joelverhagen
commented
1 year ago Thanks for bring this to our attention @raphaelmoreira! In general, testing the root path of an allowed image host is not a sufficient test to determine whether the service is active or not. In many cases, a full image URL still works. For example raw.githubusercontent.com has many working URLs such as https://raw.githubusercontent.com/JamesNK/Newtonsoft.Json/master/Doc/icons/logo.jpg.
However, there are indeed some hosts that appear to be retired or down. I wrote a query to find a sample URL for each host.
Query for internal reference
```kusto let AllowedHosts = pack_array( "api.bintray.com", "api.codacy.com", "app.codacy.com", "api.codeclimate.com", "api.dependabot.com", "api.travis-ci.com", "api.travis-ci.org", "api.reuse.software", "app.fossa.io", "app.fossa.com", "badge.fury.io", "badgen.net", "badges.gitter.im", "bettercodehub.com", "buildstats.info", "caniuse.bitsofco.de", "cdn.jsdelivr.net", "cdn.syncfusion.com", "ci.appveyor.com", "circleci.com", "codecov.io", "codefactor.io", "coveralls.io", "dev.azure.com", "flat.badgen.net", "gitlab.com", "img.shields.io", "i.imgur.com", "isitmaintained.com", "opencollective.com", "snyk.io", "sonarcloud.io", "travis-ci.com", "travis-ci.org", "avatars.githubusercontent.com", "raw.github.com", "raw.githubusercontent.com", "user-images.githubusercontent.com", "camo.githubusercontent.com" ); let GithubBadgeUrlRegEx = "^(https|http):\\/\\/github\\.com\\/[^/]+\\/[^/]+(\\/actions)?\\/workflows\\/.*badge\\.svg"; let ImageHostReport = NiPackageReadmes | where isnotempty(Content) | join kind=inner (NiPackageDownloads | distinct LowerId, TotalDownloads) on LowerId | extend Images = extract_all("!\\[([^\\]]*)\\]\\(([^\\)]+)\\)", Content) | where isnotempty(Images) | project Id, Version, LowerId, Identity, TotalDownloads, Images | mv-expand Image = Images | extend ImageAlt = tostring(Image[0]) | extend ImageUrl = tostring(Image[1]) | project-away Images, Image | extend ParsedImageUrl = parse_url(ImageUrl) | extend ImageHost = tolower(tostring(ParsedImageUrl.Host)) | where isempty(ParsedImageUrl.Host) == false | extend AllowedHost = set_has_element(AllowedHosts, ImageHost) and tolower(ParsedImageUrl.Scheme) in ("http", "https") | extend GithubBadge = tolower(ImageUrl) matches regex GithubBadgeUrlRegEx | extend Type = iif(AllowedHost, ImageHost, iif(GithubBadge, "GitHub badge", "Blocked")) | summarize PackageIdCount = dcount(LowerId), (_, SampleId, SampleVersion, SampleUrl) = arg_max(TotalDownloads, Id, Version, ImageUrl) by Type | project-away _ | order by PackageIdCount desc; let QuestionedHosts = pack_array( "api.bintray.com", "api.codeclimate.com", "api.dependabot.com", "api.travis-ci.org", "avatars.githubusercontent.com", "badges.gitter.im", "bettercodehub.com", "camo.githubusercontent.com", "cdn.syncfusion.com", "opencollective.com", "raw.github.com", "raw.githubusercontent.com", "user-images.githubusercontent.com" ); ImageHostReport | where set_has_element(QuestionedHosts, Type) | project-away PackageIdCount | order by Type asc ```Some of these (such as api.bintray.com) are broken and for very explainable reasons. For example, Bintray was retired by JFrog (https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/). We should go through the list and verify the hosts are still acceptable.
lyndaidaii
Impact
Other
Describe the bug
On the official website, about how to package a library, in the "Allowed domains for images and badges" section, the following suggested links no longer exist:
{})avatars.githubusercontent.com (redirect to github.com)Repro Steps
Just access these links.
Expected Behavior
Update documentation and remove the obsolete links
Screenshots
No response
Additional Context and logs
No response