From c3450a24be7df412961cb86a54f6659ff40c86bd Mon Sep 17 00:00:00 2001
From: seoonju <tjswn9477@gmail.com>
Date: Thu, 24 Jul 2025 23:01:03 +0900
Subject: [PATCH 1/3] [Autofic] Create package.json and CI workflow

---
 .github/workflows/pr_notify.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 .github/workflows/pr_notify.yml

diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml
new file mode 100644
index 0000000..2b34036
--- /dev/null
+++ b/.github/workflows/pr_notify.yml
@@ -0,0 +1,20 @@
+name: PR Notifier
+
+on:
+  pull_request:
+    types: [opened, reopened, closed]
+
+jobs:
+  notify:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Notify Discord
+        env:
+          DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }}
+        run: |
+          curl -H "Content-Type: application/json"           -d '{"content": "🔔 Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}'           $DISCORD_WEBHOOK_URL
+      - name: Notify Slack
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+        run: |
+          curl -H "Content-Type: application/json"           -d '{"text": ":bell: Pull Request <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}> by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}'           $SLACK_WEBHOOK_URL

From 8e24fe22b00673a063c17ee7725e3263091d3a7d Mon Sep 17 00:00:00 2001
From: seoonju <tjswn9477@gmail.com>
Date: Thu, 24 Jul 2025 23:01:05 +0900
Subject: [PATCH 2/3] [Autofic] 1 malicious code detected!!

---
 server.js | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/server.js b/server.js
index 4601464..65612d4 100644
--- a/server.js
+++ b/server.js
@@ -2,14 +2,26 @@ var pmx = require('pmx'); pmx.init();
 
 var express = require('express')
   , http = require('http')
+  , https = require('https') // Added for HTTPS
   , path = require('path')
   , fs = require('fs')
   , inspect = require('util').inspect
   , logger = require('./lib/logger.js')
+  , helmet = require('helmet') // Added for security headers
+  , rateLimit = require('express-rate-limit') // Added for rate limiting
   ;
 
 var app      = express();
 
+// Use Helmet to secure Express apps by setting various HTTP headers
+app.use(helmet());
+
+// Rate limiter middleware
+const limiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100 // limit each IP to 100 requests per windowMs
+});
+
 // all environments
 app.set('views', __dirname + '/views');
 app.set('view engine', 'jade');
@@ -26,7 +38,7 @@ app.get('/privacy',  function(req, res) { res.render('privacy');  });
 app.get('/docs',     function(req, res) { res.render('api-docs'); });
 
 // Demo endpoints:
-app.all('/demo/analysis',        function(req, res) {
+app.all('/demo/analysis', limiter, function(req, res) { // Added rate limiter
 
     res.render('demo-analysis',
     {
@@ -39,6 +51,7 @@ app.all('/demo/analysis',        function(req, res) {
     });
 });
 
-http.createServer(app).listen(app.get('port'), function(){
+// Use HTTPS instead of HTTP
+https.createServer(app).listen(app.get('port'), function(){
   logger.log("cloudcv.io server listening on port " + app.get('port'));
 });
\ No newline at end of file

From b96ce4b72f5de2eff38a4c2705fa6bcec45e9968 Mon Sep 17 00:00:00 2001
From: seoonju <tjswn9477@gmail.com>
Date: Thu, 24 Jul 2025 23:01:20 +0900
Subject: [PATCH 3/3] chore: remove CI workflow before upstream PR

---
 .github/workflows/pr_notify.yml | 20 --------------------
 1 file changed, 20 deletions(-)
 delete mode 100644 .github/workflows/pr_notify.yml

diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml
deleted file mode 100644
index 2b34036..0000000
--- a/.github/workflows/pr_notify.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-name: PR Notifier
-
-on:
-  pull_request:
-    types: [opened, reopened, closed]
-
-jobs:
-  notify:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Notify Discord
-        env:
-          DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }}
-        run: |
-          curl -H "Content-Type: application/json"           -d '{"content": "🔔 Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}'           $DISCORD_WEBHOOK_URL
-      - name: Notify Slack
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
-        run: |
-          curl -H "Content-Type: application/json"           -d '{"text": ":bell: Pull Request <${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}> by ${{ github.event.pull_request.user.login }} - ${{ github.event.action }}"}'           $SLACK_WEBHOOK_URL