Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat/security legacy urls #2556

Open
wants to merge 77 commits into
base: main
Choose a base branch
from
Open

Feat/security legacy urls #2556

wants to merge 77 commits into from

Conversation

underdarknl
Copy link
Contributor

@underdarknl underdarknl commented Feb 26, 2024
edited
Loading

Changes

Based on the RFC websites must have a .well-known/security.txt an not just a /security.txt file
This adds a finding for those sites.

Code Checklist

  • All the commits in this PR are properly PGP-signed and verified.
  • This PR only contains functionality relevant to the issue; tickets have been created for newly discovered issues.
  • I have written unit tests for the changes or fixes I made.
  • For any non-trivial functionality, I have added integration and/or end-to-end tests.
  • I have performed a self-review of my code and refactored it to the best of my abilities.

Communication

  • I have informed others of any required .env changes files if required and changed the .env-dist accordingly.
  • I have made corresponding changes to the documentation, if necessary.
  • I have included comments in the code to elaborate on what is not self-evident from the code itself, including references to issues and discussions online, or implicit behavior of an interface.

@underdarknl underdarknl requested a review from a team as a code owner February 26, 2024 08:39
@underdarknl underdarknl added the boefjes Issues related to boefjes label Feb 26, 2024
ammar92
ammar92 previously approved these changes Mar 12, 2024
View reviewed changes
@dekkers dekkers mentioned this pull request Mar 12, 2024
Merged
underdarknl added 22 commits May 3, 2024 10:08
@underdarknl
Update and rename test_sucurity_txt.py to test_security_txt.py
8645670
@underdarknl
Rename security_txt_legacy-only.json to security_txt_results_legacy_o…
d141857 
…nly.json
@underdarknl
Update security_txt_results_legacy_only.json
55ea05b
@underdarknl
Update security_txt_result_no_file.json
2501a68
@underdarknl
Update main.py
b970158
@underdarknl
Update normalize.py
f638b07
@underdarknl
Update test_security_txt.py
c40b024
@underdarknl
lint test_security_txt.py
1a76913
@underdarknl
Update test_security_txt.py
c0d6bc4
@underdarknl
Update main.py
66bc846
@underdarknl
Update normalize.py
50028d1
@underdarknl
Update security_txt_result_no_file.json
e77541a
@underdarknl
Update security_txt_results_legacy_only.json
a8dd860
@underdarknl
Update test_security_txt.py
c3725ff
@underdarknl
Update security_txt_results_legacy_only.json
1e94dcc
@underdarknl
Update test_security_txt.py
c55ce43
@underdarknl
Merge branch 'main' into feat/security-legacy-urls
0a78b16
@underdarknl
Update test_security_txt.py
d4aab32
@underdarknl
Update test_security_txt.py
9590a46
@underdarknl
Update test_security_txt.py
04ee3e2
@underdarknl
Update test_security_txt.py
b2d466c
@underdarknl
Merge branch 'main' into feat/security-legacy-urls
e4b06ca
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jun 3, 2024
edited
Loading

Quality Gate Passed Quality Gate passed

Issues
3 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@underdarknl underdarknl mentioned this pull request Dec 30, 2024
Open
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Failed Quality Gate failed

Failed conditions
36.0% Coverage on New Code (required ≥ 80%)
D Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 30, 2024
View reviewed changes
boefjes/boefjes/plugins/kat_security_txt_downloader/main.py
# TODO return a redirected URL and have OpenKAT figure out if we want to follow this.
if response.status_code in [301, 302, 307, 308]:
request_url = response.headers["Location"]
response = requests.get(request_url, stream=True, timeout=timeout, verify=False) # noqa: S501

Check failure

Code scanning / SonarCloud

Server certificates should be verified during SSL/TLS connections High

Enable server certificate validation on this SSL/TLS connection. See more on SonarQube Cloud
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dekkers dekkers dekkers left review comments

@ammar92 ammar92 ammar92 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@underdarknl underdarknl

Labels
boefjes Issues related to boefjes 😸 Review/QA feedback Review/QA feedback provided
Projects
KAT
Status: In Progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@underdarknl @ammar92 @stephanie0x00 @dekkers