AutoMod Bypass with Allowlist Wildcards (Blocking Links)

[mxcabre]

Description

AutoMod rules can be bypassed when an allowlist contains wildcards, and users write forbidden words or links without spaces. This allows users to circumvent filtering (e.g., links) while still permitting links from specific domains such as discord.com.

Proposed Solutions

1. Default Behavior Adjustment:

   • Ensure that the allowlist wildcards only consume the characters explicitly matched by the regex.

2. Enhanced Wildcard Options:

   • Add a + character alongside the existing * wildcard in the allowlist.
   • This new + wildcard would instruct the AutoMod rules engine to consume only the characters matched by the regex itself (if matched by a regex).

3. Discord-Provided Link Rule:

   • Introduce a pre-built "Discord-provided" AutoMod rule specifically for filtering links.
   • Allow moderators to specify allowed domains and paths directly in the rule.
   • This would enable better optimization of link filtering while offering an improved user experience for end users and server moderators.

Steps to Reproduce

1. Create an AutoMod rule with the following regex:

https?:\/\/[^\s<]+[^<.,:;"')\]\s]

2. Add https://discord.com/* to the allowlist.
3. Send the following message in chat:

https://discord.com<>https://evil-domain.com

Expected Behavior

• The wildcard in the allowlist should not consume characters in a way that prevents the rule from matching multiple occurrences.
• AutoMod should still block the forbidden links while correctly allowing links from discord.com.

Current Behavior

• Wildcards in the allowlist consume characters improperly, causing the regex to fail at matching multiple occurrences of links.
• This allows bypassing of AutoMod rules when combining valid and invalid links.

Screenshots/Videos

No response

Client and System Information

N/A