CalvinBackup/Shadowbroker
1
0
Fork 0
mirror of https://github.com/BigBodyCobain/Shadowbroker.git synced 2026-05-08 18:34:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: resolve security concerns in AIS proxy, GDELT parsing, and env key validation

Browse Source 
Former-commit-id: fad9572959
This commit is contained in:
anoracleofra-code
2026-03-09 05:53:15 -06:00
parent 30595843a0
commit 923c80368d
3 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/ais_proxy.js
+6 -1
View File
@@ -1,7 +1,12 @@
const WebSocket = require('ws');
const args = process.argv.slice(2);
const API_KEY = args[0] || '75cc39af03c9cc23c90e8a7b3c3bc2b2a507c5fb';
const API_KEY = args[0] || process.env.AIS_API_KEY;
if (!API_KEY) {
console.error("FATAL: AIS_API_KEY is not set. WebSocket proxy cannot start.");
process.exit(1);
}
const FILTER = [
// US Aircraft Carriers and major naval groups
backend/services/api_settings.py
+9
View File
@@ -157,6 +157,15 @@ def get_api_keys():
def update_api_key(env_key: str, new_value: str) -> bool:
"""Update a single key in the .env file and in the current process env."""
valid_keys = {api["env_key"] for api in API_REGISTRY if api.get("env_key")}
if env_key not in valid_keys:
return False
if not isinstance(new_value, str):
return False
if "\n" in new_value or "\r" in new_value:
return False
if not ENV_PATH.exists():
return False
backend/services/geopolitics.py
+7 -2
View File
@@ -285,12 +285,17 @@ def fetch_global_military_incidents():
headlines = [_url_to_headline(u) for u in urls]
f["properties"]["_urls_list"] = urls
f["properties"]["_headlines_list"] = headlines
import html
# Keep html as fallback
if urls:
links = [f'<div style="margin-bottom:6px;"><a href="{u}" target="_blank">{h}</a></div>' for u, h in zip(urls, headlines)]
links = []
for u, h in zip(urls, headlines):
safe_url = u if u.startswith(('http://', 'https://')) else 'about:blank'
safe_h = html.escape(h)
links.append(f'<div style="margin-bottom:6px;"><a href="{safe_url}" target="_blank" rel="noopener noreferrer">{safe_h}</a></div>')
f["properties"]["html"] = ''.join(links)
else:
f["properties"]["html"] = f["properties"]["name"]
f["properties"]["html"] = html.escape(f["properties"]["name"])
f.pop("_loc_key", None)
logger.info(f"GDELT multi-file parsed: {len(features)} conflict locations from {successful} files")