[pull] master from sherlock-project:master #101
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Not sure why it's not in my patch file, but I was removing via sed in my spec instead.
Co-authored-by: Paul Pfeister <code@pfeister.dev>
feat: Add some popular website in Korea
chore: update code owners
fix(sites): Remediate false positive for AllMyLinks
fix(sites): Remediate false positive for DeviantArt
fix(sites): Remediate false positive for Mydramalist
…ussions fix(sites): Remediate false positive for Apple Discussions
This fix addresses a critical security vulnerability where HTTP requests could hang indefinitely, potentially causing denial of service. Changes: - Added 10-second timeout to version check API call - Added 10-second timeout to GitHub pull request API call - Added 30-second timeout to data file downloads (larger timeout for data) - Added 10-second timeout to exclusions list download Impact: - Prevents infinite hangs that could freeze the application - Improves user experience with predictable response times - Fixes security issue flagged by Bandit static analysis (B113) - Makes the application more robust in poor network conditions The timeouts are conservative enough to work with slow connections while preventing indefinite blocking that could be exploited.
Threads was showing false positives for non-existent users because the error message detection was incorrect. Updated errorMsg: - Old: "<title>Threads</title>" (generic, matches valid pages too) - New: "<title>Threads • Log in</title>" (specific to non-existent users) When a user doesn't exist, Threads redirects to a login page with the title "Threads • Log in". Valid user profiles have titles like "Username (@username) • Threads, Say more". Tested with: - Invalid user (impossibleuser12345): Correctly not found - Valid user (zuck): Correctly found This fixes the false positive issue where non-existent Threads profiles were being reported as found.
- Adds docker-build-test job to regression.yml - Runs on push/merge to master and release branches - Extracts VERSION_TAG from pyproject.toml for build - Tests that Docker image builds and runs successfully - Resolves dockerfile syntax warnings - Resolves #2196"
fix(sites): Remediate False Positive for Roblox
fix(sites): Remediate False Positive for SlideShare
fix(sites): Remediate False Positives for CyberDefenders
fix(sites): Fix Threads false positive detection
Support multiple errorType checks
Security Fix: Add timeout parameters to HTTP requests
feat: gracefully skip sites with invalid errorType
Workflows where a txt file is still required should use --txt
chore: make default --no-txt
…cker-build-test Add Docker build test to CI workflow (#2196)
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
7 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )