +++ b/tests/test_bio_bait.py @@ -119,11 +119,11 @@ def test_empty_bio(self): assert has_suspicious_bio_links("") is False def test_invite_link(self): - bio = "VIP BCL t.me/+KVUG7Nzphek0N2M1 ASP" + bio = "VIP promo t.me/+exampleinvitehash ASP" assert has_suspicious_bio_links(bio) is True def test_invite_link_with_https(self): - assert has_suspicious_bio_links("https://t.me/+abcdefghij") is True + assert has_suspicious_bio_links("https://t.me/+exampleinvitehash") is True def test_non_whitelisted_public_link(self): assert has_suspicious_bio_links("Join t.me/somerandomscamchannel") is True @@ -325,7 +325,7 @@ async def test_detects_via_bio_links_with_innocuous_message( ): mock_update.message.text = "halo" chat = MagicMock() - chat.bio = "VIP BCL t.me/+KVUG7Nzphek0N2M1" + chat.bio = "VIP promo t.me/+exampleinvitehash" mock_context.bot.get_chat = AsyncMock(return_value=chat) with patch("bot.handlers.bio_bait.get_group_config_for_update", return_value=group_config): @@ -352,7 +352,7 @@ async def test_no_text_with_bad_bio_triggers_restriction( mock_update.message.text = None mock_update.message.caption = None chat = MagicMock() - chat.bio = "VIP t.me/+abcdefghij" + chat.bio = "VIP t.me/+exampleinvitehash" mock_context.bot.get_chat = AsyncMock(return_value=chat) with patch("bot.handlers.bio_bait.get_group_config_for_update", return_value=group_config): @@ -365,7 +365,7 @@ async def test_restriction_clears_bio_cache( ): mock_update.message.text = "halo" chat = MagicMock() - chat.bio = "VIP t.me/+abcdefghij" + chat.bio = "VIP t.me/+exampleinvitehash" mock_context.bot.get_chat = AsyncMock(return_value=chat) with patch("bot.handlers.bio_bait.get_group_config_for_update", return_value=group_config): @@ -399,7 +399,7 @@ async def test_restrict_failure_for_bio_link_uses_no_restrict_template( ): mock_update.message.text = "halo" chat = MagicMock() - chat.bio = "VIP t.me/+abcdefghij" + chat.bio = "VIP t.me/+exampleinvitehash" mock_context.bot.get_chat = AsyncMock(return_value=chat) mock_context.bot.restrict_chat_member = AsyncMock(side_effect=Exception("fail"))