mirror
/
sherlock
mirror of https://github.com/sherlock-project/sherlock.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
sherlock/sherlock_project
History
dollaransh17 0e7219b191 Security Fix: Add timeout parameters to HTTP requests 
This fix addresses a critical security vulnerability where HTTP requests
could hang indefinitely, potentially causing denial of service.

Changes:
- Added 10-second timeout to version check API call
- Added 10-second timeout to GitHub pull request API call
- Added 30-second timeout to data file downloads (larger timeout for data)
- Added 10-second timeout to exclusions list download

Impact:
- Prevents infinite hangs that could freeze the application
- Improves user experience with predictable response times
- Fixes security issue flagged by Bandit static analysis (B113)
- Makes the application more robust in poor network conditions

The timeouts are conservative enough to work with slow connections
while preventing indefinite blocking that could be exploited.
 		2025-10-03 13:41:43 +05:30
..
resources Merge pull request #2570 from shreyasNaik0101/fix/remediate-applediscussions 2025-10-02 20:30:57 -04:00
__init__.py chore: move SSOT to pyproject.toml 2025-09-17 17:47:45 -04:00
__main__.py Deprecate Python 3.8 2024-08-23 01:15:47 -04:00
notify.py Rename importable module 2024-06-24 16:40:03 -04:00
py.typed Comply with PEP 561 2024-08-27 22:32:48 -04:00
result.py Rename importable module 2024-06-24 16:40:03 -04:00
sherlock.py Security Fix: Add timeout parameters to HTTP requests 2025-10-03 13:41:43 +05:30
sites.py Security Fix: Add timeout parameters to HTTP requests 2025-10-03 13:41:43 +05:30