registry: upgrade http→https where https is verified working#92
Merged
Conversation
Probed every http:// source URL (tools/check-http-urls.py from the 2026-06 security audit); upgraded the 5 where https serves the resource with a valid cert (6 occurrences across 4 files): 9front bugs tracker, ZTE support, vapidlabs root, Florida statutes. Format-preserving; JSON re-validated. Left as http (https broken): veriscommunity.net (cert hostname mismatch), www.pentest-standard.org (https protocol error) -> add to http allowlist. Flagged for manual review (not auto-touched): www.planalto.gov.br (connection reset on both schemes — likely UA-blocking, live gov site) and a dead vapidlabs policy path (404 both schemes). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Upgrades 5 source URLs (6 occurrences across 4 files) from
http://tohttps://, after probing each withtools/check-http-urls.py(from the 2026-06 security audit) and confirming https serves the resource with a valid cert.Upgraded (https verified)
bugs.9front.org/+/disclosure—disclosure/org/9front.jsonsupport.zte.com.cn/support/news/NewsMain.aspx—disclosure/cn/com/zte.jsonwww.leg.state.fl.us/statutes/—regulation/gov/florida.jsonwww.vapidlabs.com/—disclosure/com/me.jsonFormat-preserving (targeted string replace); all 4 files re-validated as JSON.
Intentionally left as http (https broken — follow-up)
veriscommunity.net— https cert hostname mismatchwww.pentest-standard.org— https protocol error (UNEXPECTED_EOF)http-exception-allowlist.txtFlagged for manual review (not touched)
www.planalto.gov.br— connection reset on both schemes (likely User-Agent blocking of a live gov site, not down)www.vapidlabs.com/misc/policy.html— 404 on both schemes (dead link)🤖 Generated with Claude Code