chore: git cache cleanup

2026-03-04 18:34:49 +00:00
parent c32cce2a88
commit 27c252600a
2001 changed files with 683185 additions and 0 deletions
--- a/docs/reports/archive/qa_crowdsec_implementation.md
+++ b/docs/reports/archive/qa_crowdsec_implementation.md
@@ -0,0 +1,194 @@
+# QA Audit Report: CrowdSec Implementation
+
+## Report Details
+
+- **Date:** December 12, 2025
+- **QA Role:** QA_Security
+- **Scope:** Complete QA audit of Charon codebase including CrowdSec integration verification
+
+---
+
+## Summary
+
+All mandatory checks passed successfully. Several linting issues were found and immediately fixed.
+
+---
+
+## Check Results
+
+### 1. Pre-commit on All Files
+
+**Status:** ✅ PASS
+
+**Details:**
+
+- Ran: `.venv/bin/pre-commit run --all-files`
+- All hooks passed including:
+  - Go Vet
+  - Check .version matches latest Git tag
+  - Prevent large files
+  - Prevent CodeQL DB artifacts
+  - Prevent data/backups commits
+  - Frontend TypeScript Check
+  - Frontend Lint (Fix)
+- Go test coverage: 85.2% (meets minimum 85%)
+
+---
+
+### 2. Backend Build
+
+**Status:** ✅ PASS
+
+**Details:**
+
+- Ran: `cd backend && go build ./...`
+- No compilation errors
+
+---
+
+### 3. Backend Tests
+
+**Status:** ✅ PASS
+
+**Details:**
+
+- Ran: `cd backend && go test ./...`
+- All test packages passed:
+  - `internal/api/handlers` - 21.2s
+  - `internal/api/routes` - 0.04s
+  - `internal/api/tests` - 1.2s
+  - `internal/caddy` - 1.4s
+  - `internal/services` - 29.5s
+  - All other packages (cached/passed)
+
+---
+
+### 4. Frontend Type Check
+
+**Status:** ✅ PASS
+
+**Details:**
+
+- Ran: `cd frontend && npm run type-check`
+- TypeScript compilation: No errors
+
+---
+
+### 5. Frontend Tests
+
+**Status:** ✅ PASS
+
+**Details:**
+
+- Ran: `cd frontend && npm run test`
+- Results:
+  - Test Files: **84 passed**
+  - Tests: **756 passed**, 2 skipped
+  - Duration: 55.98s
+
+---
+
+### 6. GolangCI-Lint
+
+**Status:** ✅ PASS (after fixes)
+
+**Initial Issues Found:** 9 issues
+
+**Issues Fixed:**
+
+| File | Issue | Fix Applied |
+|------|-------|-------------|
+| `internal/api/handlers/cerberus_logs_ws_test.go:101,169,248,325,399` | `bodyclose: response body must be closed` | Added `//nolint:bodyclose` comment - WebSocket Dial response body is consumed by the dial |
+| `internal/api/handlers/cerberus_logs_ws_test.go:442,445` | `deferInLoop: Possible resource leak, 'defer' is called in the 'for' loop` | Moved defer outside loop into a single cleanup function |
+| `internal/api/handlers/cerberus_logs_ws_test.go:488` | `httpNoBody: http.NoBody should be preferred to the nil request body` | Changed `nil` to `http.NoBody` |
+| `internal/caddy/config_extra_test.go:302` | `filepathJoin: "/data" contains a path separator` | Used string literal `/data/logs/access.log` instead of `filepath.Join` |
+| `internal/services/log_watcher.go:91` | `typeUnparen: could simplify type conversion` | Added explanatory nolint comment - conversion required for channel comparison |
+| `internal/services/log_watcher.go:302` | `equalFold: consider replacing with strings.EqualFold` | Replaced with `strings.EqualFold(k, key)` |
+| `internal/services/log_watcher.go:310` | `builtinShadowDecl: shadowing of predeclared identifier: min` | Renamed function from `min` to `minInt` |
+
+**Final Result:** 0 issues
+
+---
+
+### 7. Docker Build
+
+**Status:** ✅ PASS
+
+**Details:**
+
+- Ran: `docker build --build-arg VCS_REF=$(git rev-parse HEAD) -t charon:local .`
+- Image built successfully: `sha256:ee53c99130393bdd8a09f1d06bd55e31f82676ecb61bd03842cbbafb48eeea01`
+- Frontend build: ✓ built in 6.77s
+- All stages completed successfully
+
+---
+
+### 8. CrowdSec Startup Test
+
+**Status:** ✅ PASS
+
+**Details:**
+
+- Ran: `bash scripts/crowdsec_startup_test.sh`
+- All 6 checks passed:
+
+| Check | Description | Result |
+|-------|-------------|--------|
+| 1 | No fatal 'no datasource enabled' error | ✅ PASS |
+| 2 | CrowdSec LAPI health (127.0.0.1:8085/health) | ✅ PASS |
+| 3 | Acquisition config exists with 'source:' definition | ✅ PASS |
+| 4 | Installed parsers (found 4) | ✅ PASS |
+| 5 | Installed scenarios (found 46) | ✅ PASS |
+| 6 | CrowdSec process running | ✅ PASS |
+
+**CrowdSec Components Verified:**
+
+- LAPI: `{"status":"up"}`
+- Acquisition: Configured for Caddy logs at `/var/log/caddy/access.log`
+- Parsers: crowdsecurity/caddy-logs, geoip-enrich, http-logs, syslog-logs
+- Scenarios: 46 security scenarios installed (including CVE detections, Log4j, etc.)
+
+---
+
+## Final Status
+
+| Check | Status |
+|-------|--------|
+| Pre-commit | ✅ PASS |
+| Backend Build | ✅ PASS |
+| Backend Tests | ✅ PASS |
+| Frontend Type Check | ✅ PASS |
+| Frontend Tests | ✅ PASS |
+| GolangCI-Lint | ✅ PASS |
+| Docker Build | ✅ PASS |
+| CrowdSec Startup Test | ✅ PASS |
+
+**Overall Result:** ✅ **ALL CHECKS PASSED**
+
+---
+
+## Files Modified During Audit
+
+1. `backend/internal/api/handlers/cerberus_logs_ws_test.go`
+   - Added nolint directives for bodyclose on WebSocket Dial calls
+   - Fixed defer in loop resource leak
+   - Used http.NoBody for non-WebSocket request test
+
+2. `backend/internal/caddy/config_extra_test.go`
+   - Fixed filepath.Join with path separator issue
+   - Removed unused import `path/filepath`
+
+3. `backend/internal/services/log_watcher.go`
+   - Renamed `min` function to `minInt` to avoid shadowing builtin
+   - Used `strings.EqualFold` for case-insensitive comparison
+   - Added nolint comment for required type conversion
+
+---
+
+## Recommendations
+
+None - all checks pass and the codebase is in good condition.
+
+---
+
+*Report generated by QA_Security audit process*