Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package snallygaster for openSUSE:Factory
checked in at 2022-02-10 23:12:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/snallygaster (Old)
and /work/SRC/openSUSE:Factory/.snallygaster.new.1956 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "snallygaster"
Thu Feb 10 23:12:11 2022 rev:7 rq:953062 version:0.0.12
Changes:
--------
--- /work/SRC/openSUSE:Factory/snallygaster/snallygaster.changes
2022-01-04 19:39:05.618055967 +0100
+++ /work/SRC/openSUSE:Factory/.snallygaster.new.1956/snallygaster.changes
2022-02-10 23:12:50.820325456 +0100
@@ -1,0 +2,32 @@
+Wed Feb 2 19:57:39 UTC 2022 - Sebastian Wagner <sebix+novell....@sebix.at>
+
+- remove unnecessary build dependency pyupgrade. We don't execute this test.
+- remove tests irrelevant for us
+
+-------------------------------------------------------------------
+Wed Feb 2 19:50:18 UTC 2022 - Sebastian Wagner <sebix+novell....@sebix.at>
+
+- update to version 0.0.12:
+ - use more f-strings
+ - let pyupgrade enforce f-strings and latest python
+ - use more f-strings
+ - catch all the different ways the HTML parser can fail
+ - Remove nargs=1, simplifies code
+ - raise version to 0.0.11
+
+-------------------------------------------------------------------
+Tue Dec 28 16:53:13 UTC 2021 - Sebastian Wagner <sebix+novell....@sebix.at>
+
+- update to version 0.0.11:
+ - disable python 3.11 tests for now due to pylint/wrapt incompatibility
+ - fix pylint warning use-implicit-booleaness-not-comparison
+ - add detection of symfony debugging mode on 404 pages
+ - support v3 php-cs-fixer format and rename test
+ - enable onlinetests in GH actions
+ - improve apache server info detection / avoid false positives by adding
closing h1 tag
+ - remove apache perl status, add documentation for apache-info check
+ - update check for apache-info, check for perl-info still need improving
+ add check for apache server info and perl-status
+ - Readme: add openSUSE package
+
+-------------------------------------------------------------------
Old:
----
snallygaster-0.0.11.tar.gz
New:
----
snallygaster-0.0.12.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ snallygaster.spec ++++++
--- /var/tmp/diff_new_pack.CrEFj0/_old 2022-02-10 23:12:51.336326763 +0100
+++ /var/tmp/diff_new_pack.CrEFj0/_new 2022-02-10 23:12:51.340326773 +0100
@@ -1,7 +1,7 @@
#
# spec file for package snallygaster
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: snallygaster
-Version: 0.0.11
+Version: 0.0.12
Release: 0
Summary: Tool to scan for hidden files on HTTP servers
License: CC0-1.0
@@ -34,7 +34,6 @@
BuildRequires: python3-pycodestyle
BuildRequires: python3-pyflakes
BuildRequires: python3-pylint
-BuildRequires: python3-pyupgrade
BuildRequires: python3-urllib3
# /SECTION
BuildRequires: fdupes
@@ -66,7 +65,8 @@
fdupes %{buildroot}%{python_sitelib}
%check
-rm tests/test_codingstyle.py
+# remove tests irrelevant for us
+rm tests/test_codingstyle.py tests/test_docs.py
TESTDATA_REPOSITORY=$(pwd)/snallygaster-testdata-master/ RUN_ONLINETESTS=1
python3 setup.py test
%files
++++++ snallygaster-0.0.11.tar.gz -> snallygaster-0.0.12.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/snallygaster-0.0.11/PKG-INFO
new/snallygaster-0.0.12/PKG-INFO
--- old/snallygaster-0.0.11/PKG-INFO 2021-12-28 16:42:41.409381400 +0100
+++ new/snallygaster-0.0.12/PKG-INFO 2022-01-31 21:30:10.837707000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: snallygaster
-Version: 0.0.11
+Version: 0.0.12
Summary: Tool to scan for secret files on HTTP servers
Home-page: https://github.com/hannob/snallygaster
Author: Hanno B??ck
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/snallygaster-0.0.11/setup.py
new/snallygaster-0.0.12/setup.py
--- old/snallygaster-0.0.11/setup.py 2021-12-28 16:42:33.000000000 +0100
+++ new/snallygaster-0.0.12/setup.py 2022-01-31 21:28:17.000000000 +0100
@@ -11,7 +11,7 @@
setuptools.setup(
name=package_name,
- version="0.0.11",
+ version="0.0.12",
description="Tool to scan for secret files on HTTP servers",
long_description=readme,
long_description_content_type='text/markdown',
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/snallygaster-0.0.11/snallygaster
new/snallygaster-0.0.12/snallygaster
--- old/snallygaster-0.0.11/snallygaster 2021-12-28 15:24:38.000000000
+0100
+++ new/snallygaster-0.0.12/snallygaster 2022-01-31 21:24:10.000000000
+0100
@@ -62,7 +62,7 @@
def pdebug(msg):
if args.debug:
- print("[[debug]] %s" % msg)
+ print(f"[[debug]] {msg}")
def pout(cause, url, misc="", noisymsg=False):
@@ -77,9 +77,9 @@
json_out.append({"cause": cause, "url": url, "misc": misc})
else:
if misc:
- print("[%s] %s %s" % (cause, url, misc))
+ print(f"[{cause}] {url} {misc}")
else:
- print("[%s] %s" % (cause, url))
+ print(f"[{cause}] {url}")
def randstring():
@@ -147,7 +147,7 @@
return global_what404[url]
rndurl = url + "/" + randstring() + ".htm"
- pdebug("Checking 404 page state of %s" % rndurl)
+ pdebug(f"Checking 404 page state of {rndurl}")
try:
r = pool.request('GET', rndurl, retries=False, redirect=False)
except (urllib3.exceptions.HTTPError, UnicodeError,
@@ -323,7 +323,7 @@
for fn in ["winscp.ini", "WinSCP.ini"]:
r = fetcher(url + "/" + fn)
if '[Configuration]' in r:
- pout("winscp_ini", "%s/%s" % (url, fn))
+ pout("winscp_ini", f"{url}/{fn}")
@DEFAULT
@@ -493,13 +493,13 @@
hostkey, wwwkey]:
r = fetcher(url + "/" + fn)
if 'BEGIN PRIVATE KEY' in r:
- pout("privatekey_pkcs8", "%s/%s" % (url, fn))
+ pout("privatekey_pkcs8", f"{url}/{fn}")
if 'BEGIN RSA PRIVATE KEY' in r:
- pout("privatekey_rsa", "%s/%s" % (url, fn))
+ pout("privatekey_rsa", f"{url}/{fn}")
if 'BEGIN DSA PRIVATE KEY' in r:
- pout("privatekey_dsa", "%s/%s" % (url, fn))
+ pout("privatekey_dsa", f"{url}/{fn}")
if 'BEGIN EC PRIVATE KEY' in r:
- pout("privatekey_ec", "%s/%s" % (url, fn))
+ pout("privatekey_ec", f"{url}/{fn}")
@DEFAULT
@@ -507,7 +507,7 @@
for fn in ["id_rsa", "id_dsa", ".ssh/id_rsa", ".ssh/id_dsa"]:
r = fetcher(url + "/" + fn)
if 'BEGIN' in r and 'PRIVATE KEY' in r:
- pout("sshkey", "%s/%s" % (url, fn))
+ pout("sshkey", f"{url}/{fn}")
@DEFAULT
@@ -522,7 +522,7 @@
r = getmainpage(url)
try:
p = bs4.BeautifulSoup(r, 'html.parser')
- except NotImplementedError:
+ except (NotImplementedError, TypeError, AssertionError):
# This is due to a python bug, please remove in the future.
# https://bugs.python.org/issue32876
pdebug("Can't parse due to python bug")
@@ -552,7 +552,7 @@
if domain in checkeddomains:
continue
checkeddomains.append(domain)
- pdebug("Checking url %s" % realurl)
+ pdebug(f"Checking url {realurl}")
if dnscache(domain) is None:
pout("invalidsrc_dns", url, escape(src))
@@ -761,13 +761,13 @@
@DEFAULT
def test_duplicator(url):
for fn in ['installer.php', 'installer-backup.php']:
- r = fetcher("%s/%s" % (url, fn))
+ r = fetcher(f"{url}/{fn}")
if '/dup-installer/main.installer.php' in r:
- pout("duplicator", "%s/%s" % (url, fn))
+ pout("duplicator", f"{url}/{fn}")
for fn in ['backups-dup-pro', 'backups-dup-lite']:
- r = fetcher("%s/wp-content/%s/" % (url, fn))
+ r = fetcher(f"{url}/wp-content/{fn}/")
if '>Index of /' in r:
- pout("duplicator_dirlisting", "%s/wp-content/%s/" % (url, fn))
+ pout("duplicator_dirlisting", f"{url}/wp-content/{fn}/")
@DEFAULT
@@ -824,7 +824,7 @@
@DEFAULT
@HOSTNAME
def test_openmonit(qhost):
- url = 'http://%s:2812/' % qhost
+ url = f"http://{qhost}:2812/";
headers = urllib3.util.make_headers(basic_auth='admin:monit')
try:
r = pool.request('GET', url, headers=headers)
@@ -840,16 +840,16 @@
def test_openelasticsearch(qhost):
headers = urllib3.util.make_headers(basic_auth='admin:admin')
try:
- r = pool.request('GET', 'http://%s:9200' % qhost, headers=headers)
+ r = pool.request("GET", f"http://{qhost}:9200";, headers=headers)
if '"cluster_name" :' in r.data.decode('ascii', errors='ignore'):
- pout("openelasticsearch", 'http://%s:9200' % qhost)
+ pout("openelasticsearch", f"http://{qhost}:9200";)
except (urllib3.exceptions.HTTPError, UnicodeError,
ConnectionRefusedError):
pass
try:
- r = pool.request('GET', 'https://%s:9200' % qhost, headers=headers)
+ r = pool.request("GET", f"https://{qhost}:9200";, headers=headers)
if '"cluster_name" :' in r.data.decode('ascii', errors='ignore'):
- pout("openelasticsearch", 'https://%s:9200' % qhost)
+ pout("openelasticsearch", f"https://{qhost}:9200";)
except (urllib3.exceptions.HTTPError, UnicodeError,
ConnectionRefusedError):
pass
@@ -883,8 +883,8 @@
if not set(version).issubset("0123456789."):
return
pout("wordpress", url, version)
- except NotImplementedError:
- # Necessary ddue to a python bug (remove in the future):
+ except (NotImplementedError, TypeError, AssertionError):
+ # Necessary due to a python bug (remove in the future):
# https://bugs.python.org/issue32876
return
except KeyError:
@@ -893,7 +893,7 @@
@INFO
def test_mailman(url):
- murl = '%s/mailman/listinfo' % url
+ murl = f"{url}/mailman/listinfo"
r = fetcher(murl)
if 'Delivered by Mailman' in r:
ver = re.findall('version ([0-9.]+)', r)
@@ -902,9 +902,9 @@
else:
ver = "unknown"
if 'There currently are no publicly-advertised' in r:
- pout("mailman_unused", "%s %s" % (murl, ver))
+ pout("mailman_unused", f"{murl} {ver}")
else:
- pout("mailman", "%s %s" % (murl, ver))
+ pout("mailman", f"{murl} {ver}")
@INFO
@@ -942,10 +942,8 @@
parser = argparse.ArgumentParser()
parser.add_argument("hosts", nargs='+', help="hostname to scan")
-parser.add_argument("-t", "--tests", nargs=1,
- help="Comma-separated tests to run.")
-parser.add_argument("--useragent", nargs=1,
- help="User agent to send")
+parser.add_argument("-t", "--tests", help="Comma-separated tests to run.")
+parser.add_argument("--useragent", help="User agent to send")
parser.add_argument("--nowww", action="store_true",
help="Skip scanning www.[host]")
parser.add_argument("--nohttp", action="store_true",
@@ -967,7 +965,7 @@
# Initializing global pool manager
user_agent = {'user-agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:53.0)
Gecko/20100101 Firefox/53.0'}
if args.useragent:
- user_agent = {'user-agent': args.useragent[0]}
+ user_agent = {'user-agent': args.useragent}
pool = urllib3.PoolManager(10, headers=user_agent, cert_reqs='CERT_NONE', #
noqa: DUO132
retries=False, timeout=2)
@@ -979,10 +977,10 @@
else:
tests = []
try:
- for x in args.tests[0].split(','):
+ for x in args.tests.split(','):
tests.append(locals()["test_" + x])
except KeyError:
- print("Test %s does not exist" % x)
+ print(f"Test {x} does not exist")
sys.exit(1)
if args.info:
@@ -992,7 +990,7 @@
if path != "" and path[0] != "/":
path = "/" + path
if path != "":
- pdebug("Path: %s" % path)
+ pdebug(f"Path: {path}")
hosts = list(args.hosts)
if not args.nowww:
@@ -1009,16 +1007,16 @@
print("ERROR: Invalid hostname")
sys.exit(1)
if h != hosts[i]:
- pdebug("Converted %s to %s" % (h, hosts[i]))
+ pdebug(f"Converted {h} to {hosts[i]}")
pdebug("All hosts: %s" % ",".join(hosts))
json_out = []
for host in hosts:
- pdebug("Scanning %s" % host)
+ pdebug(f"Scanning {host}")
for test in tests:
- pdebug("Running %s test" % test.__name__)
+ pdebug(f"Running {test.__name__} test")
if hasattr(test, '_is_hostname_test'):
test(host)
else:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/snallygaster-0.0.11/snallygaster.egg-info/PKG-INFO
new/snallygaster-0.0.12/snallygaster.egg-info/PKG-INFO
--- old/snallygaster-0.0.11/snallygaster.egg-info/PKG-INFO 2021-12-28
16:42:41.000000000 +0100
+++ new/snallygaster-0.0.12/snallygaster.egg-info/PKG-INFO 2022-01-31
21:30:10.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: snallygaster
-Version: 0.0.11
+Version: 0.0.12
Summary: Tool to scan for secret files on HTTP servers
Home-page: https://github.com/hannob/snallygaster
Author: Hanno B??ck
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/snallygaster-0.0.11/tests/test_codingstyle.py
new/snallygaster-0.0.12/tests/test_codingstyle.py
--- old/snallygaster-0.0.11/tests/test_codingstyle.py 2021-12-28
15:23:13.000000000 +0100
+++ new/snallygaster-0.0.12/tests/test_codingstyle.py 2022-01-16
09:37:00.000000000 +0100
@@ -15,7 +15,7 @@
"too-many-lines,consider-using-f-string"]
+ pyfiles, check=True)
subprocess.run(["flake8", "--select=DUO"] + pyfiles, check=True)
- subprocess.run(["pyupgrade", "--keep-percent-format", "--py38-plus"] +
pyfiles, check=True)
+ subprocess.run(["pyupgrade", "--py311-plus"] + pyfiles, check=True)
if __name__ == '__main__':
