Skip to content

fix: sync main with develop (CodeQL alert #15 fix)#135

Merged
overwrite00 merged 5 commits into
mainfrom
develop
Jul 13, 2026
Merged

fix: sync main with develop (CodeQL alert #15 fix)#135
overwrite00 merged 5 commits into
mainfrom
develop

Conversation

@overwrite00

Copy link
Copy Markdown
Owner

Sync main branch with develop.

Changes

  • fix: prevent stack trace exposure in URLScan.io health check endpoint (CodeQL alert fix: v0.10.1 — timeout analisi su email con molti URL (WHOIS dedup) #15, py/stack-trace-exposure, CWE-209/497)
    • GET /api/reputation/test-urlscan is public and unauthenticated
    • Exception details (type name + message) were returned to the caller
    • Now logged server-side only; client receives a generic error message
  • Minor pre-existing start.bat comment/variable sync from develop

Verification

  • Backend: 122/122 tests passing
  • No test coverage on the affected endpoint (no regression risk)

dependabot Bot and others added 5 commits July 2, 2026 12:38
…rectory with 4 updates (#127)

Bumps the minor-and-patch group with 4 updates in the /backend directory: [fastapi](https://github.com/fastapi/fastapi), [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/), [slowapi](https://github.com/laurents/slowapi) and [coverage](https://github.com/coveragepy/coveragepy).


Updates `fastapi` from 0.138.0 to 0.139.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.138.0...0.139.0)

Updates `beautifulsoup4` from 4.14.0 to 4.15.0

Updates `slowapi` from 0.1.9 to 0.1.10
- [Release notes](https://github.com/laurents/slowapi/releases)
- [Changelog](https://github.com/laurentS/slowapi/blob/master/CHANGELOG.md)
- [Commits](laurentS/slowapi@v0.1.9...v0.1.10)

Updates `coverage` from 7.6.1 to 7.14.3
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.6.1...7.14.3)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.139.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: beautifulsoup4
  dependency-version: 4.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: slowapi
  dependency-version: 0.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: coverage
  dependency-version: 7.14.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the minor-and-patch group in /backend with 2 updates: [uvicorn](https://github.com/Kludex/uvicorn) and [coverage](https://github.com/coveragepy/coveragepy).


Updates `uvicorn` from 0.49.0 to 0.50.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.49.0...0.50.0)

Updates `coverage` from 7.14.3 to 7.15.0
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.14.3...7.15.0)

---
updated-dependencies:
- dependency-name: uvicorn
  dependency-version: 0.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: coverage
  dependency-version: 7.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the minor-and-patch group in /frontend with 2 updates: [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) and [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom).


Updates `lucide-react` from 1.22.0 to 1.23.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.23.0/packages/lucide-react)

Updates `react-router-dom` from 7.18.0 to 7.18.1
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/react-router-dom@7.18.1/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.18.1/packages/react-router-dom)

---
updated-dependencies:
- dependency-name: lucide-react
  dependency-version: 1.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: react-router-dom
  dependency-version: 7.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ross 1 directory with 3 updates (#133)

Bumps the development-updates group with 3 updates in the /frontend directory: [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js), [eslint](https://github.com/eslint/eslint) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).


Updates `@eslint/js` from 9.39.4 to 9.39.5
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.39.5/packages/js)

Updates `eslint` from 9.39.4 to 9.39.5
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.39.4...v9.39.5)

Updates `vite` from 8.1.0 to 8.1.4
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.39.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-updates
- dependency-name: eslint
  dependency-version: 9.39.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-updates
- dependency-name: vite
  dependency-version: 8.1.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
CodeQL alert #15 (py/stack-trace-exposure, CWE-209/497): GET /api/reputation/test-urlscan
is a public unauthenticated endpoint that returned raw exception messages and type names
to the caller. Exception details are now logged server-side only; the client receives a
generic error message.
@overwrite00 overwrite00 merged commit f06edb5 into main Jul 13, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant