Fix socials timestamp #50

2025-10-26T16:22:24+01:00

Berack96 commented

2025-10-26 16:22:24 +01:00

(Migrated from github.com)

Address issues with social media API handling and update the Dockerfile for dependency management.

Adjust timestamp handling in social media posts for consistency.

Address issues with social media API handling and update the Dockerfile for dependency management. Adjust timestamp handling in social media posts for consistency.

trojanhorse47 (Migrated from github.com) reviewed 2025-10-26 16:22:24 +01:00

copilot-pull-request-reviewer[bot] (Migrated from github.com) reviewed 2025-10-26 16:25:05 +01:00

copilot-pull-request-reviewer[bot] (Migrated from github.com) left a comment

Pull Request Overview

This PR standardizes timestamp handling across social media integrations by renaming the time field to timestamp in the SocialPost and SocialComment models. The changes also improve the X (Twitter) API wrapper implementation and update the Dockerfile to properly install Node.js dependencies.

Renamed time to timestamp across all social media models and tests
Fixed timestamp parameter usage in Reddit API from milliseconds to seconds
Refactored X API wrapper with improved command construction and timestamp handling

Reviewed Changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
src/app/api/core/social.py	Renamed `time` field to `timestamp` in SocialPost and SocialComment models
src/app/api/social/x.py	Improved X API implementation with proper timestamp conversion and cleaner code
src/app/api/social/reddit.py	Fixed timestamp parameter from `timestamp_ms` to `timestamp_s`
src/app/api/social/chan.py	Added documentation and warning filter for BeautifulSoup
tests/tools/test_socials_tool.py	Updated assertions to use `timestamp` instead of `time`
tests/api/test_social_x_api.py	Updated test assertions and added `rettiwt` availability check
tests/api/test_social_reddit.py	Updated test assertions to use `timestamp` field
tests/api/test_social_4chan.py	Updated test assertions to use `timestamp` field
demos/api_socials_providers.py	New demo file showing aggregated social media posts
Dockerfile	Reorganized dependency installation to install Node.js after Python dependencies
.env.example	Simplified X API key documentation and improved formatting

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

## Pull Request Overview This PR standardizes timestamp handling across social media integrations by renaming the `time` field to `timestamp` in the `SocialPost` and `SocialComment` models. The changes also improve the X (Twitter) API wrapper implementation and update the Dockerfile to properly install Node.js dependencies. - Renamed `time` to `timestamp` across all social media models and tests - Fixed timestamp parameter usage in Reddit API from milliseconds to seconds - Refactored X API wrapper with improved command construction and timestamp handling ### Reviewed Changes Copilot reviewed 11 out of 11 changed files in this pull request and generated 2 comments. <details> <summary>Show a summary per file</summary> | File | Description | | ---- | ----------- | | src/app/api/core/social.py | Renamed `time` field to `timestamp` in SocialPost and SocialComment models | | src/app/api/social/x.py | Improved X API implementation with proper timestamp conversion and cleaner code | | src/app/api/social/reddit.py | Fixed timestamp parameter from `timestamp_ms` to `timestamp_s` | | src/app/api/social/chan.py | Added documentation and warning filter for BeautifulSoup | | tests/tools/test_socials_tool.py | Updated assertions to use `timestamp` instead of `time` | | tests/api/test_social_x_api.py | Updated test assertions and added `rettiwt` availability check | | tests/api/test_social_reddit.py | Updated test assertions to use `timestamp` field | | tests/api/test_social_4chan.py | Updated test assertions to use `timestamp` field | | demos/api_socials_providers.py | New demo file showing aggregated social media posts | | Dockerfile | Reorganized dependency installation to install Node.js after Python dependencies | | .env.example | Simplified X API key documentation and improved formatting | </details> --- 💡 <a href="/Berack96/upo-appAI/new/main/.github?filename=*.instructions.md" class="Link--inTextBlock" target="_blank" rel="noopener noreferrer">Add Copilot custom instructions</a> for smarter, more guided reviews. <a href="https://docs.github.com/en/copilot/customizing-copilot/adding-repository-custom-instructions-for-github-copilot" class="Link--inTextBlock" target="_blank" rel="noopener noreferrer">Learn how to get started</a>.

Dockerfile

copilot-pull-request-reviewer[bot] (Migrated from github.com) commented

2025-10-26 16:25:05 +01:00

These commands should be combined into a single RUN instruction to reduce Docker image layers and ensure proper cleanup. Additionally, apt update should be run before installing nodejs to refresh the package list after adding the NodeSource repository.

RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - && \
    apt update && \
    apt install -y nodejs && \
    rm -rf /var/lib/apt/lists/* && \
    npm install -g rettiwt-api

These commands should be combined into a single RUN instruction to reduce Docker image layers and ensure proper cleanup. Additionally, `apt update` should be run before installing nodejs to refresh the package list after adding the NodeSource repository. ```suggestion RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - && \ apt update && \ apt install -y nodejs && \ rm -rf /var/lib/apt/lists/* && \ npm install -g rettiwt-api ```

src/app/api/social/x.py

				`@@ -28,19 +29,20 @@ class XWrapper(SocialWrapper):`

copilot-pull-request-reviewer[bot] (Migrated from github.com) commented

2025-10-26 16:25:05 +01:00

Using shell=True in subprocess.run() creates a security vulnerability as it allows shell injection attacks. Since the command is constructed using f-strings with user-controlled data (self.api_key and user), malicious values could execute arbitrary commands. Use a list of arguments instead: subprocess.run(['rettiwt', '-k', self.api_key, 'tweet', 'search', str(limit), '-f', str(user)], capture_output=True)

            cmd = ['rettiwt', '-k', self.api_key, 'tweet', 'search', str(limit), '-f', str(user)]
            process = subprocess.run(cmd, capture_output=True)

Using `shell=True` in subprocess.run() creates a security vulnerability as it allows shell injection attacks. Since the command is constructed using f-strings with user-controlled data (`self.api_key` and `user`), malicious values could execute arbitrary commands. Use a list of arguments instead: `subprocess.run(['rettiwt', '-k', self.api_key, 'tweet', 'search', str(limit), '-f', str(user)], capture_output=True)` ```suggestion cmd = ['rettiwt', '-k', self.api_key, 'tweet', 'search', str(limit), '-f', str(user)] process = subprocess.run(cmd, capture_output=True) ```

Simo93-rgb (Migrated from github.com) approved these changes 2025-10-27 12:43:48 +01:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Berack/upo-app-agents#50