Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Project dependencies may have API risk issues #12

Open
PyDeps opened this issue Oct 25, 2022 · 0 comments
Open

Project dependencies may have API risk issues #12

PyDeps opened this issue Oct 25, 2022 · 0 comments

Comments

@PyDeps
Copy link

PyDeps commented Oct 25, 2022

Hi, In 403bypasser, inappropriate dependency versioning constraints can cause risks.

Below are the dependencies and version constraints that the project is using

requests
argparse
validators
tldextract
colorama
pyfiglet

The version constraint == will introduce the risk of dependency conflicts because the scope of dependencies is too strict.
The version constraint No Upper Bound and * will introduce the risk of the missing API Error because the latest version of the dependencies may remove some APIs.

After further analysis, in this project,
The version constraint of dependency requests can be changed to >=0.2.1,<=0.2.3.
The version constraint of dependency requests can be changed to >=0.7.0,<=2.24.0.
The version constraint of dependency requests can be changed to ==2.26.0.
The version constraint of dependency argparse can be changed to >=1.2.1,<=1.4.0.
The version constraint of dependency validators can be changed to >=0.2.0,<=0.20.0.
The version constraint of dependency colorama can be changed to ==0.1.
The version constraint of dependency colorama can be changed to >=0.1.3,<=0.1.6.
The version constraint of dependency colorama can be changed to ==0.1.10.
The version constraint of dependency colorama can be changed to >=0.1.13,<=0.1.14.
The version constraint of dependency colorama can be changed to >=0.1.16,<=0.4.5.
The version constraint of dependency pyfiglet can be changed to >=0.7,<=0.8.post1.

The above modification suggestions can reduce the dependency conflicts as much as possible,
and introduce the latest version as much as possible without calling Error in the projects.

The invocation of the current project includes all the following methods.

The calling methods from the requests 
requests.get
requests.post
The calling methods from the argparse 
argparse.ArgumentParser.parse_args
argparse.ArgumentParser
The calling methods from the validators 
validators.url
The calling methods from the colorama 
colorama.init
The calling methods from the pyfiglet 
pyfiglet.Figlet.renderText
pyfiglet.Figlet
The calling methods from the all methods 
tldextract.extract
Arguments
self.dir.self.url.center
self.urls.append
sys.exit
self.checkURL
open
argparse.ArgumentParser
self.createNewPaths
requests.get
self.url.rstrip
Program.initialise
argparse.ArgumentParser.add_argument
os.path.exists
d.lstrip
domain_name.locals.manipulateRequest
validators.url
self.dir.endswith
self.manipulateHeaders
argparse.ArgumentParser.parse_args
Program
Query
self.dir.rstrip
self.dir.startswith
locals
results_2.append
file.readlines
self.dirs.append
pyfiglet.Figlet
PathRepository
colorama.init
Arguments.return_dirs
self.createNewHeaders
pyfiglet.Figlet.renderText
self.newHeaders.append
Arguments.return_urls
self.writeToFile
print
self.checkStatusCode
self.rewriteHeaders.append
requests.post
self.manipulatePath
self.checkDir
self.newPaths.append
len
file.write
x.strip
self.url.endswith
results.append

@developer
Could please help me check this issue?
May I pull a request to fix it?
Thank you very much.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@PyDeps