Wayback upgrade

[liquidsec]

TBA

In general, the way to fix incomplete URL substring sanitization is to parse the URL using a standard library, extract the hostname, and then compare that hostname (or a suffix of it) to the expected allowed host, instead of checking for a substring in the raw URL string.

In this specific case, we should change the assertion that currently does assert "web.archive.org" in finding.data["archive_url"] so that it parses archive_url with urllib.parse.urlparse, extracts .hostname, and asserts that the hostname is exactly web.archive.org. This preserves the intended functionality (“archive_url should be archive.org URL”) while avoiding arbitrary substring matches. Concretely, within TestWaybackParameters.check, around lines 309–315, we will introduce a local variable such as archive_url_host = urlparse(finding.data["archive_url"]).hostname and assert archive_url_host == "web.archive.org". To do this, we must import urlparse from urllib.parse at the top of the test file, alongside the existing unquote import. No other behavior in the tests needs to change.

[liquidsec]

bro its a draft step off

[github-actions]

📊 Performance Benchmark Report

Comparing 3.0 (baseline) vs wayback-upgrade (current)

📈 Detailed Results (All Benchmarks)

📋 Complete results for all benchmarks - includes both significant and insignificant changes

🧪 Test Name	📏 Base	📏 Current	📈 Change	🎯 Status
Bloom Filter Dns Mutation Tracking Performance	4.28ms	4.27ms	-0.4% ⚪	✅
Bloom Filter Large Scale Dns Brute Force	17.73ms	17.54ms	-1.1% ⚪	✅
Large Closest Match Lookup	361.27ms	346.04ms	-4.2% ⚪	✅
Realistic Closest Match Workload	192.35ms	191.43ms	-0.5% ⚪	✅
Event Memory Medium Scan	1770 B/event	1774 B/event	+0.2% ⚪	✅
Event Memory Large Scan	1757 B/event	1757 B/event	+0.0% ⚪	✅
Event Validation Full Scan Startup Small Batch	483.46ms	488.10ms	+1.0% ⚪	✅
Event Validation Full Scan Startup Large Batch	762.02ms	766.36ms	+0.6% ⚪	✅
Make Event Autodetection Small	30.71ms	30.22ms	-1.6% ⚪	✅
Make Event Autodetection Large	314.35ms	311.22ms	-1.0% ⚪	✅
Make Event Explicit Types	13.80ms	13.74ms	-0.4% ⚪	✅
Excavate Single Thread Small	4.043s	4.029s	-0.3% ⚪	✅
Excavate Single Thread Large	9.539s	9.748s	+2.2% ⚪	✅
Excavate Parallel Tasks Small	4.155s	4.148s	-0.2% ⚪	✅
Excavate Parallel Tasks Large	7.261s	7.321s	+0.8% ⚪	✅
Is Ip Performance	3.19ms	3.17ms	-0.6% ⚪	✅
Make Ip Type Performance	11.35ms	11.28ms	-0.6% ⚪	✅
Mixed Ip Operations	4.51ms	4.47ms	-0.8% ⚪	✅
Typical Queue Shuffle	62.80µs	60.65µs	-3.4% ⚪	✅
Priority Queue Shuffle	699.81µs	697.49µs	-0.3% ⚪	✅

🎯 Performance Summary

✅ No significant performance changes detected (all changes <10%)

---

🐍 Python Version 3.11.14

[codecov]

Codecov Report

❌ Patch coverage is 86.64773% with 94 lines in your changes missing coverage. Please review.
✅ Project coverage is 91%. Comparing base (b90f1d3) to head (9b12e26).
⚠️ Report is 10 commits behind head on 3.0.

Files with missing lines	Patch %	Lines
bbot/modules/wayback.py	76%	87 Missing ⚠️
bbot/test/test_step_1/test_helpers.py	77%	3 Missing ⚠️
bbot/modules/httpx.py	60%	2 Missing ⚠️
bbot/core/helpers/web/engine.py	75%	1 Missing ⚠️
...st/test_step_2/module_tests/test_module_wayback.py	100%	1 Missing ⚠️

Additional details and impacted files

@@          Coverage Diff           @@
##             3.0   #2909    +/-   ##
======================================
- Coverage     92%     91%    -0%     
======================================
  Files        436     436            
  Lines      36320   37004   +684     
======================================
+ Hits       33059   33638   +579     
- Misses      3261    3366   +105     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.