[pull] master from sherlock-project:master #102
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BoardGameGeek changed from /user/{} to /profile/{} URL structure.
Also updated from message to status_code detection as the site
no longer returns clear error messages for non-existent users.
BoardGameGeek returns identical pages for both existing and non-existing users, making reliable username detection impossible with HTTP-based methods. The site likely uses JavaScript to load user-specific content dynamically.
Using the API endpoint suggested by akh7177: https://api.geekdo.com/api/users?username={} However, there's an edge case where valid users contain empty arrays in their JSON response (adminBadges[], userMicrobadges[], supportYears[]) which causes Sherlock's substring matching to incorrectly flag them as 'not found' when looking for the '[]' error pattern. The API correctly returns: - Valid user: JSON object with user data (but contains [] substrings) - Invalid user: Exactly '[]' (2 characters total) This needs further refinement to distinguish between the exact '[]' response vs JSON containing '[]' substrings.
BoardGameGeek cannot be reliably detected with Sherlock's current capabilities: - Original HTML detection: Returns false positives - API endpoint approach: The API returns status 200 for both valid and invalid users - Invalid user: Returns exactly '[]' - Valid user: Returns JSON containing '[]' substrings (e.g., "adminBadges":[]) Since Sherlock's 'message' errorType uses substring matching, it incorrectly identifies valid users as "not found" when checking for '[]' in the response. The site's API response format is fundamentally incompatible with Sherlock's detection methods (message/status_code/response_url), so removal is the only viable solution to prevent false positives and false negatives. Addresses false positive issue originally reported in testing.
- Added BoardGameGeek back using the new API endpoint suggested by @ppfeister - Uses https://api.geekdo.com/api/accounts/validate/username?username={} for detection - errorMsg checks for '"isValid":true' to detect valid usernames - This approach avoids the previous issues with: * HTML parsing returning false positives * User API returning JSON with '[]' substrings that caused detection problems - Successfully tested with both valid (blue) and invalid usernames Thanks @ppfeister for the API suggestion and @akh7177 for the initial guidance
…sitive fix(sites): Update BoardGameGeek URL structure and detection method
Add support for WakaTime
fix(ci): Use merge-base for correct target validation
Removed duplicate Bluesky entry in data.json
fix(sites): Remediate false positive for Blitz Tactics
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )