CalvinBackup/Shadowbroker
1
0
Fork 0
mirror of https://github.com/BigBodyCobain/Shadowbroker.git synced 2026-06-08 15:23:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
144 Commits 43 Branches 18 Tags
71c00a6c57c7f0346f63d2453acbf331e1003b09
Commit Graph

4 Commits

Author SHA1 Message Date
anoracleofra-code b37bfc0162 fix: add path traversal guard to updater extraction 
Validates that every destination path stays within project_root
before writing. Prevents a malicious zip from writing outside
the project directory via ../traversal entries.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Former-commit-id: 3140416e80b1b56e4e6cccc930d11c2d5f9b1611
 2026-03-14 14:48:47 -06:00
anoracleofra-code b99a5e5d66 fix: updater crashes on os.makedirs PermissionError + prune protected dirs 
os.makedirs was outside try/except so permission-denied on .github
directory creation crashed the entire update. Now both makedirs and
copy are caught. Also prunes protected dirs from os.walk so the
updater never even enters .github, .git, .claude, etc.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Former-commit-id: d4bdef4604095a82860a4bc91bec3435a878f899
 2026-03-14 14:29:37 -06:00
anoracleofra-code 3cdd2c851e fix: updater permission denied on .github — add to protected dirs 
The auto-updater tried to extract .github/ from the release zip,
causing Permission denied errors. Added .github and .claude to the
protected directories list so they are skipped during extraction.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Former-commit-id: 8916fa08e005820ddbfc3b195c387dbf6187587e
 2026-03-14 14:23:03 -06:00
anoracleofra-code fc9eff865e v0.9.0: in-app auto-updater, ship toggle split, stable entity IDs, performance fixes 
New features:
- In-app auto-updater with confirmation dialog, manual download fallback,
  restart polling, and protected file safety net
- Ship layers split into 4 independent toggles (Military/Carriers, Cargo/Tankers,
  Civilian, Cruise/Passenger) with per-category counts
- Stable entity IDs using MMSI/callsign instead of volatile array indices
- Dismissible threat alert bubbles (session-scoped, survives data refresh)

Performance:
- GDELT title fetching is now non-blocking (background enrichment)
- Removed duplicate startup fetch jobs
- Docker healthcheck start_period 15s → 90s

Bug fixes:
- Removed fake intelligence assessment generator (OSINT-only policy)
- Fixed carrier tracker GDELT 429/TypeError crash
- Fixed ETag collision (full payload hash)
- Added concurrent /api/refresh guard

Contributors: @imqdcr (ship split + stable IDs), @csysp (dismissible alerts, PR #48)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Former-commit-id: a2c4c67da54345393f70a9b33b52e7e4fd6c049f
 2026-03-13 11:32:16 -06:00