From 930b79cc9866ddaf73a0331c6901ad3cc9164309 Mon Sep 17 00:00:00 2001
From: orbisai0security <mediratta01.pally@gmail.com>
Date: Wed, 12 Nov 2025 03:47:18 +0000
Subject: [PATCH 1/3] fix:
 semgrep_python.lang.security.audit.eval-detected.eval-detected_apps/slack_data/slack_mcp_reader.py_157

---
 apps/slack_data/slack_mcp_reader.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/apps/slack_data/slack_mcp_reader.py b/apps/slack_data/slack_mcp_reader.py
index 71fa457..843718d 100644
--- a/apps/slack_data/slack_mcp_reader.py
+++ b/apps/slack_data/slack_mcp_reader.py
@@ -10,6 +10,7 @@ flexible message processing options.
 import asyncio
 import json
 import logging
+import ast
 from typing import Any, Optional
 
 logger = logging.getLogger(__name__)
@@ -146,7 +147,7 @@ class SlackMCPReader:
                     match = re.search(r"'error':\s*(\{[^}]+\})", str(e))
                     if match:
                         try:
-                            error_dict = eval(match.group(1))
+                            error_dict = ast.literal_eval(match.group(1))
                         except (ValueError, SyntaxError, NameError):
                             pass
                     else:
@@ -154,7 +155,7 @@ class SlackMCPReader:
                         match = re.search(r"Failed to fetch messages:\s*(\{[^}]+\})", str(e))
                         if match:
                             try:
-                                error_dict = eval(match.group(1))
+                                error_dict = ast.literal_eval(match.group(1))
                             except (ValueError, SyntaxError, NameError):
                                 pass
 

From abf0b2c676578b05e114cbf990e17282196363ce Mon Sep 17 00:00:00 2001
From: aakash <aakashsuresh@berkeley.edu>
Date: Thu, 13 Nov 2025 13:05:00 -0800
Subject: [PATCH 2/3] Fix CI: improve security fix and add link checker
 configuration

- Fix import order (ast before asyncio)
- Remove NameError from exception handling (ast.literal_eval doesn't raise it)
- Add .lycheeignore to exclude intermittently unavailable star-history API
- Update link-check workflow to exclude star-history API and accept 503 status codes
---
 .github/workflows/link-check.yml    | 2 +-
 .lycheeignore                       | 5 +++++
 apps/slack_data/slack_mcp_reader.py | 6 +++---
 3 files changed, 9 insertions(+), 4 deletions(-)
 create mode 100644 .lycheeignore

diff --git a/.github/workflows/link-check.yml b/.github/workflows/link-check.yml
index 8da5ea4..8b836c8 100644
--- a/.github/workflows/link-check.yml
+++ b/.github/workflows/link-check.yml
@@ -14,6 +14,6 @@ jobs:
       - uses: actions/checkout@v4
       - uses: lycheeverse/lychee-action@v2
         with:
-          args: --no-progress --insecure --user-agent 'curl/7.68.0' README.md docs/ apps/ examples/ benchmarks/
+          args: --no-progress --insecure --user-agent 'curl/7.68.0' --exclude '.*api\.star-history\.com.*' --accept 200,201,202,203,204,205,206,207,208,226,300,301,302,303,304,305,306,307,308,503 README.md docs/ apps/ examples/ benchmarks/
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.lycheeignore b/.lycheeignore
new file mode 100644
index 0000000..3a78a6f
--- /dev/null
+++ b/.lycheeignore
@@ -0,0 +1,5 @@
+# Exclude star-history API from link checking
+# This service is intermittently unavailable (503 errors)
+# but the link still works when the service is up
+.*api\.star-history\.com.*
+
diff --git a/apps/slack_data/slack_mcp_reader.py b/apps/slack_data/slack_mcp_reader.py
index 843718d..8f24e1d 100644
--- a/apps/slack_data/slack_mcp_reader.py
+++ b/apps/slack_data/slack_mcp_reader.py
@@ -7,10 +7,10 @@ for indexing in LEANN. It supports various Slack MCP server implementations and
 flexible message processing options.
 """
 
+import ast
 import asyncio
 import json
 import logging
-import ast
 from typing import Any, Optional
 
 logger = logging.getLogger(__name__)
@@ -148,7 +148,7 @@ class SlackMCPReader:
                     if match:
                         try:
                             error_dict = ast.literal_eval(match.group(1))
-                        except (ValueError, SyntaxError, NameError):
+                        except (ValueError, SyntaxError):
                             pass
                     else:
                         # Try alternative format
@@ -156,7 +156,7 @@ class SlackMCPReader:
                         if match:
                             try:
                                 error_dict = ast.literal_eval(match.group(1))
-                            except (ValueError, SyntaxError, NameError):
+                            except (ValueError, SyntaxError):
                                 pass
 
                 if self._is_cache_sync_error(error_dict):

From e7519bceaa13a9dd3cfa9397b6ecf00ba02da823 Mon Sep 17 00:00:00 2001
From: aakash <aakashsuresh@berkeley.edu>
Date: Thu, 13 Nov 2025 13:10:07 -0800
Subject: [PATCH 3/3] Fix CI: sync uv.lock from main and remove .lycheeignore
 (workflow exclusion is sufficient)

---
 .lycheeignore | 5 -----
 1 file changed, 5 deletions(-)
 delete mode 100644 .lycheeignore

diff --git a/.lycheeignore b/.lycheeignore
deleted file mode 100644
index 3a78a6f..0000000
--- a/.lycheeignore
+++ /dev/null
@@ -1,5 +0,0 @@
-# Exclude star-history API from link checking
-# This service is intermittently unavailable (503 errors)
-# but the link still works when the service is up
-.*api\.star-history\.com.*
-