Malware modifying blacklist file
In pop_blacklist.py, you loop over the lines in the file ‘./blacklists/porn/urls.txt’ and black-list them. It is possible for a malicious entity (such as malware on the system or anyone with access to the machine) to overwrite this file on disk to include whatever list of websites they want. Your program loads whatever it finds in that file without doing any sort of verification on it, so this would be a way for a malicious user to blacklist any sites they wanted. Note that malware could also choose to delete the SQLite db files to force rereading this file. Possible ways to address this might include using some sort of OS-level way to protect the file to your process (if such a thing exists); if not, somehow signing/hashing the file to verify it hasn’t changed (if you don’t expect this file to be changed, you could store a hash of it in the code, for example).