Skip to content

Bug fixes V2.1#467

Merged
New-dev0 merged 7 commits intomainfrom
v2
Feb 23, 2025
Merged

Bug fixes V2.1#467
New-dev0 merged 7 commits intomainfrom
v2

Conversation

@New-dev0
Copy link
Member

@New-dev0 New-dev0 commented Feb 23, 2025
edited
Loading

  • Telegraph no longer supports image upload, replace it by catbox
  • Update for layer fixes in Poll
  • Fixed sticker command by using cloudscraper
  • fixed img, translate, akinator, filestore

github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 23, 2025
View reviewed changes
plugins/twitter.py Outdated
msg = await event.eor("🔍 `Getting tweet details...`")
try:
client = await get_client()
if "twitter.com" in match or "x.com" in match:

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

The string
twitter.com
Loading
may be at an arbitrary position in the sanitized URL.

Copilot Autofix

AI 12 months ago

To fix the problem, we need to parse the URL and check the hostname to ensure it matches "twitter.com" or "x.com" correctly. This will prevent malicious URLs from bypassing the check by embedding the allowed hostnames in unexpected locations.

  • Use the urlparse function from the urllib.parse module to parse the URL.
  • Extract the hostname from the parsed URL and check if it matches "twitter.com" or "x.com".
  • Update the code in the twitter_details function to implement this change.
Suggested changeset 1
plugins/twitter.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/plugins/twitter.py b/plugins/twitter.py
--- a/plugins/twitter.py
+++ b/plugins/twitter.py
@@ -83,4 +83,6 @@
         client = await get_client()
-        if "twitter.com" in match or "x.com" in match:
-            tweet_id = match.split("/")[-1].split("?")[0]
+        from urllib.parse import urlparse
+        parsed_url = urlparse(match)
+        if parsed_url.hostname in ["twitter.com", "x.com"]:
+            tweet_id = parsed_url.path.split("/")[-1].split("?")[0]
         else:
EOF
@@ -83,4 +83,6 @@
client = await get_client()
if "twitter.com" in match or "x.com" in match:
tweet_id = match.split("/")[-1].split("?")[0]
from urllib.parse import urlparse
parsed_url = urlparse(match)
if parsed_url.hostname in ["twitter.com", "x.com"]:
tweet_id = parsed_url.path.split("/")[-1].split("?")[0]
else:
Copilot is powered by AI and may make mistakes. Always verify output.
@New-dev0 New-dev0 committed this autofix suggestion 12 months ago.
plugins/twitter.py Outdated
msg = await event.eor("🔍 `Getting tweet details...`")
try:
client = await get_client()
if "twitter.com" in match or "x.com" in match:

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

The string
x.com
Loading
may be at an arbitrary position in the sanitized URL.

Copilot Autofix

AI 12 months ago

To fix the problem, we should parse the URL using urlparse and then check the hostname to ensure it matches "twitter.com" or "x.com". This approach is more reliable than checking for substrings within the URL.

  • Parse the URL using urlparse.
  • Extract the hostname from the parsed URL.
  • Check if the hostname is either "twitter.com" or "x.com".
  • Update the code in the twitter_media function to use this method.
Suggested changeset 1
plugins/twitter.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/plugins/twitter.py b/plugins/twitter.py
--- a/plugins/twitter.py
+++ b/plugins/twitter.py
@@ -25,2 +25,3 @@
 import os
+from urllib.parse import urlparse
 from twikit import Client
@@ -151,4 +152,5 @@
         client = await get_client()
-        if "twitter.com" in match or "x.com" in match:
-            tweet_id = match.split("/")[-1].split("?")[0]
+        parsed_url = urlparse(match)
+        if parsed_url.hostname in ["twitter.com", "x.com"]:
+            tweet_id = parsed_url.path.split("/")[-1].split("?")[0]
         else:
EOF
@@ -25,2 +25,3 @@
import os
from urllib.parse import urlparse
from twikit import Client
@@ -151,4 +152,5 @@
client = await get_client()
if "twitter.com" in match or "x.com" in match:
tweet_id = match.split("/")[-1].split("?")[0]
parsed_url = urlparse(match)
if parsed_url.hostname in ["twitter.com", "x.com"]:
tweet_id = parsed_url.path.split("/")[-1].split("?")[0]
else:
Copilot is powered by AI and may make mistakes. Always verify output.
New-dev0 and others added 3 commits February 23, 2025 09:13
@New-dev0 @github-advanced-security
Potential fix for code scanning alert no. 36: Incomplete URL substrin…
750fff6 
…g sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@New-dev0
Merge branch 'main' into v2
a366b02
@New-dev0
Update version.py
1bcd29d
@New-dev0 New-dev0 merged commit c5c7916 into main Feb 23, 2025
4 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@New-dev0