Skip to content

Add URL security scanning to prevent inappropriate content#13

Open
Pjv93 wants to merge 45 commits intoaws-samples:mainfrom
Pjv93:main
Open

Add URL security scanning to prevent inappropriate content#13
Pjv93 wants to merge 45 commits intoaws-samples:mainfrom
Pjv93:main

Conversation

@Pjv93
Copy link
Contributor

@Pjv93 Pjv93 commented Sep 15, 2025
edited
Loading

Summary

Adds automated URL content scanning with automatic commit reverting to detect and block inappropriate links that could be added via URL hijacking or malicious commits.

Problem Solved

  • Prevents inappropriate content from being added to workshop repositories
  • Protects against URL hijacking attacks where legitimate URLs become compromised over time
  • Automatically removes malicious content by reverting commits
  • Provides ongoing monitoring with monthly scans

Features Added

  • Real-time URL scanning on every commit/PR
  • 🔄 Automatic commit reverting when inappropriate content is detected
  • Monthly repository-wide URL security scans
  • Contextual keyword detection to reduce false positives
  • Slack notification support for security alerts and revert actions
  • Protection against both immediate threats and time-delayed attacks

How Auto-Revert Works

  1. Push occursAction scans URLsIf violations detectedAutomatically reverts commit
  2. Creates descriptive revert commit explaining the security violation
  3. Sends enhanced Slack notification indicating revert action
  4. Repository stays clean and protected automatically

Testing

  • ✅ Successfully blocks URLs with inappropriate content
  • ✅ Allows legitimate educational content (e.g., 'adult education')
  • Auto-revert functionality tested and working
  • ✅ Slack notifications working for both alerts and reverts
  • ✅ Monthly scanning tested

Security Benefits

  • Immediate protection: Malicious content is automatically removed within minutes
  • Self-healing repositories: No manual intervention needed for security violations
  • Team awareness: Slack alerts keep teams informed of security actions
  • Audit trail: Clear revert commits show what was blocked and why

This ensures all modernization workshops created from this template have automatic security protection with immediate remediation of inappropriate content.

PJV and others added 30 commits September 15, 2025 12:44
Add URL security scanning to prevent inappropriate content
f747957
Remove incorrectly committed hugo theme files (should be submodule)
7e83657
Test: Add file with suspicious URL
f39c262
Test: Add real problematic URL
8c8288c
Enhance NSFW keyword detection
4010d9d
Use contextual patterns for 'adult' to reduce false positives
d03fb6b
Test: Legitimate adult education URL
65fcb82
@Pjv93
Merge branch 'aws-samples:main' into main
941f2bf
Add monthly URL security scanning for ongoing protection
25fb6fe
Merge branch 'main' of github.com:Pjv93/aws-modernization-workshop-base
98b56da
Combine URL security workflows into single file with cron and commit …
5addfe0 
…triggers
Add Slack notifications for security failures
7dd582b
Update Slack channel to #apn-mod-workshop-security
10afee1
Update Slack channel to #apn-modernization-workshop-security
ffe92ef
Update to use Slack Workflow webhook format
91d8793
Test: Trigger security alert with Slack notification
6c5ad08
Remove test files - clean up repository for production use
3bf804b
Add automatic commit reverting for inappropriate content
57b4b30 
- Automatically reverts commits containing inappropriate URLs
- Creates descriptive revert commit message
- Enhanced Slack notifications for revert actions
- Provides immediate protection against malicious content
Test: This should trigger auto-revert
b55b721
Test: Real trigger for auto-revert
bd78476
Test: Normal commit should work now
7623ea0
Clean up test files before PR update
4faf14f
Enhance URL detection to catch URLs without protocols
d5ac16a 
- Detects http://, https://, protocol-relative (//), and domain-only URLs
- Scans all file types (not just .md/.html) for comprehensive coverage
- Parallel processing for improved performance with 140+ repositories
- Smart filtering to avoid false positives
- Maintains auto-revert and Slack notification functionality
Integrate Google Safe Browsing API for enhanced security
d2100a2 
- Two-layer security: Google Safe Browsing + content analysis
- Detects malware, phishing, and inappropriate content
- Fast batch checking with Google's threat database
- Fallback to content analysis for non-malware violations
- Maintains auto-revert and Slack notification functionality
- Free tier: 10,000 requests/day (perfect for 140+ repositories)
Test: Clean URLs should pass security check
89dc8f1
Test: Google Safe Browsing should block malware URL
046dc14
Test: Content analysis should detect explicit keyword
3f80368
Test: URL with explicit content should be blocked
1e8cc44
Fix git revert command syntax
6d86ffb 
- Remove incorrect -m flag usage
- Use --message flag for proper commit message formatting
- Ensures auto-revert functionality works correctly
Test: Auto-revert should work now
ccd32de
PJV and others added 15 commits September 15, 2025 15:36
Add URL pattern checking for immediate blocking
8ba17f2 
- Check URLs for inappropriate keywords before attempting to access content
- Blocks URLs like 'badsite.com/porn-content' immediately
- Maintains educational context filtering
- Provides faster detection without network requests
Test: URL pattern should block porn keyword in URL
4cec33d
Fix git revert with single-line commit message
0597013 
- Use single-line commit message to avoid git parsing issues
- Maintains essential information about security violation
- Ensures auto-revert functionality works properly
Clean up test files - security system fully tested and working
5050866 
✅ URL pattern detection: Blocks inappropriate keywords in URLs
✅ Content analysis: Scans accessible URL content
✅ Google Safe Browsing: API integration ready
✅ Auto-revert: Automatically removes malicious commits
✅ Slack notifications: Alerts team of security violations
✅ Comprehensive URL extraction: Handles all URL formats
Test: Real URL should be analyzed properly
1643037
Remove eventbox test - URL correctly passed security checks
0816138
Add comprehensive debugging and enhanced content analysis
2319956 
- Show detailed logs of what content is being retrieved
- Increase content analysis from 5KB to 50KB
- Display response status, content length, title, and preview
- Better error handling - don't mark failed requests as clean
- More verbose output to debug security scanning issues
Debug test: Show what content eventbox URL returns
076ee33
Fix auto-revert with simple commit message format
a82e9df 
- Use simple -m flag instead of --message
- Avoid special characters that cause git parsing issues
- Ensures auto-revert works reliably
Test: Auto-revert should work now with fixed git command
70e5db0
Simplify git revert to use default message
71c893e 
- Remove custom message flags that cause parsing issues
- Use git's default revert message format
- Should fix auto-revert functionality
Final test: Auto-revert should work with simplified git command
0b02451
Revert "Final test: Auto-revert should work with simplified git command"
0a20738 
This reverts commit 0b02451.
@Pjv93
Delete debug-eventbox-test.md
ab41ed7
@Pjv93
Delete test-auto-revert-fix.md
d9b7a9f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Pjv93