mirror/maigret
1
0
Fork 0
mirror of https://github.com/soxoj/maigret.git synced 2026-05-14 10:25:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,318 Commits 18 Branches 34 Tags
016ac5365bc8ecfd2c839117cb02c4b84794ebe6
Commit Graph

1318 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot] 016ac5365b build(deps): bump requests from 2.33.1 to 2.34.1 
Bumps [requests](https://github.com/psf/requests) from 2.33.1 to 2.34.1.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.33.1...v2.34.1)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.34.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-14 06:04:35 +00:00
dependabot[bot] ef37855d78 build(deps): bump reportlab from 4.5.0 to 4.5.1 (#2645) 
Bumps [reportlab](https://www.reportlab.com/) from 4.5.0 to 4.5.1.

---
updated-dependencies:
- dependency-name: reportlab
  dependency-version: 4.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-13 22:20:52 +02:00
dependabot[bot] 50aa454ff6 build(deps): bump idna from 3.14 to 3.15 (#2647) 
Bumps [idna](https://github.com/kjd/idna) from 3.14 to 3.15.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)
- [Commits](https://github.com/kjd/idna/compare/v3.14...v3.15)

---
updated-dependencies:
- dependency-name: idna
  dependency-version: '3.15'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-13 15:38:50 +02:00
Raz Ben Yaish 650f990547 test(checking): cover CurlCffiChecker proxy forwarding (#2652) 2026-05-13 13:33:17 +02:00
Raz Ben Yaish b3c216eaac fix(Gravatar): refresh stale usernameClaimed sample (#2651) 2026-05-13 13:03:42 +02:00
Raz Ben Yaish 8483777810 fix(checking): apply --proxy to CurlCffiChecker (#2648) 2026-05-13 12:57:47 +02:00
Raz Ben Yaish 4d7c146fef fix(linktr.ee): switch detector from message check to status_code (#2649) 2026-05-13 12:37:38 +02:00
Raz Ben Yaish 785776021b fix(Duolingo): refresh stale usernameClaimed sample (#2650) 2026-05-13 12:14:40 +02:00
dependabot[bot] 1e99b6a07c build(deps-dev): bump mypy from 2.0.0 to 2.1.0 (#2644) 
Bumps [mypy](https://github.com/python/mypy) from 2.0.0 to 2.1.0.
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/python/mypy/compare/v2.0.0...v2.1.0)

---
updated-dependencies:
- dependency-name: mypy
  dependency-version: 2.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-12 13:40:03 +02:00
dependabot[bot] 3d545dbcfd build(deps): bump urllib3 from 2.6.3 to 2.7.0 (#2642) 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.3 to 2.7.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-11 21:21:07 +02:00
Soxoj 203d712fa5 Update links to the community Telegram bot (#2641) 2026-05-11 19:41:43 +02:00
dependabot[bot] d50c80ff68 build(deps): bump idna from 3.13 to 3.14 (#2639) 
Bumps [idna](https://github.com/kjd/idna) from 3.13 to 3.14.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](https://github.com/kjd/idna/compare/v3.13...v3.14)

---
updated-dependencies:
- dependency-name: idna
  dependency-version: '3.14'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-11 10:26:11 +02:00
dependabot[bot] 594f4ca903 build(deps-dev): bump coverage from 7.13.5 to 7.14.0 (#2638) 
Bumps [coverage](https://github.com/coveragepy/coveragepy) from 7.13.5 to 7.14.0.
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](https://github.com/coveragepy/coveragepy/compare/7.13.5...7.14.0)

---
updated-dependencies:
- dependency-name: coverage
  dependency-version: 7.14.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-11 10:26:00 +02:00
@aaronjmars f413603431 fix(security): harden /reports path containment via send_from_directory (#2635) 
The previous /reports/<path:filename> handler resolved the filename with
os.path.normpath and gated send_file on file_path.startswith(REPORTS_FOLDER).
Plain ../ traversal was rejected because the resolved path no longer started
with REPORTS_FOLDER, but a sibling-prefix variant slipped through: a request
of the form ..%2F<reports_root_basename>2/<file> resolves to a path like
/tmp/maigret_reports2/<file>, which still starts with /tmp/maigret_reports
and was served back to the caller.

Replace the manual normpath+startswith check with Flask's send_from_directory,
which delegates to werkzeug.security.safe_join. safe_join enforces a real
boundary against the resolved directory, rejects absolute paths, and refuses
.. segments that escape the root.

Tests: 4 new test_download_report_* cases in tests/test_web.py covering the
happy path, ../ traversal, the sibling-prefix bypass (regression test —
fails on the pre-fix code, passes on the new code), and absolute paths.

Detected by Aeon + manual review of maigret.web.app.
Severity: low (web UI defaults to FLASK_HOST=127.0.0.1; the Docker `web`
target binds 0.0.0.0; exploitation reads files from sibling /tmp directories,
which is bounded by who can place files there).
CWE-22.

Co-authored-by: aeonframework <aeon-bot@aaronjmars.com>
 2026-05-10 17:12:51 +03:00
Soxoj adbeb53618 Update download badge links in README.md (#2636) 2026-05-10 10:43:05 +03:00
Soxoj 264bae34d6 Add test for CheckError bug (#2631) 2026-05-09 16:11:07 +03:00
idontknow 9838176205 Fix context field using class instead of instance in error handling (#2627) 
In process_site_result(), when a check_error is present, the context
field was set to str(CheckError) (the class itself) instead of
str(check_error) (the error instance). This caused the context to
contain the string representation of the class rather than the actual
error message.

Before fix: context = "<class 'maigret.errors.CheckError'>"
After fix: context = "Request timeout error: slow server"
 2026-05-09 10:58:06 +03:00
Soxoj 5c93b206e7 Cloudflare bypass webgate (#2628) 2026-05-09 10:48:43 +03:00
dependabot[bot] b98a134fcf build(deps-dev): bump mypy from 1.20.2 to 2.0.0 (#2625) 
Bumps [mypy](https://github.com/python/mypy) from 1.20.2 to 2.0.0.
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/python/mypy/compare/v1.20.2...v2.0.0)

---
updated-dependencies:
- dependency-name: mypy
  dependency-version: 2.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-07 23:52:15 +03:00
dependabot[bot] 1258ee0898 build(deps): bump python-bidi from 0.6.7 to 0.6.9 (#2622) 
Bumps [python-bidi](https://github.com/MeirKriheli/python-bidi) from 0.6.7 to 0.6.9.
- [Release notes](https://github.com/MeirKriheli/python-bidi/releases)
- [Changelog](https://github.com/MeirKriheli/python-bidi/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/MeirKriheli/python-bidi/compare/v0.6.7...v0.6.9)

---
updated-dependencies:
- dependency-name: python-bidi
  dependency-version: 0.6.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-06 10:55:08 +02:00
Soxoj 79e93ab715 AI mode documentation (#2620) 2026-05-05 22:21:00 +02:00
Danilo Salve 52c8917e2c refactor:reduces the cognitive complexity of get_ai_analysis (#2581) 2026-05-05 20:52:34 +02:00
Soxoj 846feb6e7e Add web interface tests (#2619) 2026-05-05 19:32:01 +02:00
Sayon Dey c510734e5e Fix network graph height to use viewport units (#2590) 2026-05-05 18:46:47 +02:00
Soxoj 03b62027f6 Fixed duplicates of YouTube and Periscope (#2618) 2026-05-05 14:02:37 +02:00
Soxoj f293bff417 Fix site checks: 7 fixed, 1 disabled, 1 dead deleted (#2616) 2026-05-04 23:40:58 +02:00
github-actions[bot] 341db55099 Updated site list and statistics (#2615) 
Co-authored-by: soxoj <31013580+soxoj@users.noreply.github.com>
 2026-05-04 14:24:49 +02:00
Soxoj a77a8b3e84 Reddit fix (#2614) 2026-05-04 14:12:22 +02:00
Soxoj 3ff05b240a Fix site checks: 8 → ip_reputation, 6 fixed, 9 disabled, 1 dead deleted (#2611) 2026-05-03 20:02:45 +02:00
Sayon Dey 05d1eb6fb0 Improved Python Package Workflow (#2594) 2026-05-03 11:25:06 +02:00
Sayon Dey 6cf5604075 Improve startup error message for missing dependencies (#2593) 
* Improve startup error message for missing dependencies

* Enhance error message for missing dependencies

Updated import error message to include installation instructions for PyPI and cloned repository.

* Enhance missing dependency error message

Updated error message for missing dependency to include installation instructions for both PyPI and local repository.
 2026-05-03 11:10:31 +02:00
github-actions[bot] ff0ffce427 Updated site list and statistics (#2607) 
Co-authored-by: soxoj <31013580+soxoj@users.noreply.github.com>
 2026-05-03 10:49:46 +02:00
HaiTao Wu ac1e3d33ec docs: add Simplified Chinese README translation (#2606) 2026-05-03 10:35:15 +02:00
Julio César Suástegui 8b5dce1d3c fix: disable RomanticCollection check (#2588) 
* fix: disable RomanticCollection check

* chore: regenerate db metadata

---------

Co-authored-by: Julio César Suástegui <juliosuas@users.noreply.github.com>
 2026-05-02 15:29:45 +02:00
Sayon Dey f897598f98 Fix outdated Google Colab setup instructions (#2591) 2026-05-02 15:21:16 +02:00
Soxoj 606fba01b4 Update CONTRIBUTING.md with instructions for developers (#2589) 2026-05-02 10:39:56 +02:00
egrezeli 9dbefcef11 Fix ID extraction crash when regex groups are optional (#2572) 
* Fix ID extraction crash when regex groups are optional

Handle None capture groups in username/id extraction and add regression coverage for optional trailing groups.

* Remove leftover line that overwrote safe _id in extract_id_from_url
 2026-05-01 00:14:40 +02:00
dependabot[bot] 533884bad5 build(deps): bump reportlab from 4.4.10 to 4.5.0 (#2578) 
Bumps [reportlab](https://www.reportlab.com/) from 4.4.10 to 4.5.0.

---
updated-dependencies:
- dependency-name: reportlab
  dependency-version: 4.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-30 22:44:05 +02:00
github-actions[bot] 12c8721a16 Updated site list and statistics (#2576) 
Co-authored-by: soxoj <31013580+soxoj@users.noreply.github.com>
 2026-04-29 17:20:42 +02:00
Soxoj b79f8aca28 Add site checks: 18 new sites (#2575) 2026-04-29 16:55:47 +02:00
dependabot[bot] 1a9fe77d6e build(deps): bump arabic-reshaper from 3.0.0 to 3.0.1 (#2573) 
Bumps [arabic-reshaper](https://github.com/mpcabd/python-arabic-reshaper) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/mpcabd/python-arabic-reshaper/releases)
- [Commits](https://github.com/mpcabd/python-arabic-reshaper/compare/v3.0.0...v3.0.1)

---
updated-dependencies:
- dependency-name: arabic-reshaper
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-29 12:37:52 +02:00
Soxoj 1352bd35c6 Fix site checks: 5 fixed, 4 disabled; fix UA leak bug (#2569) 2026-04-26 14:51:44 +02:00
Soxoj 3960510b63 Fix site checks: 7 fixed, 1 disabled (#2565) 
False-positive site probe issues #2531, #2542, #2556, #2559, #2560, #2561, #2563, #2496.
 2026-04-26 12:34:52 +02:00
Soxoj a7bda700b4 Add Docker web image with multi-stage building (#2564) main 2026-04-26 11:45:08 +02:00
Soxoj e962b8c693 Fix site checks: 5 fixed; readme fix (#2562) 
* Fix site checks: 5 fixed; readme fix

* Logging improvements

* Improve YouTube data extraction
dev 		2026-04-25 18:15:38 +02:00
Julio César Suástegui c6cfef84ce test: loosen executor timing upper bounds for slower CI (#2558) 
the <0.3/<0.4/etc upper bounds don't leave room for darwin or
emulated/aarch64 runners, which have been seeing 0.7s+ on tests
that expected <0.3s.

bumped each upper bound by +0.7s. lower bounds unchanged — they
still validate that tasks ran in parallel rather than serially.

refs #679

Co-authored-by: Julio César Suástegui <juliosuas@users.noreply.github.com>
 2026-04-25 15:24:43 +02:00
dependabot[bot] b0ed09eb3e build(deps): bump idna from 3.12 to 3.13 (#2553) 
Bumps [idna](https://github.com/kjd/idna) from 3.12 to 3.13.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](https://github.com/kjd/idna/compare/v3.12...v3.13)

---
updated-dependencies:
- dependency-name: idna
  dependency-version: '3.13'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-25 15:23:35 +02:00
dependabot[bot] 4e3bd3ab58 build(deps): bump pyinstaller from 6.19.0 to 6.20.0 (#2554) 
Bumps [pyinstaller](https://github.com/pyinstaller/pyinstaller) from 6.19.0 to 6.20.0.
- [Release notes](https://github.com/pyinstaller/pyinstaller/releases)
- [Changelog](https://github.com/pyinstaller/pyinstaller/blob/develop/doc/CHANGES.rst)
- [Commits](https://github.com/pyinstaller/pyinstaller/compare/v6.19.0...v6.20.0)

---
updated-dependencies:
- dependency-name: pyinstaller
  dependency-version: 6.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-24 16:25:18 +02:00
Soxoj 77c11df119 Fix Google Cloud Shell launch (#2557) 2026-04-23 21:45:27 +02:00
Soxoj 25026e21ea Fix site checks: 4 → ip_reputation, 9 fixed, 16 disabled, 3 dead dele… (#2555) 
* Fix site checks: 4 → ip_reputation, 9 fixed, 16 disabled, 3 dead deleted; clarify ip_reputation tag semantics

* Improved test coverage
 2026-04-23 21:17:07 +02:00