search

pdehaan / blurts-missing-logos

Scan for missing breach logos
Mozilla Public License 2.0
0 stars 0 forks source link

Add in logic for scanning CDN #1

Open pdehaan opened 4 years ago

pdehaan commented 4 years ago

Currently, the tool is a bit flaky since a file can be on the CDN (post PR merge), but the image asset is not yet on the production site until a new server deploy, so the tool reports this as a 404, despite the image being on the CDN and working a-ok.

npx pdehaan/blurts-missing-logos -p

[
  {
    "logo": "https://monitor.firefox.com/img/logos/Slickwraps.png",
    "details": "https://monitor.firefox.com/breach-details/Slickwraps",
    "status": 404
  }
]

Need to poke around the code and see if I can add a new flag (-c or -cdn or something) which scans the CDN instead of the production server's local version -- which is very likely to lag behind until the next prod deploy).

https://monitor.cdn.mozilla.net/img/logos/Slickwraps.png

pdehaan commented 4 years ago

Fixed via 1d5ce0241c7d1056b2e4e83ecf93c11e37450697

BEFORE

npx pdehaan/blurts-missing-logos -p

API: https://monitor.firefox.com/hibp/breaches
CDN: https://monitor.firefox.com
[
  {
    "logo": "https://monitor.firefox.com/img/logos/Slickwraps.png",
    "details": "https://monitor.firefox.com/breach-details/Slickwraps",
    "status": 404
  }
]

AFTER

npx pdehaan/blurts-missing-logos -c

API: https://monitor.firefox.com/hibp/breaches
CDN: https://monitor.cdn.mozilla.net
[]
pdehaan commented 4 years ago

I'm confident that the code works, but I'm less confident that I have the correct defaults.

IIRC, the default behavior is currently scanning the dev (Heroku) server by default and checking local images [1]. If you want to check the production server, you need to pass the -p arg [2], which still assumes local images (which isn't how production is configured, but hey)... If you want to check the production server with the CDN, you need to pass the -c arg [3], which is what you'd probably expect.

[1]

npx pdehaan/blurts-missing-logos

API: https://fx-breach-alerts.herokuapp.com/hibp/breaches
CDN: https://fx-breach-alerts.herokuapp.com

[2]

npx pdehaan/blurts-missing-logos -p

API: https://monitor.firefox.com/hibp/breaches
CDN: https://monitor.firefox.com

[3]

npx pdehaan/blurts-missing-logos -c

API: https://monitor.firefox.com/hibp/breaches
CDN: https://monitor.cdn.mozilla.net

Not sure if using -p should assume production API server w/ CDN image assets.