Skip to content

Commit 58b07aa

Browse files
committed
update pp
1 parent 7b51457 commit 58b07aa

8 files changed

Lines changed: 38 additions & 28 deletions

File tree

core/payload_schema.py

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,12 @@
4444

4545
IPV4_REGEX = re.compile(r"\A((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)\Z")
4646
INTERFACE_REGEX = re.compile(r"\A[A-Za-z0-9._@:-]{1,32}\Z")
47-
HOSTNAME_REGEX = re.compile(r"\A(?=.{1,253}\Z)([A-Za-z0-9]([A-Za-z0-9-]{0,61}[A-Za-z0-9])?\.?)+\Z")
47+
HOSTNAME_REGEX = re.compile(
48+
r"\A(?=.{1,253}\Z)"
49+
r"[A-Za-z0-9](?:[A-Za-z0-9-]{0,61}[A-Za-z0-9])?"
50+
r"(?:\.[A-Za-z0-9](?:[A-Za-z0-9-]{0,61}[A-Za-z0-9])?)*"
51+
r"\.?\Z"
52+
)
4853
URL_REGEX = re.compile(r"\Ahttps?://[\w\-.:/?#\[\]@!$&'()*+,;=%]+\Z")
4954
HEX_REGEX = re.compile(r"\A[0-9a-fA-F]+\Z")
5055
PORT_MIN = 1

lazyc2.py

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2881,19 +2881,19 @@ def _resolve_secure_template_path(template_name):
28812881
safe_stem = strict_match.group(1)
28822882
safe_basename = f"{safe_stem}.html"
28832883
template_folder = Path(app.template_folder).resolve()
2884+
matched_path = None
28842885
try:
2885-
allowed_entries = {
2886-
entry.name
2887-
for entry in os.scandir(template_folder)
2888-
if entry.is_file()
2889-
}
2886+
for entry in os.scandir(template_folder):
2887+
if entry.is_file() and entry.name == safe_basename:
2888+
matched_path = entry.path
2889+
break
28902890
except OSError as scan_error:
28912891
logger.error(f"Template folder unreadable: {scan_error}")
28922892
return None
2893-
if safe_basename not in allowed_entries:
2893+
if matched_path is None:
28942894
logger.error("Template file not in allowlist of existing templates")
28952895
return None
2896-
candidate = (template_folder / safe_basename).resolve()
2896+
candidate = Path(matched_path).resolve()
28972897
contained, traversal_error = _validate_file_path_within_base(candidate, template_folder)
28982898
if not contained:
28992899
logger.error(f"Template path rejected: {traversal_error}")

lazyown.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23327,7 +23327,7 @@ def do_pip_repo(self, line):
2332723327
self.cmd("pip3 install pip-tools")
2332823328

2332923329
packages = [
23330-
"requests", "python-libnmap", "pwncat-cs", "pwn", "groq", "PyPDF2", "docx", "python-docx", "olefile",
23330+
"requests", "python-libnmap", "pwncat-cs", "pwn", "groq", "pypdf", "docx", "python-docx", "olefile",
2333123331
"exifread", "pycryptodome", "impacket", "pandas", "colorama", "tabulate", "pyarrow", "keyboard",
2333223332
"flask-unsign", "name-that-hash", "certipy-ad", "ast", "pykeepass", "cmd2", "Pillow", "netaddr", "stix2"
2333323333
]

modules/lazyown_metaextract0r.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
2020
"""
2121
import os
22-
import PyPDF2
22+
import pypdf
2323
import docx
2424
import olefile
2525
import exifread
@@ -48,7 +48,7 @@ def extract_pdf_metadata(file_path):
4848
metadata = {}
4949
try:
5050
with open(file_path, 'rb') as f:
51-
reader = PyPDF2.PdfReader(f)
51+
reader = pypdf.PdfReader(f)
5252
metadata = reader.metadata
5353
except Exception as e:
5454
metadata['error'] = str(e)

pyproject.toml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,13 +12,13 @@ license = { text = "GPL-3.0-only" }
1212
readme = "README.md"
1313
requires-python = ">=3.8"
1414
dependencies = [
15-
"requests",
15+
"requests>=2.33.0",
1616
"cmd2",
1717
"python-libnmap",
1818
"pwncat-cs",
1919
"pwn",
2020
"groq",
21-
"PyPDF2",
21+
"pypdf>=6.1.1",
2222
"python-docx",
2323
"olefile",
2424
"exifread",

