Skip to content

fix: v0.10.1 — timeout analisi su email con molti URL (WHOIS dedup)#15

Merged
overwrite00 merged 2 commits into
mainfrom
claude/keen-goldstine
Apr 13, 2026
Merged

fix: v0.10.1 — timeout analisi su email con molti URL (WHOIS dedup)#15
overwrite00 merged 2 commits into
mainfrom
claude/keen-goldstine

Conversation

@overwrite00

@overwrite00 overwrite00 commented Apr 13, 2026

Copy link
Copy Markdown
Owner

Root cause

Email con molti URL dallo stesso dominio (es. newsletter HTML con 20+ immagini CDN) causavano l'errore timeout of 60000ms exceeded nel frontend.

analyze_urls() eseguiva una query WHOIS per ogni URL invece che per dominio unico. Con 42 URL e 8 worker paralleli: ceil(42/8) = 6 round × 8s per WHOIS = 48s solo di WHOIS, più DNS e overhead → totale >60s.

Fix

backend/core/analysis/url_analyzer.py

  • Cache WHOIS pre-calcolata per dominio unico prima dell'analisi parallela degli URL
  • _analyze_single_url() accetta whois_cache opzionale (retrocompatibile)
  • Benchmark su sample-35.eml: 7 query WHOIS invece di 23 → 11.6s invece di 60s+

Bundle + frontend/src/api/client.js

  • Timeout runAnalysis e analyzeManual: 60s → 300s (margine per email complesse)

overwrite00 and others added 2 commits April 13, 2026 11:07
Root cause: analyze_urls() eseguiva una query WHOIS per ogni URL invece che
per dominio unico. Email con 42 URL da paypalobjects.com (CDN immagini/font)
generavano 42 query WHOIS identiche → 60s+ → timeout 60000ms nel frontend.

Fix backend (url_analyzer.py):
- Cache WHOIS pre-calcolata per dominio unico prima dell'analisi parallela
- _analyze_single_url() accetta whois_cache opzionale (retrocompat.)
- Risultato: 7 query WHOIS invece di 42 → ~12s invece di 60s+

Fix frontend (bundle + client.js):
- Timeout runAnalysis e analyzeManual: 60s → 300s

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@overwrite00 overwrite00 merged commit c1466f5 into main Apr 13, 2026
1 check passed
@overwrite00 overwrite00 deleted the claude/keen-goldstine branch April 14, 2026 15:55
overwrite00 added a commit that referenced this pull request Jul 13, 2026
CodeQL alert #15 (py/stack-trace-exposure, CWE-209/497): GET /api/reputation/test-urlscan
is a public unauthenticated endpoint that returned raw exception messages and type names
to the caller. Exception details are now logged server-side only; the client receives a
generic error message.
overwrite00 added a commit that referenced this pull request Jul 13, 2026
* chore(deps-backend)(deps): bump the minor-and-patch group across 1 directory with 4 updates (#127)

Bumps the minor-and-patch group with 4 updates in the /backend directory: [fastapi](https://github.com/fastapi/fastapi), [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/), [slowapi](https://github.com/laurents/slowapi) and [coverage](https://github.com/coveragepy/coveragepy).


Updates `fastapi` from 0.138.0 to 0.139.0
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.138.0...0.139.0)

Updates `beautifulsoup4` from 4.14.0 to 4.15.0

Updates `slowapi` from 0.1.9 to 0.1.10
- [Release notes](https://github.com/laurents/slowapi/releases)
- [Changelog](https://github.com/laurentS/slowapi/blob/master/CHANGELOG.md)
- [Commits](laurentS/slowapi@v0.1.9...v0.1.10)

Updates `coverage` from 7.6.1 to 7.14.3
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.6.1...7.14.3)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.139.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: beautifulsoup4
  dependency-version: 4.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: slowapi
  dependency-version: 0.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: coverage
  dependency-version: 7.14.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-backend)(deps): bump the minor-and-patch group (#130)

Bumps the minor-and-patch group in /backend with 2 updates: [uvicorn](https://github.com/Kludex/uvicorn) and [coverage](https://github.com/coveragepy/coveragepy).


Updates `uvicorn` from 0.49.0 to 0.50.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.49.0...0.50.0)

Updates `coverage` from 7.14.3 to 7.15.0
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.14.3...7.15.0)

---
updated-dependencies:
- dependency-name: uvicorn
  dependency-version: 0.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: coverage
  dependency-version: 7.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-frontend)(deps): bump the minor-and-patch group (#131)

Bumps the minor-and-patch group in /frontend with 2 updates: [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) and [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom).


Updates `lucide-react` from 1.22.0 to 1.23.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.23.0/packages/lucide-react)

Updates `react-router-dom` from 7.18.0 to 7.18.1
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/react-router-dom@7.18.1/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.18.1/packages/react-router-dom)

---
updated-dependencies:
- dependency-name: lucide-react
  dependency-version: 1.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: react-router-dom
  dependency-version: 7.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-frontend)(deps-dev): bump the development-updates group across 1 directory with 3 updates (#133)

Bumps the development-updates group with 3 updates in the /frontend directory: [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js), [eslint](https://github.com/eslint/eslint) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).


Updates `@eslint/js` from 9.39.4 to 9.39.5
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.39.5/packages/js)

Updates `eslint` from 9.39.4 to 9.39.5
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.39.4...v9.39.5)

Updates `vite` from 8.1.0 to 8.1.4
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.39.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-updates
- dependency-name: eslint
  dependency-version: 9.39.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-updates
- dependency-name: vite
  dependency-version: 8.1.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix: prevent stack trace exposure in URLScan.io health check endpoint

CodeQL alert #15 (py/stack-trace-exposure, CWE-209/497): GET /api/reputation/test-urlscan
is a public unauthenticated endpoint that returned raw exception messages and type names
to the caller. Exception details are now logged server-side only; the client receives a
generic error message.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant