Giter Site home page Giter Site logo

hitokoto-api's Introduction

Hitokoto API

alt

Node.js CI DeepScan grade Code Climate

本项目是基于 Teng-koa 实现的一言接口程序。相较于单纯的一言程序,此框架提供了扩展性。

以下是相对于 v0 (PHP 版本)新加入的功能:

  • 请求统计
  • 支持返回 JS 回调函数
  • 支持 length 区间返回
  • 返回 JS 的支持
  • 支持 GBK 编码
  • 开源数据集
  • 支持遥测
  • 支持多进程运行
  • A/B 无感知更新数据
  • 官方扩展
    • 网易云音乐

我们一直致力于框架的可维护性与可扩展性,这也是为什么我们选择下一版本(v2)将使用 Go 编写。
由于历史问题,此框架存在着很多不足(需要重构)的地方,我们将分 2 个大版本完全重构掉这些问题(基于 Alinode, DeepScan, CodeClimate 分析结果)

关于贡献
您可以关注我们的开发者文档,我们在其中简单介绍了本框架的基本运作机理,这将会使你为此框架开发扩展异常容易(比如:加一个 QQ 音乐接口)

外部依赖

  • Redis

日记

  • 调试日记,警告信息都会打印在 Console
  • 日记文件只保存 error,保存在 ./data/logs/hitokoto_error.log

开始使用

常规使用

首先配置好 Node.js 环境(>=16.x),以及 yarn
请注意:本项目使用 Yarn v2,因此使用前请将你的 Yarn 版本更新至 v1.22.4 或更高版本。此外,项目目前不支持使用 NPM,CNPM,PNPM管理包依赖。

  1. 克隆仓库 git clone https://github.com/hitokoto-osc/hitokoto-api.git your_workdir
  2. 进入仓库 cd your_workdir
  3. 安装依赖 yarn workspaces focus --production
  4. 复制配置 cp config.example.yml ./data/config.yml,根据需要对其进行配置。
  5. 启动程序 yarn start

容器使用

  • 常规使用(需要预先安装好 redis),由于使用共享网络,请留意 8000 端口是否被占用。
docker run \
-v /path/to/your/data/dir:/usr/src/app/data \
--network host \
hitokoto/api

其他高深玩法(比如说不共享网络),还请自己摸索。

  • 我们提供 docker-compose 配置(提供 redis 依赖),有需要的可以自行下载使用。

Benchmark

以下数据仅供参考。测试环境为 Windows 10 20H2 x64, WSL 1. 实例启用了 8 个 Workers。由于是单机测试(而且不是 Ubuntu 真机),所以数据是娱乐数据。

$ node -v
v16.1.0
$ wrk -t8 -c1000 -d10s --latency http://127.0.0.1:8000
Running 10s test @ http://127.0.0.1:8000
  8 threads and 1000 connections
  Thread Stats   Avg      Stdev     Max   +/- Stdev
    Latency    85.06ms   18.51ms 180.85ms   74.85%
    Req/Sec     1.47k   222.90     2.30k    82.00%
  Latency Distribution
     50%   87.66ms
     75%   95.61ms
     90%  104.91ms
     99%  124.37ms
  117210 requests in 10.06s, 125.89MB read
Requests/sec:  11650.18
Transfer/sec:     12.51MB
$ screenfetch
                          ./+o+-       root@DESKTOP-89TMCM6
                  yyyyy- -yyyyyy+      OS: Ubuntu 20.04 focal(on the Windows Subsystem for Linux)
               ://+//////-yyyyyyo      Kernel: x86_64 Linux 4.4.0-19041-Microsoft
           .++ .:/++++++/-.+sss/`      Uptime: 2d 22h 26m
         .:++o:  /++++++++/:--:/-      Packages: 712
        o:+o+:++.`..```.-/oo+++++/     Shell: fish 3.2.2
       .:+o:+o/.          `+sssoo+/    Disk: 540G / 625G (87%)
  .++/+:+oo+o:`             /sssooo.   CPU: Intel Core i7-10875H @ 16x 2.304GHz
 /+++//+:`oo+o               /::--:.   RAM: 11965MiB / 16288MiB
 \+/+o+++`o++o               ++////.
  .++.o+++oo+:`             /dddhhh.
       .+.o+oo:.          `oddhhhh+
        \+.++o+o``-````.:ohdhhhhh+
         `:o+++ `ohhhhhhhhyo++os:
           .o:`.syhhhhhhh/.oo++o`
               /osyyyyyyo++ooo+++/
                   ````` +oo+++o\:
                          `oo++.

hitokoto-api's People

Contributors

a632079 avatar dependabot-preview[bot] avatar dependabot[bot] avatar freejishu avatar greenhat616 avatar kuertianshi avatar mend-bolt-for-github[bot] avatar o8x avatar plainwizard avatar renovate-bot avatar renovate[bot] avatar renxia avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

plainwizard forbread freejishu yoshio-h adaxh xkcoding msojocs cyzhou314 slblog-github rainrlds wmz1024 lvhejin dong-8080 kcn3388 lovechen renxia hitokoto-osc-mc babyfenei sunsetmkt wuji977746075 liyulin-s hjyweb-cn kuustudio lasx zhaotonggang axfox wsniiii uu0 vpslala feifei-ss warma16 dongmeng22 mr-sure ffha greatrepos ydstudio-org l-20021213 micishere qianxiao-heo fendou201398 caomeiyouren easysys2022 moeyy01 appletv850 wumusenlin shiliuawa camellia-qwq nyasers dream-668 lizhaoyuan0910 freechw liangshengmoran berry-mannes scutken fengjun8 moenewly muaxb ixleo sun11l

hitokoto-api's Issues

404 异常返回建议屏蔽 stack 堆栈信息

image

如图所示,生产模式下 404 返回信息包含的堆栈信息暴露了程序的具体部署路径,看了一下源码,该位置本身已有记录日志,建议屏蔽该字段,只在开发模式下显示

CVE-2020-8116 (High) detected in dot-prop-3.0.0.tgz

CVE-2020-8116 - High Severity Vulnerability

Vulnerable Library - dot-prop-3.0.0.tgz

Get, set, or delete a property from a nested object using a dot path

Library home page: https://registry.npmjs.org/dot-prop/-/dot-prop-3.0.0.tgz

Path to dependency file: /tmp/ws-scm/hitokoto-api/package.json

Path to vulnerable library: /tmp/ws-scm/hitokoto-api/node_modules/conventional-changelog-conventionalcommits/node_modules/dot-prop/package.json

Dependency Hierarchy:

  • config-conventional-9.1.1.tgz (Root Library)
    • conventional-changelog-conventionalcommits-4.3.0.tgz
      • compare-func-1.3.4.tgz
        • dot-prop-3.0.0.tgz (Vulnerable Library)

Found in HEAD commit: b53568a5c0634dbc3107208ca611a26fa33a8e06

Vulnerability Details

Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

Publish Date: 2020-02-04

URL: CVE-2020-8116

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116

Release Date: 2020-02-04

Fix Resolution: dot-prop - 5.1.1

Step up your Open Source Security Game with WhiteSource here

Task 需要更新策略

新的机制不会 移除,更新 已变动的句子(例如:句子错误,在数据源对其进行了纠正;句子遭撤回申请,遭到下架)

CVE-2019-10742 (High) detected in axios-0.17.1.tgz

CVE-2019-10742 - High Severity Vulnerability

Vulnerable Library - axios-0.17.1.tgz

Promise based HTTP client for the browser and node.js

Library home page: https://registry.npmjs.org/axios/-/axios-0.17.1.tgz

Path to dependency file: /tmp/ws-scm/hitokoto-api/package.json

Path to vulnerable library: /tmp/ws-scm/hitokoto-api/node_modules/netease-music-sdk/node_modules/axios/package.json

Dependency Hierarchy:

  • netease-music-sdk-0.3.3.tgz (Root Library)
    • axios-0.17.1.tgz (Vulnerable Library)

Found in HEAD commit: b53568a5c0634dbc3107208ca611a26fa33a8e06

Vulnerability Details

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.

Publish Date: 2019-05-07

URL: CVE-2019-10742

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: axios/axios#1098

Release Date: 2019-05-31

Fix Resolution: 0.19.0

Step up your Open Source Security Game with WhiteSource here

能否开放http支持

https对iot极不友好 对于内存小的单片机来说特吃内存 一言的内容也不是什么机密嘛qwq球球了

重构:Redis 驱动

  • 使用 ioredis 替代 node-redis
    • 原生支持 Promise
    • 更活跃的开发,更迅速的维护周期
    • 可以移除 bluebird 的支持

CVE-2020-11022 (Medium) detected in jquery-1.8.1.min.js

CVE-2020-11022 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.8.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.8.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/hitokoto-api/node_modules/redeyed/examples/browser/index.html

Path to vulnerable library: /hitokoto-api/node_modules/redeyed/examples/browser/index.html

Dependency Hierarchy:

  • jquery-1.8.1.min.js (Vulnerable Library)

Found in HEAD commit: b53568a5c0634dbc3107208ca611a26fa33a8e06

Vulnerability Details

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

Step up your Open Source Security Game with WhiteSource here

大概率性500

我在尝试调用APi时,有几率发生500,并且大多发生在20:00以后,国内与国际都一样,以下为错误截图
image

网易云增强

  • 允许使用 Cookie 字符串传入 NCM 服务,以便使用个性化服务(例如:获得 VIP 音乐播放地址)

CVE-2020-28499 (High) detected in merge-1.2.1.tgz

CVE-2020-28499 - High Severity Vulnerability

Vulnerable Library - merge-1.2.1.tgz

Merge multiple objects into one, optionally creating a new cloned object. Similar to the jQuery.extend but more flexible. Works in Node.js and the browser.

Library home page: https://registry.npmjs.org/merge/-/merge-1.2.1.tgz

Path to dependency file: hitokoto-api/package.json

Path to vulnerable library: hitokoto-api/node_modules/merge/package.json

Dependency Hierarchy:

  • commitizen-4.1.2.tgz (Root Library)
    • find-node-modules-2.0.0.tgz
      • merge-1.2.1.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge .

Publish Date: 2021-02-18

URL: CVE-2020-28499

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23337 (High) detected in lodash-4.17.15.tgz

CVE-2021-23337 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.15.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz

Path to dependency file: hitokoto-api/package.json

Path to vulnerable library: hitokoto-api/node_modules/commitizen/node_modules/lodash/package.json

Dependency Hierarchy:

  • commitizen-4.1.2.tgz (Root Library)
    • lodash-4.17.15.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

Publish Date: 2021-02-15

URL: CVE-2021-23337

CVSS 3 Score Details (7.2)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: High
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: lodash/lodash@3469357

Release Date: 2021-02-15

Fix Resolution: lodash - 4.17.21

Step up your Open Source Security Game with WhiteSource here

CVE-2015-9251 (Medium) detected in jquery-1.8.1.min.js

CVE-2015-9251 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.8.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.8.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/hitokoto-api/node_modules/redeyed/examples/browser/index.html

Path to vulnerable library: /hitokoto-api/node_modules/redeyed/examples/browser/index.html

Dependency Hierarchy:

  • jquery-1.8.1.min.js (Vulnerable Library)

Found in HEAD commit: b53568a5c0634dbc3107208ca611a26fa33a8e06

Vulnerability Details

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Publish Date: 2018-01-18

URL: CVE-2015-9251

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251

Release Date: 2018-01-18

Fix Resolution: jQuery - v3.0.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7769 (High) detected in nodemailer-6.4.11.tgz

CVE-2020-7769 - High Severity Vulnerability

Vulnerable Library - nodemailer-6.4.11.tgz

Easy as cake e-mail sending from your Node.js applications

Library home page: https://registry.npmjs.org/nodemailer/-/nodemailer-6.4.11.tgz

Path to dependency file: hitokoto-api/package.json

Path to vulnerable library: hitokoto-api/node_modules/nodemailer/package.json

Dependency Hierarchy:

  • nodemailer-6.4.11.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.

Publish Date: 2020-11-12

URL: CVE-2020-7769

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7769

Release Date: 2020-11-12

Fix Resolution: v6.4.16

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7656 (Medium) detected in jquery-1.8.1.min.js

CVE-2020-7656 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.8.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.8.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/hitokoto-api/node_modules/redeyed/examples/browser/index.html

Path to vulnerable library: /hitokoto-api/node_modules/redeyed/examples/browser/index.html

Dependency Hierarchy:

  • jquery-1.8.1.min.js (Vulnerable Library)

Found in HEAD commit: b53568a5c0634dbc3107208ca611a26fa33a8e06

Vulnerability Details

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.

Publish Date: 2020-05-19

URL: CVE-2020-7656

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: rails/jquery-rails@8f601cb

Release Date: 2020-05-19

Fix Resolution: jquery-rails - 2.2.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-11023 (Medium) detected in jquery-1.8.1.min.js

CVE-2020-11023 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.8.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.8.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/hitokoto-api/node_modules/redeyed/examples/browser/index.html

Path to vulnerable library: /hitokoto-api/node_modules/redeyed/examples/browser/index.html

Dependency Hierarchy:

  • jquery-1.8.1.min.js (Vulnerable Library)

Found in HEAD commit: b53568a5c0634dbc3107208ca611a26fa33a8e06

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023

Release Date: 2020-04-29

Fix Resolution: jquery - 3.5.0

Step up your Open Source Security Game with WhiteSource here

Action Required: Fix Renovate Configuration

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: undefined. Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.

CVE-2021-3749 (High) detected in axios-0.19.2.tgz

CVE-2021-3749 - High Severity Vulnerability

Vulnerable Library - axios-0.19.2.tgz

Promise based HTTP client for the browser and node.js

Library home page: https://registry.npmjs.org/axios/-/axios-0.19.2.tgz

Path to dependency file: hitokoto-api/package.json

Path to vulnerable library: hitokoto-api/node_modules/axios/package.json

Dependency Hierarchy:

  • axios-0.19.2.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

axios is vulnerable to Inefficient Regular Expression Complexity

Publish Date: 2021-08-31

URL: CVE-2021-3749

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/axios/axios/releases/tag/v0.21.2

Release Date: 2021-08-31

Fix Resolution: axios - 0.21.2

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23406 (High) detected in pac-resolver-3.0.0.tgz

CVE-2021-23406 - High Severity Vulnerability

Vulnerable Library - pac-resolver-3.0.0.tgz

Generates an asynchronous resolver function from a PAC file

Library home page: https://registry.npmjs.org/pac-resolver/-/pac-resolver-3.0.0.tgz

Path to dependency file: hitokoto-api/package.json

Path to vulnerable library: hitokoto-api/node_modules/pac-resolver/package.json

Dependency Hierarchy:

  • NeteaseCloudMusicApi-3.38.0.tgz (Root Library)
    • pac-proxy-agent-3.0.1.tgz
      • pac-resolver-3.0.0.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. NOTE: The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer.

Publish Date: 2021-08-24

URL: CVE-2021-23406

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23406

Release Date: 2021-08-24

Fix Resolution: degenerator - 3.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2020-28500 (Medium) detected in lodash-4.17.15.tgz

CVE-2020-28500 - Medium Severity Vulnerability

Vulnerable Library - lodash-4.17.15.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz

Path to dependency file: hitokoto-api/package.json

Path to vulnerable library: hitokoto-api/node_modules/commitizen/node_modules/lodash/package.json

Dependency Hierarchy:

  • commitizen-4.1.2.tgz (Root Library)
    • lodash-4.17.15.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
WhiteSource Note: After conducting further research, WhiteSource has determined that CVE-2020-28500 only affects environments with versions 4.0.0 to 4.17.20 of Lodash.

Publish Date: 2021-02-15

URL: CVE-2020-28500

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500

Release Date: 2021-02-15

Fix Resolution: lodash-4.17.21

Step up your Open Source Security Game with WhiteSource here

接口句子重复概率过大

使用的接口的时候获取到的句子有很大概率是重复的,未指定分类。一句话在一个小时之内每60s刷新一次的情况下会重复三四次

CVE-2012-6708 (Medium) detected in jquery-1.8.1.min.js

CVE-2012-6708 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.8.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.8.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/hitokoto-api/node_modules/redeyed/examples/browser/index.html

Path to vulnerable library: /hitokoto-api/node_modules/redeyed/examples/browser/index.html

Dependency Hierarchy:

  • jquery-1.8.1.min.js (Vulnerable Library)

Found in HEAD commit: b53568a5c0634dbc3107208ca611a26fa33a8e06

Vulnerability Details

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

Publish Date: 2018-01-18

URL: CVE-2012-6708

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6708

Release Date: 2018-01-18

Fix Resolution: jQuery - v1.9.0

Step up your Open Source Security Game with WhiteSource here

问题反馈专栏暨已确认问题

  • 请求统计中间件破坏了多实例共存,且该模块影响性能严重
  • 新的机制不会 移除,更新 已变动的句子(例如:句子错误,在数据源对其进行了纠正;句子遭撤回申请,遭到下架)
  • A/B 更新方案可能会破坏多实例共存,如何解决该问题需要讨论
  • max_length 如果小于 min_length 可能出现问题
  • 随机到的分类如果不存在指定长度的句子,则会出现句子长度不存在错误(理想应该是规避掉不符合长度区间的分类)
  • 子进程的引入破坏了 AB,请求统计等模块。
  • 统计页面遭到破坏

CVE-2021-23400 (High) detected in nodemailer-6.4.11.tgz

CVE-2021-23400 - High Severity Vulnerability

Vulnerable Library - nodemailer-6.4.11.tgz

Easy as cake e-mail sending from your Node.js applications

Library home page: https://registry.npmjs.org/nodemailer/-/nodemailer-6.4.11.tgz

Path to dependency file: hitokoto-api/package.json

Path to vulnerable library: hitokoto-api/node_modules/nodemailer/package.json

Dependency Hierarchy:

  • nodemailer-6.4.11.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.

Publish Date: 2021-06-29

URL: CVE-2021-23400

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23400

Release Date: 2021-06-29

Fix Resolution: nodemailer - 6.6.1

Step up your Open Source Security Game with WhiteSource here

Response is not JSON.

Now the response type is text/plain instead of json in recent days.
Was it on purpose or maybe fixed later?

获取分类列表过期导致无法获取句子 

2020-11-26T10:40:37.938Z [23428] - error: [hitokoto.updateCategories] occur error while updating, error details:
2020-11-26T10:40:37.938Z [23428] - error:  message=tmp is not iterable, stack=TypeError: tmp is not iterable
    at updateCategories (/root/Programs/hitokoto-osc/hitokoto-api/src/controllers/hitokoto/_utils.js:83:28)
    at processTicksAndRejections (node:internal/process/task_queues:93:5)
    at async exports.tickUpdateCategories (/root/Programs/hitokoto-osc/hitokoto-api/src/controllers/hitokoto/_utils.js:111:12)
    at async module.exports (/root/Programs/hitokoto-osc/hitokoto-api/src/controllers/hitokoto/entry.js:14:3)
    at async logger (/root/Programs/hitokoto-osc/hitokoto-api/src/logger.js:55:7)
    at async /root/Programs/hitokoto-osc/hitokoto-api/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5
    at async bodyParser (/root/Programs/hitokoto-osc/hitokoto-api/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)
    at async _jsonp (/root/Programs/hitokoto-osc/hitokoto-api/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)
    at async /root/Programs/hitokoto-osc/hitokoto-api/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3
    at async sendMail (/root/Programs/hitokoto-osc/hitokoto-api/src/middlewares/MailError.js:16:5)

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

docker-compose
docker-compose.debug.yml
docker-compose.yml
dockerfile
docker/alinode/Dockerfile
  • registry.cn-hangzhou.aliyuncs.com/aliyun-node/alinode v6.8.0-alpine
docker/mainline/Dockerfile
  • node 20-alpine
github-actions
.github/workflows/Docker.yml
  • docker/setup-qemu-action v2
  • docker/setup-buildx-action v2
  • docker/login-action v2
  • docker/build-push-action v4
.github/workflows/deploy_to_dockerhub_latest.yml
  • docker/setup-qemu-action v2
  • docker/setup-buildx-action v2
  • docker/login-action v2
  • docker/build-push-action v4
  • docker/setup-qemu-action v2
  • docker/setup-buildx-action v2
  • docker/login-action v2
  • docker/build-push-action v4
.github/workflows/deploy_to_dockerhub_release.yml
  • docker/setup-qemu-action v2
  • docker/setup-buildx-action v2
  • docker/login-action v2
  • docker/build-push-action v4
  • docker/setup-qemu-action v2
  • docker/setup-buildx-action v2
  • docker/login-action v2
  • docker/build-push-action v4
.github/workflows/node.js.yml
  • actions/checkout v4@3df4ab11eba7bda6032a0b82a6bb43b11571feac
  • actions/setup-node v3
  • supercharge/redis-github-action 1.5.0
  • actions/cache v3
  • actions/checkout v4@3df4ab11eba7bda6032a0b82a6bb43b11571feac
  • actions/setup-node v3
  • actions/cache v3
npm
package.json
  • @hitokoto/koa-jsonp 3.0.7
  • @hitokoto/koa-respond 3.0.3
  • @koa/bodyparser ^5.0.0
  • @koa/cors ^4.0.0
  • @sentry/integrations 7.57.0
  • @sentry/node 7.57.0
  • @sentry/tracing 7.57.0
  • NeteaseCloudMusicApi 4.13.6
  • async 3.2.4
  • bytes 3.1.2
  • chalk 4.1.2
  • commander 11.0.0
  • cron 2.3.1
  • fast-json-stringify 5.8.0
  • flatstr 1.0.12
  • got 11.8.6
  • humanize-number 0.0.2
  • ioredis 5.3.2
  • joi 17.9.2
  • js-yaml 4.1.0
  • koa 2.14.2
  • koa-compress 5.1.1
  • koa-favicon 2.1.0
  • koa-helmet 7.0.2
  • koa-query-pretty 0.3.0
  • koa-router 12.0.0
  • lodash 4.17.21
  • mysql2 3.5.0
  • nconf 0.12.1
  • nconf-yaml 1.0.2
  • nodemailer 6.9.3
  • passthrough-counter 1.0.0
  • pify 5.0.0
  • semver 7.5.4
  • sequelize 6.32.1
  • uuid 9.0.0
  • winston 3.9.0
  • @babel/core 7.22.8
  • @babel/eslint-parser 7.23.3
  • @babel/preset-env 7.22.7
  • @commitlint/cli 17.8.1
  • @commitlint/config-conventional 17.8.1
  • @types/jest 29.5.2
  • commitizen 4.3.0
  • conventional-changelog-conventionalcommits 7.0.2
  • cz-conventional-changelog 3.3.0
  • esbuild ^0.19.5
  • eslint 8.53.0
  • eslint-config-prettier 9.0.0
  • eslint-config-standard 17.1.0
  • eslint-plugin-html 7.1.0
  • eslint-plugin-import 2.29.0
  • eslint-plugin-jest 27.2.2
  • eslint-plugin-n 16.3.1
  • eslint-plugin-prettier 5.0.1
  • eslint-plugin-promise 6.1.1
  • husky 8.0.3
  • jest 29.6.1
  • jest-extended 4.0.0
  • lint-staged 14.0.1
  • nodemon 3.0.1
  • nyc 15.1.0
  • prettier 3.1.0
  • regenerator-runtime 0.13.11
  • release-it 16.1.0
  • supertest 6.3.3
  • supervisor 0.12.0
  • webpack ^5.89.0
  • yarn 4.0.2
  • Check this box to trigger a request for Renovate to run again on this repository

CVE-2020-7608 (Medium) detected in yargs-parser-10.1.0.tgz

CVE-2020-7608 - Medium Severity Vulnerability

Vulnerable Library - yargs-parser-10.1.0.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-10.1.0.tgz

Path to dependency file: /tmp/ws-scm/hitokoto-api/package.json

Path to vulnerable library: /tmp/ws-scm/hitokoto-api/node_modules/meow/node_modules/yargs-parser/package.json

Dependency Hierarchy:

  • cli-9.1.1.tgz (Root Library)
    • meow-5.0.0.tgz
      • yargs-parser-10.1.0.tgz (Vulnerable Library)

Found in HEAD commit: b53568a5c0634dbc3107208ca611a26fa33a8e06

Vulnerability Details

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.

Publish Date: 2020-03-16

URL: CVE-2020-7608

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608

Release Date: 2020-03-16

Fix Resolution: v18.1.1;13.1.2;15.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7789 (Medium) detected in node-notifier-7.0.2.tgz

CVE-2020-7789 - Medium Severity Vulnerability

Vulnerable Library - node-notifier-7.0.2.tgz

A Node.js module for sending notifications on native Mac, Windows (post and pre 8) and Linux (or Growl as fallback)

Library home page: https://registry.npmjs.org/node-notifier/-/node-notifier-7.0.2.tgz

Path to dependency file: hitokoto-api/package.json

Path to vulnerable library: hitokoto-api/node_modules/node-notifier/package.json

Dependency Hierarchy:

  • jest-26.4.0.tgz (Root Library)
    • core-26.4.0.tgz
      • reporters-26.4.0.tgz
        • node-notifier-7.0.2.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.

Publish Date: 2020-12-11

URL: CVE-2020-7789

CVSS 3 Score Details (5.6)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7789

Release Date: 2020-12-11

Fix Resolution: 9.0.0

Step up your Open Source Security Game with WhiteSource here

获取句子报错 错误代码 400

前台刷新页面获取句子出现报错 400

image

后台找到报错内容

2021-02-15T12:36:20.047Z [19062] - info: [core] Web Server is started, listening on port: 8000
2021-02-15T12:36:23.262Z [19062] - error: [hitokoto.updateCategories] occur error while updating, error details:
2021-02-15T12:36:23.263Z [19062] - error:  message=tmp is not iterable, stack=TypeError: tmp is not iterable
    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)
    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)
    at async logger (/home/v1/your_workdir/src/logger.js:55:7)
    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5
    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)
    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)
    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3

日志:

{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:19:17.016Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:19:17.016Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:19:18.917Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:19:18.917Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:19:19.779Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:19:19.780Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:19:20.494Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:19:20.494Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:19:21.214Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:19:21.215Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:19:21.502Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:19:21.503Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:19:21.914Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:19:21.914Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:19:22.376Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:19:22.376Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:19:22.679Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:19:22.679Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:19:24.947Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:19:24.947Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:19:25.596Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:19:25.596Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:19:26.304Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:19:26.304Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:19:26.888Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:19:26.888Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:19:27.537Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:19:27.537Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:19:27.890Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:19:27.890Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:19:28.298Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:19:28.298Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:19:28.763Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:19:28.764Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:19:29.030Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:19:29.030Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:23:57.640Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:23:57.641Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:24:51.954Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:24:51.954Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:25:57.879Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:25:57.879Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:33:19.389Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:33:19.390Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:36:23.262Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:36:23.263Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:36:24.906Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:36:24.906Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:36:25.618Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:36:25.619Z"}
{"level":"error","message":"[hitokoto.updateCategories] occur error while updating, error details:","timestamp":"2021-02-15T12:36:26.490Z"}
{"message":"tmp is not iterable","stack":"TypeError: tmp is not iterable\n    at updateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:81:28)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async exports.tickUpdateCategories (/home/v1/your_workdir/src/controllers/hitokoto/_utils.js:109:12)\n    at async module.exports (/home/v1/your_workdir/src/controllers/hitokoto/entry.js:14:3)\n    at async logger (/home/v1/your_workdir/src/logger.js:55:7)\n    at async /home/v1/your_workdir/.yarn/cache/koa-compress-npm-5.0.1-8453c7382d-57844bfaa1.zip/node_modules/koa-compress/lib/index.js:38:5\n    at async bodyParser (/home/v1/your_workdir/.yarn/cache/koa-bodyparser-npm-4.3.0-73f6acb252-8261981504.zip/node_modules/koa-bodyparser/index.js:95:5)\n    at async _jsonp (/home/v1/your_workdir/.yarn/cache/@hitokoto-koa-jsonp-npm-3.0.7-3bfe627df6-82da1bfc02.zip/node_modules/@hitokoto/koa-jsonp/lib/jsonp.js:17:5)\n    at async /home/v1/your_workdir/.yarn/cache/koa-query-pretty-npm-0.3.0-16a3c4d62e-2b6d7f7904.zip/node_modules/koa-query-pretty/lib/index.js:49:3\n    at async sendMail (/home/v1/your_workdir/src/middlewares/MailError.js:16:5)","level":"error","timestamp":"2021-02-15T12:36:26.490Z"}

另外重新启动或重新安装,错误依然在。错误代码:400

CVE-2021-3795 (Medium) detected in semver-regex-2.0.0.tgz

CVE-2021-3795 - Medium Severity Vulnerability

Vulnerable Library - semver-regex-2.0.0.tgz

Regular expression for matching semver versions

Library home page: https://registry.npmjs.org/semver-regex/-/semver-regex-2.0.0.tgz

Path to dependency file: hitokoto-api/package.json

Path to vulnerable library: hitokoto-api/node_modules/semver-regex/package.json

Dependency Hierarchy:

  • husky-4.2.5.tgz (Root Library)
    • find-versions-3.2.0.tgz
      • semver-regex-2.0.0.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

semver-regex is vulnerable to Inefficient Regular Expression Complexity

Publish Date: 2021-09-15

URL: CVE-2021-3795

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: N/A
    • Attack Complexity: N/A
    • Privileges Required: N/A
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/sindresorhus/semver-regex/releases/tag/v4.0.1

Release Date: 2021-09-15

Fix Resolution: semver-regex - 3.1.3,4.0.1

Step up your Open Source Security Game with WhiteSource here

WS-2020-0218 (High) detected in merge-1.2.1.tgz

WS-2020-0218 - High Severity Vulnerability

Vulnerable Library - merge-1.2.1.tgz

Merge multiple objects into one, optionally creating a new cloned object. Similar to the jQuery.extend but more flexible. Works in Node.js and the browser.

Library home page: https://registry.npmjs.org/merge/-/merge-1.2.1.tgz

Path to dependency file: hitokoto-api/package.json

Path to vulnerable library: hitokoto-api/node_modules/merge/package.json

Dependency Hierarchy:

  • commitizen-4.1.2.tgz (Root Library)
    • find-node-modules-2.0.0.tgz
      • merge-1.2.1.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

A Prototype Pollution vulnerability was found in merge before 2.1.0 via the merge.recursive function. It can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects.

Publish Date: 2020-10-09

URL: WS-2020-0218

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: swordev/merge#38

Release Date: 2020-10-09

Fix Resolution: merge - 2.1.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-8203 (High) detected in lodash-4.17.15.tgz

CVE-2020-8203 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.15.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz

Path to dependency file: /tmp/ws-scm/hitokoto-api/package.json

Path to vulnerable library: /tmp/ws-scm/hitokoto-api/node_modules/commitizen/node_modules/lodash/package.json

Dependency Hierarchy:

  • commitizen-4.1.2.tgz (Root Library)
    • lodash-4.17.15.tgz (Vulnerable Library)

Found in HEAD commit: 8a17697b23169cbd44ec1d9bce4e8d932da7d05a

Vulnerability Details

Prototype pollution attack when using _.zipObjectDeep in lodash <= 4.17.15.

Publish Date: 2020-07-15

URL: CVE-2020-8203

CVSS 3 Score Details (7.4)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/1523

Release Date: 2020-07-23

Fix Resolution: lodash - 4.17.19

Step up your Open Source Security Game with WhiteSource here

CVE-2020-28168 (Medium) detected in axios-0.19.2.tgz

CVE-2020-28168 - Medium Severity Vulnerability

Vulnerable Library - axios-0.19.2.tgz

Promise based HTTP client for the browser and node.js

Library home page: https://registry.npmjs.org/axios/-/axios-0.19.2.tgz

Path to dependency file: hitokoto-api/package.json

Path to vulnerable library: hitokoto-api/node_modules/axios/package.json

Dependency Hierarchy:

  • axios-0.19.2.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

Publish Date: 2020-11-06

URL: CVE-2020-28168

CVSS 3 Score Details (5.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: axios/axios@c7329fe

Release Date: 2020-11-06

Fix Resolution: axios - 0.21.1

Step up your Open Source Security Game with WhiteSource here

重构计划

  • 重构控制器模块,使其能生成一张控制器表(自动迭代子目录)
  • 重构一言控制器(拆分文件,降低理解难度)
  • 重构网易云,拆分多个子控制器文件
    • 使用 NeteaseCloudMusic 替代现有的两个包
  • 将现有的一些配置文件移动到 config/adapter 目录
  • web 使用多线程模型(如果可能的话) 直接用 Docker 吧,短期不考虑支持。
  • 解藕模块,为多实例部署做准备 直接用 Docker 吧,短期不考虑支持。

CORS 响应头缺失 

$ curl -I https://v1.hitokoto.cn

the result:

HTTP/1.1 200 OK
Date: Thu, 16 Jul 2020 03:27:50 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 266
Connection: keep-alive
X-Request-Id: 7a6666b7-0f08-4b67-8b84-351ad7b3b3e5
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Cache: MISS from cache.51cdn.com
X-Via: 1.1 VM-HSN-01JxZ81:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 5f0fc936_VM-HSN-01z0j80_21660-41675

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.