requirements.txt

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ commonmark==0.9.1
4949
construct==2.10.70
5050
contourpy==1.3.3
5151
coverage==7.13.5
52-
cryptography==44.0.2
52+
cryptography==46.0.6
5353
cssselect==1.4.0
5454
cssutils==2.15.0
5555
cycler==0.12.1
@@ -82,7 +82,7 @@ h11==0.16.0
8282
httpcore==1.0.9
8383
httpx==0.28.1
8484
identify==2.6.19
85-
idna==3.13
85+
idna==3.15
8686
impacket==0.13.0
8787
iniconfig==2.3.0
8888
intervaltree==3.2.1
@@ -175,10 +175,10 @@ Pygments==2.20.0
175175
pykeepass==4.1.1.post1
176176
PyMsgBox==2.0.1
177177
PyNaCl==1.6.2
178-
pyOpenSSL==25.1.0
178+
pyOpenSSL==26.0.0
179179
pyotp==2.9.0
180180
pyparsing==3.3.2
181-
PyPDF2==3.0.1
181+
pypdf==6.1.1
182182
pyperclip==1.11.0
183183
pypykatz==0.6.13
184184
PyRect==0.2.0
@@ -200,7 +200,7 @@ pytweening==1.2.0
200200
pytz==2026.1.post1
201201
pyvis==0.3.2
202202
PyYAML==6.0.3
203-
requests==2.32.5
203+
requests==2.33.0
204204
rich-argparse==1.8.0
205205
rich==15.0.0
206206
ROPGadget==7.7
@@ -237,7 +237,7 @@ unicorn==2.1.2
237237
unicrypto==0.0.12
238238
unidns==0.0.4
239239
unix-ar==0.2.1
240-
urllib3==2.6.3
240+
urllib3==2.7.0
241241
uro==1.0.2
242242
validators==0.35.0
243243
virtualenv==21.3.1

templates/surface_live.html

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,11 +16,13 @@ <h3 class="text-info mb-0">Live Attack Surface</h3>
1616
<link
1717
rel="stylesheet"
1818
href="https://cdnjs.cloudflare.com/ajax/libs/vis-network/9.1.2/dist/dist/vis-network.min.css"
19+
integrity="sha512-WgxfT5LWjfszlPHXRmBWHkV2eceiWTOBvrKCNbdgDYTHrT2AeLCGbF4sZlZw3UMN3WtL0tGUoIAKsu8mllg/XA=="
1920
crossorigin="anonymous"
2021
referrerpolicy="no-referrer"
2122
/>
2223
<script
2324
src="https://cdnjs.cloudflare.com/ajax/libs/vis-network/9.1.2/dist/vis-network.min.js"
25+
integrity="sha512-LnvoEWDFrqGHlHmDD2101OrLcbsfkrzoSpvtSQtxK3RMnRV0eOkhhBN2dXHKRrUU8p2DGRTk35n4O8nWSVe1mQ=="
2426
crossorigin="anonymous"
2527
referrerpolicy="no-referrer"
2628
></script>

tests/test_improvements_spec.py

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -717,23 +717,26 @@ def test_every_class_in_new_modules_has_docstring(self) -> None:
717717
self.assertEqual(offenders, [])
718718

719719
def test_modules_avoid_emoji_in_source(self) -> None:
720-
import re
721-
emoji_pattern = re.compile(
722-
"["
723-
"\U0001F300-\U0001FAFF"
724-
"\U0001F600-\U0001F64F"
725-
"\U0001F680-\U0001F6FF"
726-
"☀-➿"
727-
"]"
720+
emoji_ranges = (
721+
(0x1F300, 0x1FAFF),
722+
(0x2600, 0x27BF),
728723
)
724+
725+
def contains_emoji(text: str) -> bool:
726+
return any(
727+
low <= code_point <= high
728+
for code_point in map(ord, text)
729+
for low, high in emoji_ranges
730+
)
731+
729732
offenders: list[str] = []
730733
for relative in (
731734
"cli/status_bar.py",
732735
"skills/unified_orchestrator.py",
733736
"cli/commands/orchestration.py",
734737
):
735738
text = (REPO_ROOT / relative).read_text(encoding="utf-8")
736-
if emoji_pattern.search(text):
739+
if contains_emoji(text):
737740
offenders.append(relative)
738741
self.assertEqual(offenders, [])
739742

0 commit comments

Comments
 (0)