Charon/backend/internal/services at 028233f378cfdbd4e2fcbd3d56f3e4af2e4a75eb - Charon - Gitea: Git with a cup of tea

akanealw/Charon

Files

History

GitHub Actions 2f44da2c34 feat(security): add plugin signature allowlisting and security hardening

Implement Phase 3 of Custom DNS Provider Plugin Support with comprehensive
security controls for external plugin loading.

Add CHARON_PLUGIN_SIGNATURES env var for SHA-256 signature allowlisting
Support permissive (unset), strict ({}), and allowlist modes
Add directory permission verification (reject world-writable)
Configure container with non-root user and read-only plugin mount option
Add 22+ security tests for permissions, signatures, and allowlist logic
Create plugin-security.md operator documentation
Security controls:

Signature verification with sha256: prefix requirement
World-writable directory rejection
Non-root container execution (charon user UID 1000)
Read-only mount support for production deployments
Documented TOCTOU mitigation with atomic deployment workflow

2026-01-14 19:59:41 +00:00

..

access_list_service_test.go

feat(cerberus): integrate Cerberus security features (WAF, ACLs, rate limiting, CrowdSec)

2025-12-12 17:56:30 +00:00

access_list_service.go

chore: implement instruction compliance remediation

2025-12-21 04:08:42 +00:00

auth_service_test.go

feat: add ManualDNSChallenge component and related hooks for manual DNS challenge management

2026-01-12 04:01:40 +00:00

auth_service.go

Add QA test outputs, build scripts, and Dockerfile validation

2025-12-11 18:26:24 +00:00

backup_service_disk_test.go

Add QA test outputs, build scripts, and Dockerfile validation

2025-12-11 18:26:24 +00:00

backup_service_test.go

feat: add ManualDNSChallenge component and related hooks for manual DNS challenge management

2026-01-12 04:01:40 +00:00

backup_service.go

fix; CVE-2025-68156 remediation

2026-01-11 19:33:25 +00:00

benchmark_test.go

Add QA test outputs, build scripts, and Dockerfile validation

2025-12-11 18:26:24 +00:00

certificate_service_test.go

feat: add ManualDNSChallenge component and related hooks for manual DNS challenge management

2026-01-12 04:01:40 +00:00

certificate_service.go

feat: add ManualDNSChallenge component and related hooks for manual DNS challenge management

2026-01-12 04:01:40 +00:00

coverage_boost_test.go

fix: resolve 30 test failures and boost coverage to 85%+

2026-01-07 20:33:20 +00:00

credential_service_test.go

fix(tests): improve context setup for audit logging in DNS provider service tests

2026-01-12 07:27:00 +00:00

credential_service.go

fix; CVE-2025-68156 remediation

2026-01-11 19:33:25 +00:00

crowdsec_startup_test.go

feat: add ManualDNSChallenge component and related hooks for manual DNS challenge management

2026-01-12 04:01:40 +00:00

crowdsec_startup.go

fix(security): resolve CrowdSec startup and permission issues

2025-12-23 01:59:21 +00:00

dns_detection_service_test.go

feat: add ManualDNSChallenge component and related hooks for manual DNS challenge management

2026-01-12 04:01:40 +00:00

dns_detection_service.go

feat: implement DNS provider detection and related components

2026-01-04 20:04:22 +00:00

dns_provider_service_test.go

fix(tests): improve context setup for audit logging in DNS provider service tests

2026-01-12 07:27:00 +00:00

dns_provider_service.go

fix; CVE-2025-68156 remediation

2026-01-11 19:33:25 +00:00

doc.go

Add QA test outputs, build scripts, and Dockerfile validation

2025-12-11 18:26:24 +00:00

docker_service_test.go

fix(docker): enhance error handling and user feedback for Docker service unavailability

2026-01-10 00:08:25 +00:00

docker_service.go

fix(docker): enhance error handling and user feedback for Docker service unavailability

2026-01-10 00:08:25 +00:00

geoip_service_test.go

feat: add ManualDNSChallenge component and related hooks for manual DNS challenge management

2026-01-12 04:01:40 +00:00

geoip_service.go

fix: complete geoip2-golang v2 migration

2025-12-14 08:06:32 +00:00

log_service_test.go

feat: add ManualDNSChallenge component and related hooks for manual DNS challenge management

