Closed Felalex57 closed 3 years ago
Hello there,
I would like to report a similar "bug".
I recently discovered in one of my workflow, that I was submitting bogus URL to pylookyloo, by prefixing a single-quote by a double-quote, and pylookyloo accepted it anyway, leading to bogus scan.
Example of my bogus workflow :
$ lookyloo --listing --query "'http://google.fr'"
https://lookyloo.circl.lu/tree/18f658c0-48b3-47ae-8b5d-35b3bd4c7fc1
But if you look at the lookyloo scan, it does not work as the URL was not correctly formatted.
Hence, could you improve the URL argument parsing in order to prevent bogus results ? For instance by removing all potential quotes around the URL, and also by ensuring that the URL is correctly structured (using this lib ?)
Cheers, and keep up the good work, CIRCL tools are awesome !
Just a note: we want to add the check directly in the
__init__
: https://github.com/Lookyloo/PyLookyloo/blob/main/pylookyloo/api.py#L22