5ea207ab47
chore: clean git cache
2026-01-02 01:01:54 +00:00
aae55a8ae9
chore: clean git cache
2026-01-02 00:59:57 +00:00
9a05e2f927
feat: add DNS provider management features
...
- Implement DNSProviderCard component for displaying individual DNS provider details.
- Create DNSProviderForm component for adding and editing DNS providers.
- Add DNSProviderSelector component for selecting DNS providers in forms.
- Introduce useDNSProviders hook for fetching and managing DNS provider data.
- Add DNSProviders page for listing and managing DNS providers.
- Update layout to include DNS Providers navigation.
- Enhance UI components with new badge styles and improved layouts.
- Add default provider schemas for various DNS providers.
- Integrate translation strings for DNS provider management.
- Update Vite configuration for improved chunking and performance.
2026-01-02 00:52:37 +00:00
902e8aedc7
Merge pull request #459 from Wikid82/development
...
Propagate changes from development into feature/beta-release
2025-12-31 23:29:09 -05:00
f5f245af74
Merge pull request #436 from Wikid82/feature/issue-365-additional-security
...
fix(security): complete SSRF remediation with defense-in-depth (CWE-918)
2025-12-31 23:18:42 -05:00
15db211fe5
chore: move processed issue files to created/ [skip ci]
2026-01-01 04:04:53 +00:00
a580858bfd
Merge pull request #450 from Wikid82/feature/beta-release
...
fix(security): complete SSRF remediation with defense-in-depth (CWE-918)
2025-12-31 23:04:36 -05:00
cfafe70d17
fix: rename variable for clarity and security verification in TestURLConnectivity
2026-01-01 03:53:44 +00:00
a1ff78a92f
fix: add CodeQL configuration to exclude documented SSRF false positives and update workflow to use new config
2026-01-01 03:36:06 +00:00
f8667bcc66
fix: enhance CodeQL custom model for SSRF protection clarity and update URL validation comments
2026-01-01 03:29:38 +00:00
5ed998a9c4
fix: refactor host matching logic in TestGenerateConfig_WithWAFPerHostDisabled for clarity
2026-01-01 03:09:25 +00:00
d7fb784fa4
fix: update parameter name in computeEffectiveFlags for clarity
2026-01-01 03:08:09 +00:00
beb230c0d6
fix: sanitize user input for log injection protection in ProxyHostHandler
2026-01-01 03:06:36 +00:00
5a3f0fed62
fix: update CodeQL custom model and comments in TestURLConnectivity for improved SSRF protection clarity
2026-01-01 03:02:23 +00:00
37f42dd62e
fix: configure GORM logger to ignore "record not found" errors during seed operations
2026-01-01 02:29:40 +00:00
03a2fb1969
fix: enhance URL validation in TestURLConnectivity to prevent SSRF vulnerabilities
2026-01-01 01:50:32 +00:00
8edd2056b0
fix: replace nil with http.NoBody in various test cases for consistency
2026-01-01 01:38:19 +00:00
436b67f728
fix: replace nil with http.NoBody in various handler tests for clarity
2026-01-01 01:00:27 +00:00
e50d329e01
fix: replace nil with http.NoBody in CrowdsecHandler tests for clarity
2026-01-01 00:24:41 +00:00
d3f39cdea9
fix: replace nil with http.NoBody in CrowdsecHandler tests for clarity
2026-01-01 00:11:02 +00:00
7a1a3adb1b
fix: replace inline mock with verification executor for clarity in TestReconcileCrowdSecOnStartup
2025-12-31 23:52:04 +00:00
8d271f7f60
fix: update file permission mode in log watcher test for consistency
2025-12-31 23:40:45 +00:00
27787022ee
fix: simplify return types in ValidateURL for consistency
2025-12-31 23:34:52 +00:00
d2447da604
fix: enhance SSRF protection documentation and improve function return clarity in TestURLConnectivity
2025-12-31 23:30:56 +00:00
b1c67153f1
fix: streamline error handling in TestTestURLConnectivity_EnhancedSSRF for clarity
2025-12-31 23:09:20 +00:00
12615a918b
fix: add security comment for binPath handling in Start method
2025-12-31 23:06:01 +00:00
bfc19ef3bd
fix: refactor status handling in checkHost to improve clarity and maintainability
2025-12-31 22:57:08 +00:00
8df363a75c
fix: enhance IP address handling in generateForwardHostWarnings for improved warning accuracy
2025-12-31 22:49:32 +00:00
247ebcacf7
fix: improve type handling in crowdsecExport tests for better type safety
2025-12-31 22:32:09 +00:00
dcdc4e03b8
fix: update HTTP request handling and improve test coverage in various handlers
2025-12-31 22:12:51 +00:00
a263a5415a
fix: update type assertions in tests for improved type safety
2025-12-31 21:44:40 +00:00
818b3bcda6
fix: improve user seeding logic to handle existing users more gracefully
2025-12-31 21:36:28 +00:00
555b593bb3
chore: add indirect dependency for godebug v1.1.0
2025-12-31 21:31:13 +00:00
7524d4d3aa
refactor: update function signatures and improve code readability
2025-12-31 21:29:53 +00:00
caeea504a5
chore: move processed issue files to created/ [skip ci]
2025-12-31 21:17:26 +00:00
f46d19b3c0
fix(security): enhance SSRF defense-in-depth with monitoring (CWE-918)
...
