Skip to content

Comments

Add legacy tools/cli.py shim, document it, and tighten apex domain logic#22

Merged
Victor-Dixon merged 1 commit intomainfrom
codex/fix-importerror-in-test_toolbelt.py-0ax4ql
Dec 31, 2025
Merged

Add legacy tools/cli.py shim, document it, and tighten apex domain logic#22
Victor-Dixon merged 1 commit intomainfrom
codex/fix-importerror-in-test_toolbelt.py-0ax4ql

Conversation

@Victor-Dixon
Copy link
Owner

@Victor-Dixon Victor-Dixon commented Dec 31, 2025

Motivation

  • Restore compatibility for existing automation that invokes python tools/cli.py by providing a minimal shim that forwards to the unified CLI entrypoint.
  • Prevent generation of off-target FQDNs when deriving an apex domain from subdomains by preferring the original host unless a safe prefix strip is possible.
  • Preserve special-case handling for common two-level public suffixes such as co.uk when computing apex domains.
  • Maintain project constraints around single-source-of-truth (SSOT) and Python file size limits during edits.

Description

  • Add a lightweight legacy shim tools/cli.py that imports main from tools.cli.main and exits with its return code to keep python tools/cli.py working.
  • Document the shim and its intended minimal/temporary nature in tools/cli/README.md with usage examples and migration guidance.
  • Update _apex_domain in tools_v2/categories/security_audit_tools.py to return the original host by default and only strip a known host prefix when the resulting candidate does not collapse into a known two-level public suffix.
  • Keep the COMMON_PUBLIC_SUFFIX_2 logic to ensure three-part apex domains are returned for those suffixes.

Testing

  • No automated tests (unit tests, pytest, or CI) were executed after these changes.
  • Recommend running the repository test suite (pytest -q) and CI pipelines to validate runtime behavior and prevent regressions.

Codex Task


Note

Introduces a legacy CLI shim and refines domain handling.

  • Adds tools/cli.py shim that forwards to tools.cli.main to preserve python tools/cli.py entrypoint
  • Documents shim usage and migration notes in tools/cli/README.md
  • Updates _apex_domain in tools_v2/categories/security_audit_tools.py to default to the original host, preserve two-level public suffix handling (e.g., co.uk), and strip common prefixes only when safe to avoid off-target FQDNs

Written by Cursor Bugbot for commit e37059f. Configure here.

@Victor-Dixon Victor-Dixon merged commit da8d1da into main Dec 31, 2025
1 of 2 checks passed
@Victor-Dixon Victor-Dixon deleted the codex/fix-importerror-in-test_toolbelt.py-0ax4ql branch December 31, 2025 23:31
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +41 to +45
if parts[0] in COMMON_HOST_PREFIXES and len(parts) >= 3:
candidate = ".".join(parts[1:])
candidate_suffix2 = ".".join(candidate.split(".")[-2:])
if candidate_suffix2 not in COMMON_PUBLIC_SUFFIX_2:
return candidate

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Strip only rare prefixes breaks subdomain probing

Because _apex_domain now only strips the first label when it is in COMMON_HOST_PREFIXES, common inputs like api.example.com or staging.example.com are treated as the “apex” and the function falls through to return the full host. That means _probe_subdomains will generate admin.api.example.com, www.staging.example.com, etc., instead of probing siblings such as admin.example.com, which is the behavior implied by the default subdomains list. This is a regression for typical URLs where the first label is not in {www,m,app,beta}, and it will silently miss the intended subdomain checks.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant