Skip to content

Add missing Hindi locale translations #1345

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
xovishnukosuri wants to merge 3 commits into
base: master
Choose a base branch
from
+40 −16
Open

Add missing Hindi locale translations #1345

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
bc20fe5
Fix static asset file reads to avoid resource leaks
Mar 4, 2026
2780f67
Fix resource leaks: use Path.read_text for static/template files
Mar 4, 2026
63f17ca
Add missing Hindi locale translations for database and scan compariso…
Mar 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 1 addition & 3 deletions nettacker/core/app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,9 +52,7 @@ def print_logo():
OWASP Nettacker Logo
"""
log.write_to_api_console(
open(Config.path.logo_file)
.read()
.format(
Config.path.logo_file.read_text(encoding="utf-8").format(
cyan=TerminalCodes.CYAN.value,
red=TerminalCodes.RED.value,
rst=TerminalCodes.RESET.value,
Expand Down
2 changes: 1 addition & 1 deletion nettacker/core/fuzzer.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@


def read_from_file(file_path):
return open(Config.path.payloads_dir / file_path).read().split("\n")
return (Config.path.payloads_dir / file_path).read_text(encoding="utf-8").split("\n")
4 changes: 3 additions & 1 deletion nettacker/core/messages.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import sys
from io import StringIO
from pathlib import Path

import yaml

Expand All @@ -20,7 +21,8 @@ def application_language():


def load_yaml(filename):
return yaml.load(StringIO(open(filename, "r").read()), Loader=yaml.FullLoader)
yaml_text = Path(filename).read_text(encoding="utf-8")
return yaml.load(StringIO(yaml_text), Loader=yaml.FullLoader)
Comment on lines +24 to +25
Copy link
Contributor

@coderabbitai coderabbitai bot Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

cat -n nettacker/core/messages.py | head -35

Repository: OWASP/Nettacker

Length of output: 1090

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# 1) Detect custom/python-specific YAML tags that might require unsafe loaders
rg -n --type=yaml '!!python|!python|!<|tag:yaml.org,2002:python' nettacker/locale || true

# 2) Verify all locale YAML files parse with safe_load
python3 - <<'PY'
from pathlib import Path
import yaml, sys

failed = []
for p in Path("nettacker/locale").glob("*.yaml"):
    try:
        yaml.safe_load(p.read_text(encoding="utf-8"))
    except Exception as e:
        failed.append((str(p), str(e)))

if failed:
    for path, err in failed:
        print(f"{path}: {err}")
    sys.exit(1)

print("All locale YAML files parse successfully with yaml.safe_load.")
PY

Repository: OWASP/Nettacker

Length of output: 120

🏁 Script executed:

# Check the structure of locale YAML files
find nettacker/locale -name "*.yaml" -type f | head -5 | xargs -I {} sh -c 'echo "File: {}"; head -20 {}'

Repository: OWASP/Nettacker

Length of output: 4895

🏁 Script executed:

# Check current imports in messages.py
head -10 nettacker/core/messages.py

Repository: OWASP/Nettacker

Length of output: 226

Use yaml.safe_load instead of yaml.load(..., FullLoader) for locale data.

Line 25 uses an unsafe loader that can deserialize arbitrary Python objects. These locale files contain only translation data, so safe_load is sufficient and safer.

🔧 Proposed fix 
 def load_yaml(filename):
     yaml_text = Path(filename).read_text(encoding="utf-8")
-    return yaml.load(StringIO(yaml_text), Loader=yaml.FullLoader)
+    return yaml.safe_load(StringIO(yaml_text))
🧰 Tools
🪛 Ruff (0.15.2)

[error] 25-25: Probable use of unsafe loader FullLoader with yaml.load. Allows instantiation of arbitrary objects. Consider yaml.safe_load.

(S506)

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@nettacker/core/messages.py` around lines 24 - 25, The code currently calls
yaml.load(StringIO(yaml_text), Loader=yaml.FullLoader) which can deserialize
arbitrary Python objects; replace this with yaml.safe_load to restrict parsing
to basic YAML types. Update the call to use yaml.safe_load(StringIO(yaml_text))
(or yaml.safe_load(yaml_text)) and remove the Loader=yaml.FullLoader usage so
the locale/translation data is parsed safely; adjust any surrounding code that
expects loader-specific behavior if needed. Ensure you modify the occurrence of
yaml.load and remove references to yaml.FullLoader in nettacker/core/messages.py
while keeping Path.read_text and StringIO usage intact.



