Skip to content

3.0.1 Release#3271

Draft
liquidsec wants to merge 95 commits into
stablefrom
dev
Draft

3.0.1 Release#3271
liquidsec wants to merge 95 commits into
stablefrom
dev

Conversation

@liquidsec

Copy link
Copy Markdown
Collaborator

No description provided.

dependabot Bot and others added 15 commits July 8, 2026 14:02
Bumps [griffe](https://github.com/mkdocstrings/griffe) from 1.15.0 to 2.1.0.
- [Release notes](https://github.com/mkdocstrings/griffe/releases)
- [Changelog](https://github.com/mkdocstrings/griffe/blob/main/CHANGELOG.md)
- [Commits](mkdocstrings/griffe@1.15.0...2.1.0)

---
updated-dependencies:
- dependency-name: griffe
  dependency-version: 2.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [websockets](https://github.com/python-websockets/websockets) from 15.0.1 to 16.0.
- [Release notes](https://github.com/python-websockets/websockets/releases)
- [Commits](python-websockets/websockets@15.0.1...16.0)

---
updated-dependencies:
- dependency-name: websockets
  dependency-version: '16.0'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 4.5.1 to 4.6.0.
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md)
- [Commits](pre-commit/pre-commit@v4.5.1...v4.6.0)

---
updated-dependencies:
- dependency-name: pre-commit
  dependency-version: 4.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pip](https://github.com/pypa/pip) from 26.0.1 to 26.1.2.
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](pypa/pip@26.0.1...26.1.2)

---
updated-dependencies:
- dependency-name: pip
  dependency-version: 26.1.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 7.0.0 to 7.1.0.
- [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
- [Commits](pytest-dev/pytest-cov@v7.0.0...v7.1.0)

---
updated-dependencies:
- dependency-name: pytest-cov
  dependency-version: 7.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [mike](https://github.com/jimporter/mike) from 2.1.3 to 2.2.0.
- [Release notes](https://github.com/jimporter/mike/releases)
- [Changelog](https://github.com/jimporter/mike/blob/master/CHANGES.md)
- [Commits](jimporter/mike@v2.1.3...v2.2.0)

---
updated-dependencies:
- dependency-name: mike
  dependency-version: 2.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [idna](https://github.com/kjd/idna) from 3.11 to 3.18.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)
- [Commits](kjd/idna@v3.11...v3.18)

---
updated-dependencies:
- dependency-name: idna
  dependency-version: '3.18'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…griffe-2.1.0

Bump griffe from 1.15.0 to 2.1.0
…websockets-16.0

Bump websockets from 15.0.1 to 16.0
…pre-commit-4.6.0

Bump pre-commit from 4.5.1 to 4.6.0
Bumps [pytest-rerunfailures](https://github.com/pytest-dev/pytest-rerunfailures) from 16.1 to 16.4.
- [Changelog](https://github.com/pytest-dev/pytest-rerunfailures/blob/master/CHANGES.rst)
- [Commits](pytest-dev/pytest-rerunfailures@16.1...16.4)

---
updated-dependencies:
- dependency-name: pytest-rerunfailures
  dependency-version: '16.4'
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [maturin](https://github.com/pyo3/maturin) from 1.13.3 to 1.14.1.
- [Release notes](https://github.com/pyo3/maturin/releases)
- [Changelog](https://github.com/PyO3/maturin/blob/main/Changelog.md)
- [Commits](PyO3/maturin@v1.13.3...v1.14.1)

---
updated-dependencies:
- dependency-name: maturin
  dependency-version: 1.14.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…maturin-1.14.1

Bump maturin from 1.13.3 to 1.14.1
@liquidsec
liquidsec marked this pull request as draft July 8, 2026 17:33
liquidsec added 2 commits July 8, 2026 13:34
…pytest-rerunfailures-16.4

Bump pytest-rerunfailures from 16.1 to 16.4
…pytest-cov-7.1.0

Bump pytest-cov from 7.0.0 to 7.1.0
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

📊 Performance Benchmark Report

Comparing stable (baseline) vs dev (current)

📈 Detailed Results (All Benchmarks)

📋 Complete results for all benchmarks - includes both significant and insignificant changes

🧪 Test Name 📏 Base 📏 Current 📈 Change 🎯 Status
Bloom Filter Dns Mutation Tracking Performance 3.94ms 3.96ms +0.6%
Bloom Filter Large Scale Dns Brute Force 17.94ms 17.74ms -1.1%
Large Closest Match Lookup 339.88ms 340.37ms +0.1%
Realistic Closest Match Workload 174.96ms 181.12ms +3.5%
Event Memory Medium Scan 1402 B/event 1402 B/event +0.0%
Event Memory Large Scan 1527 B/event 1527 B/event +0.0%
Event Validation Full Scan Startup Small Batch 378.09ms 379.75ms +0.4%
Event Validation Full Scan Startup Large Batch 494.64ms 500.96ms +1.3%
Make Event Autodetection Small 20.93ms 22.27ms +6.4%
Make Event Autodetection Large 215.53ms 227.02ms +5.3%
Make Event Explicit Types 9.18ms 9.81ms +6.8%
Excavate Single Thread Small 3.767s 3.703s -1.7%
Excavate Single Thread Large 9.876s 9.812s -0.7%
Excavate Parallel Tasks Small 3.886s 3.849s -0.9%
Excavate Parallel Tasks Large 6.321s 6.286s -0.6%
Intercept Throughput Small 839.77ms 850.37ms +1.3%
Intercept Throughput Medium 886.90ms 888.00ms +0.1%
Dns Throughput Quiet 2.287s 2.317s +1.3%
Dns Throughput Loaded 1.706s 1.703s -0.2%
Dns Throughput Inherited 2.074s 2.099s +1.2%
Is Ip Performance 2.00ms 2.01ms +0.9%
Make Ip Type Performance 170.97µs 178.31µs +4.3%
Mixed Ip Operations 2.06ms 2.08ms +1.1%
Memory Use Web Crawl 1.0 MB 1.0 MB +0.0%
Memory Use Subdomain Enum 28.3 MB 28.3 MB +0.0%
Memory Use Deep Chain 5.0 MB 5.0 MB +0.0%
Memory Use Parallel Chains 12.7 MB 10.2 MB -19.7% 🟢🟢 🚀
Scan Throughput 100 2.534s 2.511s -0.9%
Scan Throughput 1000 17.284s 17.469s +1.1%
Typical Queue Shuffle 5.01µs 4.98µs -0.7%
Priority Queue Shuffle 23.52µs 23.45µs -0.3%

🎯 Performance Summary

+ 1 improvement 🚀
  30 unchanged ✅

🔍 Significant Changes (>10%)

  • Memory Use Parallel Chains: 19.7% 🚀 less memory

🐍 Python Version 3.11.15

@codecov

codecov Bot commented Jul 8, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 97.44898% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 90%. Comparing base (5355bd1) to head (1e01051).

Files with missing lines Patch % Lines
...est_step_2/module_tests/test_module_virtualhost.py 96% 3 Missing ⚠️
bbot/modules/waf_bypass.py 89% 1 Missing ⚠️
bbot/test/test_step_1/test_validate_preset.py 91% 1 Missing ⚠️
Additional details and impacted files
@@           Coverage Diff           @@
##           stable   #3271    +/-   ##
=======================================
+ Coverage      90%     90%    +1%     
=======================================
  Files         450     450            
  Lines       46100   46285   +185     
=======================================
+ Hits        41347   41548   +201     
+ Misses       4753    4737    -16     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

liquidsec and others added 10 commits July 8, 2026 16:26
…mike-2.2.0

Bump mike from 2.1.3 to 2.2.0
…pip-26.1.2

Bump pip from 26.0.1 to 26.1.2
Raw control bytes (e.g. 0x0e Shift Out) in scan data could flip the
terminal into its line-drawing charset, garbling all later output.
Sanitize scan-derived text at the console boundaries (stderr log
formatter, stdout module, log_to_stderr) via a shared make_printable().
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.3 to 2.7.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.6.3...2.7.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.7.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
liquidsec and others added 30 commits July 9, 2026 15:22
…own-extensions-10.21.3

Bump pymdown-extensions from 10.20.1 to 10.21.3
Bumps [werkzeug](https://github.com/pallets/werkzeug) from 3.1.5 to 3.1.8.
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@3.1.5...3.1.8)

---
updated-dependencies:
- dependency-name: werkzeug
  dependency-version: 3.1.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [ansible-runner](https://github.com/ansible/ansible-runner) from 2.4.2 to 2.4.3.
- [Release notes](https://github.com/ansible/ansible-runner/releases)
- [Commits](ansible/ansible-runner@2.4.2...2.4.3)

