changes proposed by pixee bot

app/request.py

@@ -2,7 +2,6 @@ from app.models.config import Config
 from app.utils.misc import read_config_bool
 from datetime import datetime
 from defusedxml import ElementTree as ET
-import random
 import requests
 from requests import Response, ConnectionError
 import urllib.parse as urlparse
@@ -11,6 +10,8 @@ from stem import Signal, SocketError
 from stem.connection import AuthenticationFailure
 from stem.control import Controller
 from stem.connection import authenticate_cookie, authenticate_password
+import secrets
+from security import safe_requests
 
 MAPS_URL = 'https://maps.google.com/maps'
 AUTOCOMPLETE_URL = ('https://suggestqueries.google.com/'
@@ -81,8 +82,8 @@ def gen_user_agent(is_mobile) -> str:
     if user_agent_mobile and is_mobile:
         return user_agent_mobile
 
-    firefox = random.choice(['Choir', 'Squier', 'Higher', 'Wire']) + 'fox'
+    firefox = secrets.SystemRandom().choice(['Choir', 'Squier', 'Higher', 'Wire']) + 'fox'
-    linux = random.choice(['Win', 'Sin', 'Gin', 'Fin', 'Kin']) + 'ux'
+    linux = secrets.SystemRandom().choice(['Win', 'Sin', 'Gin', 'Fin', 'Kin']) + 'ux'
 
     if is_mobile:
         return MOBILE_UA.format("Mozilla", firefox)
@@ -210,8 +211,7 @@ class Request:
             self.modified_user_agent_mobile = gen_user_agent(True)
 
         # Set up proxy, if previously configured
-        proxy_path = os.environ.get('WHOOGLE_PROXY_LOC', '')
+        if proxy_path := os.environ.get('WHOOGLE_PROXY_LOC', ''):
-        if proxy_path:
             proxy_type = os.environ.get('WHOOGLE_PROXY_TYPE', '')
             proxy_user = os.environ.get('WHOOGLE_PROXY_USER', '')
             proxy_pass = os.environ.get('WHOOGLE_PROXY_PASS', '')
@@ -323,7 +323,7 @@ class Request:
         if self.tor:
             try:
                 tor_check = requests.get('https://check.torproject.org/',
-                                         proxies=self.proxies, headers=headers)
+                                         proxies=self.proxies, headers=headers, timeout=60)
                 self.tor_valid = 'Congratulations' in tor_check.text
 
                 if not self.tor_valid:
@@ -336,11 +336,10 @@ class Request:
                     "Error raised during Tor connection validation",
                     disable=True)
 
-        response = requests.get(
+        response = safe_requests.get((base_url or self.search_url) + query,
-            (base_url or self.search_url) + query,
             proxies=self.proxies,
             headers=headers,
-            cookies=cookies)
+            cookies=cookies, timeout=60)
 
         # Retry query with new identity if using Tor (max 10 attempts)
         if 'form id="captcha-form"' in response.text and self.tor:

app/utils/bangs.py

@@ -17,7 +17,7 @@ def gen_bangs_json(bangs_file: str) -> None:
     """
     try:
         # Request full list from DDG
-        r = requests.get(DDG_BANGS)
+        r = requests.get(DDG_BANGS, timeout=60)
         r.raise_for_status()
     except requests.exceptions.HTTPError as err:
         raise SystemExit(err)

app/utils/misc.py

@@ -6,7 +6,7 @@ import hashlib
 import io
 import os
 import re
-from requests import exceptions, get
+from security.safe_requests import exceptions, get
 from urllib.parse import urlparse
 
 ddg_favicon_site = 'http://icons.duckduckgo.com/ip2'
@@ -36,7 +36,7 @@ def fetch_favicon(url: str) -> bytes:
     """
     domain = urlparse(url).netloc
 
-    response = get(f'{ddg_favicon_site}/{domain}.ico')
+    response = get(f'{ddg_favicon_site}/{domain}.ico', timeout=60)
 
     if response.status_code == 200 and len(response.content) > 0:
         tmp_mem = io.BytesIO()
@@ -99,7 +99,7 @@ def get_proxy_host_url(r: Request, default: str, root=False) -> str:
 def check_for_update(version_url: str, current: str) -> int:
     # Check for the latest version of Whoogle
     try:
-        update = bsoup(get(version_url).text, 'html.parser')
+        update = bsoup(get(version_url, timeout=60).text, 'html.parser')
         latest = update.select_one('[class="Link--primary"]').string[1:]
         current = int(''.join(filter(str.isdigit, current)))
         latest = int(''.join(filter(str.isdigit, latest)))

misc/replit.py

@@ -1,5 +1,6 @@
 import subprocess
+from security import safe_command
 
 # A plague upon Replit and all who have built it
 replit_cmd = "killall -q python3 > /dev/null 2>&1; pip install -r requirements.txt && ./run"
-subprocess.run(replit_cmd, shell=True)
+safe_command.run(subprocess.run, replit_cmd, shell=True)

misc/update-translations.py

@@ -1,6 +1,6 @@
 import json
 import pathlib
-import requests
+from security import safe_requests
 
 lingva = 'https://lingva.ml/api/v1/en'
 
@@ -25,7 +25,7 @@ def translate(v: str, lang: str) -> str:
 
     lingva_req = f'{lingva}/{lang}/{v}'
 
-    response = requests.get(lingva_req).json()
+    response = safe_requests.get(lingva_req, timeout=60).json()
 
     if 'translation' in response:
         return response['translation']

requirements.txt

@@ -35,3 +35,4 @@ waitress==2.1.2
 wcwidth==0.2.6
 Werkzeug==3.0.1
 python-dotenv==0.21.1
+security~=1.2.0

setup.cfg

@@ -29,6 +29,7 @@ install_requires=
     stem
     validators
     waitress
+    security~=1.2.0
 
 [options.extras_require]
 test =