crash.software
Projects
Pull Requests
Issues
Builds
csprecon
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY csprecon Commits 680820c0
🤬
  • ■ ■ ■ ■ ■ ■
    .github/workflows/codeql-analysis.yml
     1 +name: "CodeQL"
     2 + 
     3 +on:
     4 + push:
     5 + branches: [main]
     6 + pull_request:
     7 + # The branches below must be a subset of the branches above
     8 + branches: [main]
     9 + schedule:
     10 + - cron: '0 0 * * 6'
     11 + 
     12 +jobs:
     13 + analyze:
     14 + name: Analyze
     15 + runs-on: ubuntu-latest
     16 + 
     17 + strategy:
     18 + fail-fast: false
     19 + matrix:
     20 + # Override automatic language detection by changing the below list
     21 + # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
     22 + language: ['go']
     23 + # Learn more...
     24 + # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
     25 + 
     26 + steps:
     27 + - name: Checkout repository
     28 + uses: actions/checkout@v2
     29 + with:
     30 + # We must fetch at least the immediate parents so that if this is
     31 + # a pull request then we can checkout the head.
     32 + fetch-depth: 2
     33 + 
     34 + # If this run was triggered by a pull request event, then checkout
     35 + # the head of the pull request instead of the merge commit.
     36 + - run: git checkout HEAD^2
     37 + if: ${{ github.event_name == 'pull_request' }}
     38 + 
     39 + # Initializes the CodeQL tools for scanning.
     40 + - name: Initialize CodeQL
     41 + uses: github/codeql-action/init@v2
     42 + with:
     43 + languages: ${{ matrix.language }}
     44 + # If you wish to specify custom queries, you can do so here or in a config file.
     45 + # By default, queries listed here will override any specified in a config file.
     46 + # Prefix the list here with "+" to use these queries and those in the config file.
     47 + # queries: ./path/to/local/query, your-org/your-repo/queries@main
     48 + 
     49 + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
     50 + # If this step fails, then you should remove it and run the build manually (see below)
     51 + - name: Autobuild
     52 + uses: github/codeql-action/autobuild@v2
     53 + 
     54 + # ℹ️ Command-line programs to run using the OS shell.
     55 + # 📚 https://git.io/JvXDl
     56 + 
     57 + # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
     58 + # and modify them (or add more) to build your code if your project
     59 + # uses a compiled language
     60 + 
     61 + #- run: |
     62 + # make bootstrap
     63 + # make release
     64 + 
     65 + - name: Perform CodeQL Analysis
     66 + uses: github/codeql-action/analyze@v2
     67 + 
  • ■ ■ ■ ■ ■ ■
    .github/workflows/golangci-lint.yml
     1 +name: golangci-lint
     2 +on:
     3 + push:
     4 + tags:
     5 + - v*
     6 + branches:
     7 + - devel
     8 + - main
     9 + pull_request:
     10 +permissions:
     11 + contents: read
     12 + # Optional: allow read access to pull request. Use with `only-new-issues` option.
     13 + # pull-requests: read
     14 +jobs:
     15 + golangci:
     16 + name: lint
     17 + runs-on: ubuntu-latest
     18 + steps:
     19 + - uses: actions/setup-go@v3
     20 + with:
     21 + go-version: 1.18
     22 + - uses: actions/checkout@v3
     23 + - name: golangci-lint
     24 + uses: golangci/golangci-lint-action@v3
     25 + with:
     26 + # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
     27 + version: v1.49
     28 + 
     29 + # Optional: working directory, useful for monorepos
     30 + # working-directory: somedir
     31 + 
     32 + # Optional: golangci-lint command line arguments.
     33 + # args: --issues-exit-code=0
     34 + 
     35 + # Optional: show only new issues if it's a pull request. The default value is `false`.
     36 + # only-new-issues: true
     37 + 
     38 + # Optional: if set to true then the all caching functionality will be complete disabled,
     39 + # takes precedence over all other caching options.
     40 + # skip-cache: true
     41 + 
     42 + # Optional: if set to true then the action don't cache or restore ~/go/pkg.
     43 + # skip-pkg-cache: true
     44 + 
     45 + # Optional: if set to true then the action don't cache or restore ~/.cache/go-build.
     46 + # skip-build-cache: true
  • ■ ■ ■ ■ ■
    pkg/csprecon/csp.go
    skipped 15 lines
    16 16  )
    17 17   
    18 18  func checkCSP(url string, r *regexp.Regexp, client *http.Client) ([]string, error) {
    19  - result := []string{}
     19 + var (
     20 + result = []string{}
     21 + headerCSP []string
     22 + bodyCSP []string
     23 + )
     24 + 
    20 25   resp, err := client.Get(url)
    21  - 
    22 26   if err != nil {
    23 27   return result, err
    24 28   }
    25 29   
    26 30   defer resp.Body.Close()
    27 31   
    28  - headerCSP := parseCSPHeader(resp.Header.Get("Content-Security-Policy"), r)
     32 + headerCSP = parseCSPHeader(resp.Header.Get("Content-Security-Policy"), r)
     33 + if len(headerCSP) != 0 {
     34 + bodyCSP = parseCSPBody("")
     35 + }
    29 36   
    30  - return headerCSP, nil
     37 + result = append(result, headerCSP...)
     38 + result = append(result, bodyCSP...)
     39 + 
     40 + return result, nil
    31 41  }
    32 42   
    33 43  func parseCSPHeader(input string, r *regexp.Regexp) []string {
    skipped 50 lines
Please wait...
Page is in error, reload to recover