---
updated-dependencies:
- dependency-name: ansible-runner
  dependency-version: 2.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.7.1 to 9.7.6.
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](squidfunk/mkdocs-material@9.7.1...9.7.6)

---
updated-dependencies:
- dependency-name: mkdocs-material
  dependency-version: 9.7.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [xxhash](https://github.com/ifduyue/python-xxhash) from 3.6.0 to 3.8.1.
- [Release notes](https://github.com/ifduyue/python-xxhash/releases)
- [Changelog](https://github.com/ifduyue/python-xxhash/blob/master/CHANGELOG.rst)
- [Commits](ifduyue/python-xxhash@v3.6.0...v3.8.1)

---
updated-dependencies:
- dependency-name: xxhash
  dependency-version: 3.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [deepdiff](https://github.com/qlustered/deepdiff) from 8.6.2 to 9.1.0.
- [Release notes](https://github.com/qlustered/deepdiff/releases)
- [Changelog](https://github.com/qlustered/deepdiff/blob/master/CHANGELOG.md)
- [Commits](https://github.com/qlustered/deepdiff/commits)

---
updated-dependencies:
- dependency-name: deepdiff
  dependency-version: 9.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [mkdocstrings-python](https://github.com/mkdocstrings/python) from 2.0.2 to 2.0.5.
- [Release notes](https://github.com/mkdocstrings/python/releases)
- [Changelog](https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md)
- [Commits](mkdocstrings/python@2.0.2...2.0.5)

---
updated-dependencies:
- dependency-name: mkdocstrings-python
  dependency-version: 2.0.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [regex](https://github.com/mrabarnett/mrab-regex) from 2026.1.15 to 2026.7.10.
- [Changelog](https://github.com/mrabarnett/mrab-regex/blob/hg/changelog.txt)
- [Commits](mrabarnett/mrab-regex@2026.1.15...2026.7.10)

---
updated-dependencies:
- dependency-name: regex
  dependency-version: 2026.7.10
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [dnspython](https://github.com/rthalley/dnspython) from 2.7.0 to 2.8.0.
- [Release notes](https://github.com/rthalley/dnspython/releases)
- [Changelog](https://github.com/rthalley/dnspython/blob/main/doc/whatsnew.rst)
- [Commits](rthalley/dnspython@v2.7.0...v2.8.0)

---
updated-dependencies:
- dependency-name: dnspython
  dependency-version: 2.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.15.20 to 0.15.21.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.20...0.15.21)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.15.21
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
…werkzeug-3.1.8

Bump werkzeug from 3.1.5 to 3.1.8
…ansible-runner-2.4.3

Bump ansible-runner from 2.4.2 to 2.4.3
…xxhash-3.8.1

Bump xxhash from 3.6.0 to 3.8.1
…ruff-0.15.21

Bump ruff from 0.15.20 to 0.15.21
…dnspython-2.8.0

Bump dnspython from 2.7.0 to 2.8.0
…deepdiff-9.1.0

Bump deepdiff from 8.6.2 to 9.1.0
…regex-2026.7.10

Bump regex from 2026.1.15 to 2026.7.10
…mkdocstrings-python-2.0.5

Bump mkdocstrings-python from 2.0.2 to 2.0.5
…mkdocs-material-9.7.6

Bump mkdocs-material from 9.7.1 to 9.7.6
`_minimize()` wiped `_resolved_hosts` on the parent DNS_NAME once its consumers
finished, which starved `dnsresolve` line 156 when child URL / OPEN_TCP_PORT
events later reached it. Without the parent's IPs on the child, cloudcheck's
per-host inheritance filter had nothing to match against and the cloud tags
never propagated. Stop wiping `_resolved_hosts` in `_minimize()`: it is a
small frozenset that the memory optimization was not really targeting.

Also updates the modules still checking the pre-f561bda1e composed tags
(`cdn-cloudflare`, `waf-cloudflare`, `cdn-imperva`, `cdn-akamai`,
`cdn-cloudfront`) to key off the flat provider name that cloudcheck now emits.

Regression tests cover both sides: cloudcheck asserts `_minimize()` preserves
resolved_hosts and that URL / OPEN_TCP_PORT children inherit cloud tags;
waf_bypass asserts both cloudflare and imperva tags trigger protection
detection; virtualhost asserts each of the four flat provider names causes
filter_event to skip the URL.
…ag-fixes

restore cloudcheck tag propagation to URL/OPEN_TCP_PORT children
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants