akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity
1,531 Commits 11 Branches 107 Tags
d25712aad1e58d2dc369dddb5ad3fdb773a2d8e6
Commit Graph

1531 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeremy
d25712aad1 Merge pull request #464 from Wikid82/renovate/anchore-sbom-action-0.x 
chore(deps): update anchore/sbom-action action to v0.21.0
 2026-01-02 22:23:43 -05:00
Jeremy
16911038dc Merge pull request #463 from Wikid82/renovate/actions-attest-sbom-2.x 
chore(deps): update actions/attest-sbom action to v2.4.0
 2026-01-02 22:23:30 -05:00
Jeremy
f2ef1b72c8 Merge pull request #462 from Wikid82/renovate/renovatebot-github-action-44.x 
chore(deps): update renovatebot/github-action action to v44.2.2
 2026-01-02 22:23:14 -05:00
renovate[bot]
871447d7b7 chore(deps): update anchore/sbom-action action to v0.21.0 2026-01-03 03:18:46 +00:00
renovate[bot]
b856170f70 chore(deps): update actions/attest-sbom action to v2.4.0 2026-01-03 03:18:41 +00:00
renovate[bot]
02d84ad83c chore(deps): update renovatebot/github-action action to v44.2.2 2026-01-03 03:18:36 +00:00
Jeremy
f5f245af74 Merge pull request #436 from Wikid82/feature/issue-365-additional-security 
fix(security): complete SSRF remediation with defense-in-depth (CWE-918)
 2025-12-31 23:18:42 -05:00
github-actions[bot]
15db211fe5 chore: move processed issue files to created/ [skip ci] 2026-01-01 04:04:53 +00:00
Jeremy
a580858bfd Merge pull request #450 from Wikid82/feature/beta-release 
fix(security): complete SSRF remediation with defense-in-depth (CWE-918)
 2025-12-31 23:04:36 -05:00
GitHub Actions
cfafe70d17 fix: rename variable for clarity and security verification in TestURLConnectivity 2026-01-01 03:53:44 +00:00
GitHub Actions
a1ff78a92f fix: add CodeQL configuration to exclude documented SSRF false positives and update workflow to use new config 2026-01-01 03:36:06 +00:00
GitHub Actions
f8667bcc66 fix: enhance CodeQL custom model for SSRF protection clarity and update URL validation comments 2026-01-01 03:29:38 +00:00
GitHub Actions
5ed998a9c4 fix: refactor host matching logic in TestGenerateConfig_WithWAFPerHostDisabled for clarity 2026-01-01 03:09:25 +00:00
GitHub Actions
d7fb784fa4 fix: update parameter name in computeEffectiveFlags for clarity 2026-01-01 03:08:09 +00:00
GitHub Actions
beb230c0d6 fix: sanitize user input for log injection protection in ProxyHostHandler 2026-01-01 03:06:36 +00:00
GitHub Actions
5a3f0fed62 fix: update CodeQL custom model and comments in TestURLConnectivity for improved SSRF protection clarity 2026-01-01 03:02:23 +00:00
GitHub Actions
37f42dd62e fix: configure GORM logger to ignore "record not found" errors during seed operations 2026-01-01 02:29:40 +00:00
GitHub Actions
03a2fb1969 fix: enhance URL validation in TestURLConnectivity to prevent SSRF vulnerabilities 2026-01-01 01:50:32 +00:00
GitHub Actions
8edd2056b0 fix: replace nil with http.NoBody in various test cases for consistency 2026-01-01 01:38:19 +00:00
GitHub Actions
436b67f728 fix: replace nil with http.NoBody in various handler tests for clarity 2026-01-01 01:00:27 +00:00
GitHub Actions
e50d329e01 fix: replace nil with http.NoBody in CrowdsecHandler tests for clarity 2026-01-01 00:24:41 +00:00
GitHub Actions
d3f39cdea9 fix: replace nil with http.NoBody in CrowdsecHandler tests for clarity 2026-01-01 00:11:02 +00:00
GitHub Actions
7a1a3adb1b fix: replace inline mock with verification executor for clarity in TestReconcileCrowdSecOnStartup 2025-12-31 23:52:04 +00:00
GitHub Actions
8d271f7f60 fix: update file permission mode in log watcher test for consistency 2025-12-31 23:40:45 +00:00
GitHub Actions
27787022ee fix: simplify return types in ValidateURL for consistency 2025-12-31 23:34:52 +00:00
GitHub Actions
d2447da604 fix: enhance SSRF protection documentation and improve function return clarity in TestURLConnectivity 2025-12-31 23:30:56 +00:00
GitHub Actions
b1c67153f1 fix: streamline error handling in TestTestURLConnectivity_EnhancedSSRF for clarity 2025-12-31 23:09:20 +00:00
GitHub Actions
12615a918b fix: add security comment for binPath handling in Start method 2025-12-31 23:06:01 +00:00
GitHub Actions
bfc19ef3bd fix: refactor status handling in checkHost to improve clarity and maintainability 2025-12-31 22:57:08 +00:00
GitHub Actions
8df363a75c fix: enhance IP address handling in generateForwardHostWarnings for improved warning accuracy 2025-12-31 22:49:32 +00:00
GitHub Actions
247ebcacf7 fix: improve type handling in crowdsecExport tests for better type safety 2025-12-31 22:32:09 +00:00
GitHub Actions
dcdc4e03b8 fix: update HTTP request handling and improve test coverage in various handlers 2025-12-31 22:12:51 +00:00
GitHub Actions
a263a5415a fix: update type assertions in tests for improved type safety 2025-12-31 21:44:40 +00:00
GitHub Actions
818b3bcda6 fix: improve user seeding logic to handle existing users more gracefully 2025-12-31 21:36:28 +00:00
GitHub Actions
555b593bb3 chore: add indirect dependency for godebug v1.1.0 2025-12-31 21:31:13 +00:00
GitHub Actions
7524d4d3aa refactor: update function signatures and improve code readability 2025-12-31 21:29:53 +00:00
github-actions[bot]
caeea504a5 chore: move processed issue files to created/ [skip ci] 2025-12-31 21:17:26 +00:00
GitHub Actions
f46d19b3c0 fix(security): enhance SSRF defense-in-depth with monitoring (CWE-918) 
- Add CodeQL custom model recognizing ValidateExternalURL as sanitizer
- Enhance validation: hostname length (RFC 1035), IPv6-mapped IPv4 blocking
- Integrate Prometheus metrics (charon_ssrf_blocks_total, charon_url_validation_total)
- Add security audit logging with sanitized error messages
- Fix test race conditions with atomic types
- Update SECURITY.md with 5-layer defense documentation

Related to: #450
Coverage: Backend 86.3%, Frontend 87.27%
Security scans: CodeQL, Trivy, govulncheck all clean
 2025-12-31 21:17:08 +00:00
GitHub Actions
d4e1eda99e chore: remove unused Chiron.code-workspace file 2025-12-31 21:17:08 +00:00
Jeremy
acb2969425 Merge branch 'feature/issue-365-additional-security' into feature/beta-release 2025-12-31 00:46:48 -05:00
Jeremy
1c3913ba7c Merge pull request #456 from Wikid82/development 
Propagate changes from development into feature/issue-365-additional-security
 2025-12-31 00:46:16 -05:00
Jeremy
9c113a1f94 Merge pull request #455 from Wikid82/development 
Propagate changes from development into feature/beta-release
 2025-12-31 00:45:48 -05:00
Jeremy
aab58ec4a0 Merge pull request #454 from Wikid82/renovate/npm-minorpatch 
fix(deps): update npm minor/patch
 2025-12-31 00:37:37 -05:00
GitHub Actions
0022b43c8d fix(lint): resolve 20 gocritic, eslint, and type safety issues 
Backend (Go):
- Add named return parameters for improved readability
- Modernize octal literals (0755 → 0o755, 0644 → 0o644)
- Replace nil with http.NoBody in test requests (3 instances)
- Add error handling for rows.Close() in test helper
- Close HTTP response bodies in network tests (3 instances)

Frontend (React/TypeScript):
- Add Fast Refresh export suppressions for UI components
- Replace 'any' types with proper TypeScript types (6 instances)
- Add missing useEffect dependency (calculateScore)
- Remove unused variable in Playwright test

Testing:
- Backend coverage: 87.3% (threshold: 85%)
- Frontend coverage: 87.75% (threshold: 85%)
- All tests passing with race detection
- Zero type errors

Security:
- CodeQL scans: Zero HIGH/CRITICAL findings
- Trivy scan: Zero vulnerabilities
- Pre-commit hooks: All passing
 2025-12-31 05:21:11 +00:00
renovate[bot]
53eb4b9e67 fix(deps): update npm minor/patch 2025-12-30 17:49:13 +00:00
github-actions[bot]
964a72e5bc chore: move processed issue files to created/ [skip ci] 2025-12-24 20:35:58 +00:00
GitHub Actions
b5c066d25d feat: add JSON template support for all services and fix uptime monitoring reliability 
BREAKING CHANGE: None - fully backward compatible

Changes:
- feat(notifications): extend JSON templates to Discord, Slack, Gotify, and generic
- fix(uptime): resolve race conditions and false positives with failure debouncing
- chore(tests): add comprehensive test coverage (86.2% backend, 87.61% frontend)
- docs: add feature guides and manual test plan

Technical Details:
- Added supportsJSONTemplates() helper for service capability detection
- Renamed sendCustomWebhook → sendJSONPayload for clarity
- Added FailureCount field requiring 2 consecutive failures before marking down
- Implemented WaitGroup synchronization and host-specific mutexes
- Increased TCP timeout to 10s with 2 retry attempts
- Added template security: 5s timeout, 10KB size limit
- All security scans pass (CodeQL, Trivy)
 2025-12-24 20:34:38 +00:00
GitHub Actions
0133d64866 chore: add cache-dependency-path for Go setup in CodeQL workflow 2025-12-24 17:41:22 +00:00
github-actions[bot]
b182b829b5 chore: move processed issue files to created/ [skip ci] 2025-12-24 17:35:11 +00:00
GitHub Actions
745b9e3e97 fix(security): complete SSRF remediation with defense-in-depth (CWE-918) 
Implement three-layer SSRF protection:
- Layer 1: URL pre-validation (existing)
- Layer 2: network.NewSafeHTTPClient() with connection-time IP validation
- Layer 3: Redirect target validation

New package: internal/network/safeclient.go
- IsPrivateIP(): Blocks RFC 1918, loopback, link-local (169.254.x.x),
  reserved ranges, IPv6 private
- safeDialer(): DNS resolve → validate all IPs → dial validated IP
  (prevents DNS rebinding/TOCTOU)
- NewSafeHTTPClient(): Functional options (WithTimeout, WithAllowLocalhost,
  WithAllowedDomains, WithMaxRedirects)

Updated services:
- notification_service.go
- security_notification_service.go
- update_service.go
- crowdsec/registration.go (WithAllowLocalhost for LAPI)
- crowdsec/hub_sync.go (WithAllowedDomains for CrowdSec domains)

Consolidated duplicate isPrivateIP implementations to use network package.

Test coverage: 90.9% for network package
CodeQL: 0 SSRF findings (CWE-918 mitigated)

Closes #450
 2025-12-24 17:34:56 +00:00