Fix: Standardize User-Agent headers across Importers (#2122)#2185
Open
NamanmeetSingh wants to merge 1 commit intoaboutcode-org:mainfrom
Open
Fix: Standardize User-Agent headers across Importers (#2122)#2185NamanmeetSingh wants to merge 1 commit intoaboutcode-org:mainfrom
NamanmeetSingh wants to merge 1 commit intoaboutcode-org:mainfrom
Conversation
…rs to prevent blocking Signed-off-by: Namanmeet Singh <singhnamanmeet@gmail.com>
NamanmeetSingh
force-pushed
the
fix-2122-user-agent
branch
from
80940ca to
afa3b84
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #2122
Description:
This PR implements a standardized
User-Agentheader across all network-calling modules to prevent upstream bot-blocking (like 403 Forbidden errors), as outlined in Issue #2122.Note: @Kiran95021 had a great write-up for this issue previously! Since there hadn't been any recent activity on it and GSoC prep is ramping up, I went ahead and drafted the implementation to help get this unblocked. If you were already working on this locally, please let me know—I'm happy to collaborate!
Changes Made:
VC_USER_AGENTconstant tovulnerablecode/settings.py.requests.get,requests.post, andurllibcalls insideimporters,pipelines,datasources, andutils.pyto securely pass the new header.requests_with_5xx_retry).pytestmock files (usingmock_get.call_argsand**kwargsin monkeypatches) to strictly assert and validate the presence of the new header.Testing:
docker compose exec vulnerablecode ./manage.py import nginx_importerlocally on WSL2.