2026-01-12 04:01:40 +00:00

log_service.go

Add QA test outputs, build scripts, and Dockerfile validation

2025-12-11 18:26:24 +00:00

log_watcher_test.go

feat: add ManualDNSChallenge component and related hooks for manual DNS challenge management

2026-01-12 04:01:40 +00:00

log_watcher.go

fix; CVE-2025-68156 remediation

2026-01-11 19:33:25 +00:00

mail_service_test.go

feat: add ManualDNSChallenge component and related hooks for manual DNS challenge management

2026-01-12 04:01:40 +00:00

mail_service.go

fix; CVE-2025-68156 remediation

2026-01-11 19:33:25 +00:00

manual_challenge_service_test.go

feat: add ManualDNSChallenge component and related hooks for manual DNS challenge management

2026-01-12 04:01:40 +00:00

manual_challenge_service.go

feat: add ManualDNSChallenge component and related hooks for manual DNS challenge management

2026-01-12 04:01:40 +00:00

notification_service_json_test.go

feat: add ManualDNSChallenge component and related hooks for manual DNS challenge management

2026-01-12 04:01:40 +00:00

notification_service_template_test.go

Add QA test outputs, build scripts, and Dockerfile validation

2025-12-11 18:26:24 +00:00

notification_service_test.go

feat: add ManualDNSChallenge component and related hooks for manual DNS challenge management

2026-01-12 04:01:40 +00:00

notification_service.go

fix; CVE-2025-68156 remediation

2026-01-11 19:33:25 +00:00

plugin_loader_test.go

feat(security): add plugin signature allowlisting and security hardening

2026-01-14 19:59:41 +00:00

plugin_loader.go

feat(security): add plugin signature allowlisting and security hardening

2026-01-14 19:59:41 +00:00

proxyhost_service_test.go

feat: add ManualDNSChallenge component and related hooks for manual DNS challenge management

2026-01-12 04:01:40 +00:00

proxyhost_service.go

chore: implement instruction compliance remediation

2025-12-21 04:08:42 +00:00

remoteserver_service_test.go

Add QA test outputs, build scripts, and Dockerfile validation

2025-12-11 18:26:24 +00:00

remoteserver_service.go

Add QA test outputs, build scripts, and Dockerfile validation

2025-12-11 18:26:24 +00:00

security_headers_service_test.go

feat: add API-Friendly security header preset for mobile apps

2025-12-19 18:55:48 +00:00

security_headers_service.go

feat: add ManualDNSChallenge component and related hooks for manual DNS challenge management

2026-01-12 04:01:40 +00:00

security_notification_service_test.go

test(security): complete CWE-918 remediation and achieve 86% backend coverage

2025-12-24 11:51:51 +00:00

security_notification_service.go

fix; CVE-2025-68156 remediation

2026-01-11 19:33:25 +00:00

security_score_test.go

feat: implement HTTP Security Headers management (Issue #20 )

2025-12-19 18:55:48 +00:00

security_score.go

feat(security): implement email body sanitization and enhance URL validation to prevent injection attacks

2025-12-24 12:10:50 +00:00

security_service_test.go

feat: add ManualDNSChallenge component and related hooks for manual DNS challenge management

2026-01-12 04:01:40 +00:00

security_service.go

feat: implement encryption management features including key rotation, validation, and history tracking

2026-01-04 03:08:40 +00:00

update_service_test.go

feat: add ManualDNSChallenge component and related hooks for manual DNS challenge management

2026-01-12 04:01:40 +00:00

update_service.go

fix(security): complete SSRF remediation with defense-in-depth (CWE-918)

2025-12-24 17:34:56 +00:00

uptime_service_notification_test.go

Add QA test outputs, build scripts, and Dockerfile validation

2025-12-11 18:26:24 +00:00

uptime_service_race_test.go

feat: add ManualDNSChallenge component and related hooks for manual DNS challenge management

2026-01-12 04:01:40 +00:00

uptime_service_test.go

feat: add ManualDNSChallenge component and related hooks for manual DNS challenge management

2026-01-12 04:01:40 +00:00

uptime_service_unit_test.go

chore: implement instruction compliance remediation

2025-12-21 04:08:42 +00:00

uptime_service.go

feat: implement comprehensive test optimization

2026-01-03 19:42:53 +00:00

websocket_tracker_test.go

fix: improve test ID generation in concurrent test

2025-12-18 18:26:46 +00:00

websocket_tracker.go

feat: add WebSocket connection tracking backend

2025-12-18 18:04:40 +00:00