- Add CodeQL custom model recognizing ValidateExternalURL as sanitizer
- Enhance validation: hostname length (RFC 1035), IPv6-mapped IPv4 blocking
- Integrate Prometheus metrics (charon_ssrf_blocks_total, charon_url_validation_total)
- Add security audit logging with sanitized error messages
- Fix test race conditions with atomic types
- Update SECURITY.md with 5-layer defense documentation
Related to: #450
Coverage: Backend 86.3%, Frontend 87.27%
Security scans: CodeQL, Trivy, govulncheck all clean
2025-12-31 21:17:08 +00:00
d4e1eda99e
chore: remove unused Chiron.code-workspace file
2025-12-31 21:17:08 +00:00
acb2969425
Merge branch 'feature/issue-365-additional-security' into feature/beta-release
2025-12-31 00:46:48 -05:00
1c3913ba7c
Merge pull request #456 from Wikid82/development
...
Propagate changes from development into feature/issue-365-additional-security
2025-12-31 00:46:16 -05:00
9c113a1f94
Merge pull request #455 from Wikid82/development
...
Propagate changes from development into feature/beta-release
2025-12-31 00:45:48 -05:00
aab58ec4a0
Merge pull request #454 from Wikid82/renovate/npm-minorpatch
...
fix(deps): update npm minor/patch
2025-12-31 00:37:37 -05:00
0022b43c8d
fix(lint): resolve 20 gocritic, eslint, and type safety issues
...
Backend (Go):
- Add named return parameters for improved readability
- Modernize octal literals (0755 → 0o755, 0644 → 0o644)
- Replace nil with http.NoBody in test requests (3 instances)
- Add error handling for rows.Close() in test helper
- Close HTTP response bodies in network tests (3 instances)
Frontend (React/TypeScript):
- Add Fast Refresh export suppressions for UI components
- Replace 'any' types with proper TypeScript types (6 instances)
- Add missing useEffect dependency (calculateScore)
- Remove unused variable in Playwright test
Testing:
- Backend coverage: 87.3% (threshold: 85%)
- Frontend coverage: 87.75% (threshold: 85%)
- All tests passing with race detection
- Zero type errors
Security:
- CodeQL scans: Zero HIGH/CRITICAL findings
- Trivy scan: Zero vulnerabilities
- Pre-commit hooks: All passing
2025-12-31 05:21:11 +00:00
53eb4b9e67
fix(deps): update npm minor/patch
2025-12-30 17:49:13 +00:00
964a72e5bc
chore: move processed issue files to created/ [skip ci]
2025-12-24 20:35:58 +00:00
b5c066d25d
feat: add JSON template support for all services and fix uptime monitoring reliability
...
BREAKING CHANGE: None - fully backward compatible
Changes:
- feat(notifications): extend JSON templates to Discord, Slack, Gotify, and generic
- fix(uptime): resolve race conditions and false positives with failure debouncing
- chore(tests): add comprehensive test coverage (86.2% backend, 87.61% frontend)
- docs: add feature guides and manual test plan
Technical Details:
- Added supportsJSONTemplates() helper for service capability detection
- Renamed sendCustomWebhook → sendJSONPayload for clarity
- Added FailureCount field requiring 2 consecutive failures before marking down
- Implemented WaitGroup synchronization and host-specific mutexes
- Increased TCP timeout to 10s with 2 retry attempts
- Added template security: 5s timeout, 10KB size limit
- All security scans pass (CodeQL, Trivy)
2025-12-24 20:34:38 +00:00
0133d64866
chore: add cache-dependency-path for Go setup in CodeQL workflow
2025-12-24 17:41:22 +00:00
b182b829b5
chore: move processed issue files to created/ [skip ci]
2025-12-24 17:35:11 +00:00
745b9e3e97
fix(security): complete SSRF remediation with defense-in-depth (CWE-918)
...
Implement three-layer SSRF protection:
- Layer 1: URL pre-validation (existing)
- Layer 2: network.NewSafeHTTPClient() with connection-time IP validation
- Layer 3: Redirect target validation
New package: internal/network/safeclient.go
- IsPrivateIP(): Blocks RFC 1918, loopback, link-local (169.254.x.x),
reserved ranges, IPv6 private
- safeDialer(): DNS resolve → validate all IPs → dial validated IP
(prevents DNS rebinding/TOCTOU)
- NewSafeHTTPClient(): Functional options (WithTimeout, WithAllowLocalhost,
WithAllowedDomains, WithMaxRedirects)
Updated services:
- notification_service.go
- security_notification_service.go
- update_service.go
- crowdsec/registration.go (WithAllowLocalhost for LAPI)
- crowdsec/hub_sync.go (WithAllowedDomains for CrowdSec domains)
Consolidated duplicate isPrivateIP implementations to use network package.
Test coverage: 90.9% for network package
CodeQL: 0 SSRF findings (CWE-918 mitigated)
Closes #450
2025-12-24 17:34:56 +00:00
718969b1de
chore: move processed issue files to created/ [skip ci]
2025-12-24 14:36:11 +00:00
70bd60dbce
chore: Implement CodeQL CI Alignment and Security Scanning
...
- Added comprehensive QA report for CodeQL CI alignment implementation, detailing tests, results, and findings.
- Created CodeQL security scanning guide in documentation, outlining usage and common issues.
- Developed pre-commit hooks for CodeQL scans and findings checks, ensuring security issues are identified before commits.
- Implemented scripts for running CodeQL Go and JavaScript scans, aligned with CI configurations.
- Verified all tests passed, including backend and frontend coverage, TypeScript checks, and SARIF file generation.
2025-12-24 14:35:33 +00:00
GitHub Actions
Jeremy
github-actions[bot]
renovate[bot]