-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Colly has vulnerabilities with medium criticality #764
Comments
This indeed might me improved. This code replicates Instagram algorithm that "authenticates" requests. (though the code is likely outdated, and I doubt it works as is since antibot protection has been likely improved since)
What do you mean? |
Permission denied. > git push -u origin remediating_hashing_vulns
remote: Permission to gocolly/colly.git denied to m-carneiro.
fatal: unable to access 'https://github.com/gocolly/colly.git/': The requested URL returned error: 403 |
In order to contribute, you have to create a fork, push your changes there, and submit a pull request. See https://docs.github.com/en/get-started/quickstart/contributing-to-projects |
Could you also check the
|
CWE-916: Use of Password Hash With Insufficient Computational Effort
On http_backend.go:136
The sha1 hash function is no longer considered secure for cryptographic purposes, as it is vulnerable to attacks such as length extension and collision. To make your hashing more secure, I recommend using a more secure hash function like SHA-256, which is a part of the SHA-2 family, or SHA-3. Here's an example of how to use SHA-256 in Go:
On instagram.go:99
MD5 is an outdated and insecure cryptographic hash function that is not recommended for security-sensitive applications. To make your hashing more secure, you can use a modern hash function like SHA-256, which is part of the SHA-2 family, or SHA-3. Here's an example of how to use SHA-256 in Go:
Tried to do a pull request but 403.
mtscrnr
The text was updated successfully, but these errors were encountered: