hlmtre / pybot Goto Github PK

View Code? Open in Web Editor NEW

10.0 3.0 4.0 1.98 MB

An extensible, modular, configurable, and multi-threaded python irc bot.

License: GNU General Public License v3.0

Shell 1.32% Python 98.50% Makefile 0.03% Dockerfile 0.15%

pybot python-irc-bot

pybot's Introduction

hlmtre

I am a tiny part of the universe experiencing itself.

I am currently the network administrator for Northern Valley Indian Health, a series of healthcare clinics in Northern California. I do a lot of networking, but also manage all of our Linux infrastructure, using saltstack for automation. In my spare time (which is a rarity with a tiny human), I play guitar and competitive FPSes with old friends. We are not very good. Occasionally I have the brain energy to program, making my own little projects and sometimes contributing to existing open source projects.

I live in Calfornia with my wife and tiny human and three cats.

Projects

pybot (@hlmtre/pybot) A python IRC bot I started all the way back in 2012, to learn python and the IRC protocol. Development has slowed but believe it or not still happens.
homemaker (@hlmtre/homemaker) Slightly more than yet another dotfile manager, written in Rust.

You can contact me via email or on irc (irc.zero9f9.com), probably in #fg.

pybot's People

Contributors

Stargazers

Watchers

Forkers

madelinecr kgraves optionalg ctrlaltmech

pybot's Issues

CVE-2022-40899 (Medium) detected in future-0.18.2.tar.gz

CVE-2022-40899 - Medium Severity Vulnerability

Vulnerable Library - future-0.18.2.tar.gz

Clean single-source support for Python 3 and 2

Library home page: https://files.pythonhosted.org/packages/45/0b/38b06fd9b92dc2b68d58b75f900e97884c45bedd2ff83203d933cf5851c9/future-0.18.2.tar.gz

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

python_twitter-3.5-py2.py3-none-any.whl (Root Library)
- ❌ future-0.18.2.tar.gz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.

Publish Date: 2022-12-23

URL: CVE-2022-40899

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

Update for python 3.12 (imp deprecated)

the imp module has been deprecated in python 3.12; update the module loading code. this might be tough as it's been maybe 10 years since you've really looked at this.

CVE-2022-23491 (Medium) detected in certifi-2021.10.8-py2.py3-none-any.whl

CVE-2022-23491 - Medium Severity Vulnerability

Vulnerable Library - certifi-2021.10.8-py2.py3-none-any.whl

Python package for providing Mozilla's CA Bundle.

Library home page: https://files.pythonhosted.org/packages/37/45/946c02767aabb873146011e665728b680884cd8fe70dde973c640e45b775/certifi-2021.10.8-py2.py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

imgurpython-1.1.7.tar.gz (Root Library)
- requests-2.26.0-py2.py3-none-any.whl
  - ❌ certifi-2021.10.8-py2.py3-none-any.whl (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

Publish Date: 2022-12-07

URL: CVE-2022-23491

CVSS 3 Score Details (6.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2022-23491

Release Date: 2022-12-07

Fix Resolution: certifi - 2022.12.07

Step up your Open Source Security Game with Mend here

Lacking documentation on praw.ini

Add documentation on praw.ini required for rshort module

hlmtre / pybot Goto Github PK

pybot's Introduction

hlmtre

I am a tiny part of the universe experiencing itself.

Projects

pybot's People

Contributors

Stargazers

Watchers

Forkers

pybot's Issues

CVE-2022-40899 (Medium) detected in future-0.18.2.tar.gz

CVE-2022-40899 - Medium Severity Vulnerability

Update for python 3.12 (imp deprecated)

CVE-2022-23491 (Medium) detected in certifi-2021.10.8-py2.py3-none-any.whl

CVE-2022-23491 - Medium Severity Vulnerability

Lacking documentation on praw.ini

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent