Merge pull request #77 from PaperMtn/release/4.4.2

Release/4.4.2

Author: PaperMtn

.github/dependabot.yml

@@ -12,5 +12,4 @@ updates:
     insecure-external-code-execution: "deny"
     ignore:
       - dependency-name: "*"
-    security-updates-only: true
     versioning-strategy: increase

CHANGELOG.md

@@ -1,8 +1,18 @@
-## [4.4.2] - 2025-xx-xx
+## [4.4.2] - 2025-07-05
 ### Added
 - Added `.github/dependabot.yml` with configuration for Dependabot:
   - Use `develop` as target branch
   - Update both `pyproject.toml` and `poetry.lock`
+- README updated to recommend using `pipx` for installation
+
+### Fixed
+- Fixed issue with Poetry build arguments in Dockerfile, which was causing the build to fail.
+
+### Changed
+- Modified signature download process to use `requests` instead of `urllib`, which is more robust and provides better SSL handling. This addresses the issue raised in [#74](https://github.com/PaperMtn/slack-watchman/issues/74)
+- Dependabot updates
+  - `urllib3` updated to `2.5.0`
+  - `requests` updated to `2.32.4`
 
 ## [4.4.1] - 2024-12-18
 ### Fixed

Dockerfile

@@ -4,18 +4,15 @@ WORKDIR /opt/slack-watchman
 COPY . .
 RUN pip install poetry
 RUN poetry config virtualenvs.create false && \
-    poetry install --no-dev && \
+    poetry install --only main && \
     poetry build
 
 FROM python:3.12-slim-bullseye
 WORKDIR /opt/slack-watchman
 COPY --from=builder /opt/slack-watchman/dist/*.whl /opt/slack-watchman/dist/
 COPY --from=builder /opt/slack-watchman/pyproject.toml /opt/slack-watchman/poetry.lock /opt/slack-watchman/
-ENV PYTHONPATH=/opt/slack-watchman \
-    SLACK_WATCHMAN_TOKEN="" \
-    SLACK_WATCHMAN_COOKIE="" \
-    SLACK_WATCHMAN_URL=""
-RUN pip install dist/*.whl && \
-    chmod -R 700 .
+ENV PYTHONPATH=/opt/slack-watchman
+RUN pip install dist/*.whl && rm -rf ./dist
+RUN chmod -R 700 .
 STOPSIGNAL SIGINT
 ENTRYPOINT ["slack-watchman"]

README.md

@@ -165,16 +165,24 @@ An example file is in `docs/example.conf`
 **Note**: Cookie and URL values are optional, and not required if not using cookie authentication.
 
 ## Installation
-You can install the latest stable version via pip:
 
-```commandline
+The recommended way to install Slack Watchman is via [`pipx`](https://pypa.github.io/pipx/), which installs the app in an isolated environment and makes it available on your system `PATH`:
+
+```bash
+pipx install slack-watchman
+```
+
+**Alternative: Install via pip**
+
+You can also install Slack Watchman using pip:
+```bash
 python3 -m pip install slack-watchman
 ```
 
-Or build from source yourself:
+**Alternative: Build from Source**
 
-Download the release source files, then from the top level repository run:
-```commandline
+Download the release source files, then from the top-level directory of the repository, run:
+```bash
 python3 -m pip build
 python3 -m pip install --force-reinstall dist/*.whl
 ```

poetry.lock

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "slack-watchman"
-version = "4.4.1"
+version = "4.4.2"
 description = "Monitoring and enumerating Slack for exposed secrets"
 authors = ["PaperMtn <papermtn@protonmail.com>"]
 license = "GPL-3.0"
@@ -20,8 +20,8 @@ classifiers = [
 python = ">=3.10"
 colorama = "^0.4.6"
 pyyaml = "^6.0.2"
-requests = "^2.32.3"
-beautifulsoup4 = "^4.12.3"
+requests = "^2.32.4"
+beautifulsoup4 = "^4.13.4"
 
 [tool.poetry.group.dev.dependencies]
 pytest = "^8.3.3"

pyproject.toml

@@ -4,9 +4,9 @@
 import traceback
 import zipfile
 from typing import List
-from urllib.request import urlopen
 
 import yaml
+import requests
 
 from slack_watchman.loggers import JSONLogger, StdoutLogger
 from slack_watchman.models.signature import Signature, create_from_dict
@@ -34,28 +34,29 @@ def download_signatures(self) -> List[Signature]:
             List[Signature]: A list of processed Signature objects.
         """
         try:
-            with urlopen(SIGNATURE_URL) as response:
-                with zipfile.ZipFile(io.BytesIO(response.read())) as signatures_zip_file:
-                    signature_objects = []
+            response = requests.get(SIGNATURE_URL, stream=True, timeout=10)
+            response.raise_for_status()
+            with zipfile.ZipFile(io.BytesIO(response.content)) as signatures_zip_file:
+                signature_objects = []
 
-                    for file_path in signatures_zip_file.namelist():
-                        if file_path.endswith('/'):  # Skip directories
-                            continue
+                for file_path in signatures_zip_file.namelist():
+                    if file_path.endswith('/'):  # Skip directories
+                        continue
 
-                        signature_name = os.path.basename(file_path)
-                        self.logger.log('DEBUG', f'Processing {file_path}...')
+                    signature_name = os.path.basename(file_path)
+                    self.logger.log('DEBUG', f'Processing {file_path}...')
 
-                        with signatures_zip_file.open(file_path) as source:
-                            file_content = source.read()
+                    with signatures_zip_file.open(file_path) as source:
+                        file_content = source.read()
 
-                        if file_path.endswith('.yaml'):
-                            processed_signatures = self._process_signature(file_content)
-                            signature_objects.extend(processed_signatures)
-                            self.logger.log('INFO', f'Downloaded and processed signature file: {signature_name}')
-                        else:
-                            self.logger.log('DEBUG', f'Skipping unrecognized file: {file_path}')
+                    if file_path.endswith('.yaml'):
+                        processed_signatures = self._process_signature(file_content)
+                        signature_objects.extend(processed_signatures)
+                        self.logger.log('INFO', f'Downloaded and processed signature file: {signature_name}')
+                    else:
+                        self.logger.log('DEBUG', f'Skipping unrecognized file: {file_path}')
 
-                    return signature_objects
+                return signature_objects
 
         except Exception as e:
             self.logger.log('CRITICAL', f"Error processing signature files: {e}")

src/slack_watchman/signature_downloader.py

@@ -19,14 +19,15 @@ def downloader(mock_logger):
     return SignatureDownloader(logger=mock_logger)
 
 
-@patch('slack_watchman.signature_downloader.urlopen')
+@patch('slack_watchman.signature_downloader.requests.get')
 @patch('slack_watchman.signature_downloader.zipfile.ZipFile')
-def test_download_signatures(mock_zipfile, mock_urlopen, downloader, mock_logger):
+def test_download_signatures(mock_zipfile, mock_get, downloader, mock_logger):
     """Test the download_signatures method."""
-    # Mock response from urlopen
+    # Set up mock response
     mock_response = MagicMock()
-    mock_response.read.return_value = b'mock_zip_content'
-    mock_urlopen.return_value.__enter__.return_value = mock_response
+    mock_response.status_code = 200
+    mock_response.content = b'zipfile-bytes'
+    mock_get.return_value = mock_response
 
     # Mock a zip file structure
     mock_zip = MagicMock()
@@ -116,8 +117,8 @@ def test_process_signature():
     })
 
 
-@patch('slack_watchman.signature_downloader.urlopen', side_effect=Exception('Mocked Exception'))
-def test_download_signatures_exception(mock_urlopen, downloader, mock_logger):
+@patch('slack_watchman.signature_downloader.requests.get', side_effect=Exception('Mocked Exception'))
+def test_download_signatures_exception(mock_get, downloader, mock_logger):
     """Test that download_signatures handles exceptions correctly."""
     with pytest.raises(SystemExit):  # sys.exit(1) triggers SystemExit
         downloader.download_signatures()