def get_languages():
Expand Down
2 changes: 1 addition & 1 deletion nettacker/core/utils/common.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -282,7 +282,7 @@ def string_to_bytes(string):
def fuzzer_function_read_file_as_array(filename):
from nettacker.config import PathConfig

return open(PathConfig().payloads_dir / filename).read().split("\n")
return (PathConfig().payloads_dir / filename).read_text(encoding="utf-8").split("\n")


def apply_data_functions(data):
Expand Down
4 changes: 2 additions & 2 deletions nettacker/lib/compare_report/engine.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@ def build_report(compare_result):
Compare report in HTML
"""
data = (
open(Config.path.web_static_dir / "report/compare_report.html")
.read()
(Config.path.web_static_dir / "report/compare_report.html")
.read_text(encoding="utf-8")
.replace("__data_will_locate_here__", json.dumps(compare_result))
)
return data
4 changes: 2 additions & 2 deletions nettacker/lib/graph/d3_tree_v1/engine.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,8 @@ def start(events):
d3_structure["children"].append({"name": target, "children": children_array})

data = (
open(Config.path.web_static_dir / "report/d3_tree_v1.html")
.read()
(Config.path.web_static_dir / "report/d3_tree_v1.html")
.read_text(encoding="utf-8")
.replace("__data_will_locate_here__", escape_for_html_js(json.dumps(d3_structure)))
.replace("__title_to_replace__", messages("pentest_graphs"))
.replace("__description_to_replace__", messages("graph_message"))
Expand Down
17 changes: 12 additions & 5 deletions nettacker/lib/html_log/log_data.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,14 @@
from pathlib import Path

from nettacker.config import Config

css_1 = open(Config.path.web_static_dir / "report/html_table.css").read()
json_parse_js = open(Config.path.web_static_dir / "report/json_parse.js").read()
table_end = open(Config.path.web_static_dir / "report/table_end.html").read()
table_items = open(Config.path.web_static_dir / "report/table_items.html").read()
table_title = open(Config.path.web_static_dir / "report/table_title.html").read()

def read_static_text(path: Path) -> str:
return path.read_text(encoding="utf-8")


css_1 = read_static_text(Config.path.web_static_dir / "report/html_table.css")
json_parse_js = read_static_text(Config.path.web_static_dir / "report/json_parse.js")
table_end = read_static_text(Config.path.web_static_dir / "report/table_end.html")
table_items = read_static_text(Config.path.web_static_dir / "report/table_items.html")
table_title = read_static_text(Config.path.web_static_dir / "report/table_title.html")
19 changes: 18 additions & 1 deletion nettacker/locale/hi.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,4 +122,21 @@ compare_report_path_filename: तुलना रिपोर्ट सहेज
no_scan_to_compare: तुलना करने के लिए scan_id नहीं मिला
compare_report_saved: "{0} में तुलना परिणाम सहेजे गए"
build_compare_report: "तुलना रिपोर्ट बनाई जा रही है"
finish_build_report: "तुलना रिपोर्ट तैयार हो गई"
user_wordlist: उपयोगकर्ताओं को अपना स्वयं का वर्डलिस्ट दर्ज करने की अनुमति देता है
exclude_ports: "पोर्ट को बाहर करने के लिए (जैसे 80 || 80,443|| 1000-1300)"
http_header: "अनुरोधों में कस्टम HTTP हेडर जोड़ें (प्रारूप: 'key: value')। एकाधिक हेडर के लिए, एकाधिक -H फ्लैग का उपयोग करें"
apsw_ill_configuration: APSW को कॉन्फ़िगरेशन में सेट किया गया है लेकिन वातावरण में इंस्टॉल नहीं है
apsw_connection_error: APSW कनेक्शन {0} बनाने में विफल
report_insertion_fail: रिपोर्ट को रिपोर्ट्स तालिका में सम्मिलित नहीं किया जा सका
remove_logs_fail: पुराने लॉग हटाने में असमर्थ
database_lock_issue: पुनः प्रयास {0}, डेटाबेस लॉक है। डेटाबेस में सबमिशन पुनः प्रयास कर रहा है
database_retries_exhausted: सभी पुनः प्रयास समाप्त हो गए। इस लॉग को छोड़ दिया जा रहा है।
database_query_fail: डेटाबेस में क्वेरी नहीं कर सका
report_retrieval_fail: रिपोर्ट पुनर्प्राप्त नहीं कर सका
read_report_fail: रिपोर्ट फ़ाइल {0} पढ़ने में विफल
search_results_end: कोई और खोज परिणाम नहीं
database_error: डेटाबेस त्रुटि!
error_exclude_all: "सभी मॉड्यूल को बाहर नहीं किया जा सकता। कृपया -x का उपयोग करके व्यक्तिगत मॉड्यूल नाम निर्दिष्ट करें।"
timeout: अनुरोध टाइमआउट सेकंड में
error_passwords: पासवर्ड फ़ाइल नहीं खोल सका
error_wordlist: वर्डलिस्ट फ़ाइल नहीं खोल सका