Commit graph

665 commits

Author SHA1 Message Date
afac8e8f0e
Merge pull request #77 from wneessen/openssf_badge
Add OpenSSF Best Practices badge to README.md
2024-03-17 23:58:21 +01:00
d443446011
Add OpenSSF Best Practices badge to README.md
The OpenSSF Best Practices badge has been included in the README.md file to demonstrate the adherence of this project to the best practices set by the Open Source Security Foundation.
2024-03-17 23:57:48 +01:00
bf9cb85f9b
Merge pull request #76 from wneessen/dependabot/github_actions/ossf/scorecard-action-2.3.1
Bump ossf/scorecard-action from 2.1.2 to 2.3.1
2024-03-17 23:32:03 +01:00
7a1170b2d0
Merge pull request #74 from wneessen/dependabot/github_actions/github/codeql-action-3.24.7
Bump github/codeql-action from 2.2.4 to 3.24.7
2024-03-17 23:31:48 +01:00
abc5b90aea
Merge pull request #73 from wneessen/dependabot/github_actions/docker/login-action-3.1.0
Bump docker/login-action from 1.9.0 to 3.1.0
2024-03-17 23:31:37 +01:00
0c68f136ea
Merge pull request #72 from wneessen/dependabot/github_actions/golangci/golangci-lint-action-4.0.0
Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0
2024-03-17 23:31:26 +01:00
0a3abebb5a
Merge pull request #75 from wneessen/dependabot/github_actions/codecov/codecov-action-4.1.0
Bump codecov/codecov-action from 3.1.6 to 4.1.0
2024-03-17 23:30:59 +01:00
dependabot[bot]
1d8087b1d7
Bump ossf/scorecard-action from 2.1.2 to 2.3.1
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](e38b1902ae...0864cf1902)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-17 22:26:56 +00:00
dependabot[bot]
3ddc257cb5
Bump codecov/codecov-action from 3.1.6 to 4.1.0
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.6 to 4.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](ab904c41d6...54bcd8715e)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-17 22:26:51 +00:00
dependabot[bot]
2639bb5c69
Bump github/codeql-action from 2.2.4 to 3.24.7
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.4 to 3.24.7.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2.2.4...3ab4101902695724f9365a384f86c1074d94e18c)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-17 22:26:48 +00:00
dependabot[bot]
f7d220dd2b
Bump docker/login-action from 1.9.0 to 3.1.0
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.9.0 to 3.1.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](28218f9b04...e92390c5fb)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-17 22:26:43 +00:00
dependabot[bot]
134d943439
Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.7.0 to 4.0.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](3a91952989...3cfe3a4abb)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-17 22:26:40 +00:00
49506634bc
Merge pull request #71 from step-security-bot/stepsecurity_remediation_1710714172
[StepSecurity] Apply security best practices
2024-03-17 23:26:17 +01:00
StepSecurity Bot
35067dbf85
[StepSecurity] Apply security best practices
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
2024-03-17 22:22:53 +00:00
5ba220f1b9
Merge pull request #69 from wneessen/add_fuzzing
Add fuzzing
2024-03-17 22:09:40 +01:00
3ffb499c1b
Add fuzz testing to config_test.go
This commit adds a function `FuzzWithAlgorithm` to the configuration test file (config_test.go). The function introduces more comprehensive fuzz testing for the algorithm configuration. It focuses on handling different integers including negative and high numbers, thus enhancing robustness of the algorithm.
2024-03-17 22:05:44 +01:00
b40b4b7e63
Add expanded fuzz testing to algo_test.go
This commit introduces several new fuzz tests to the algo_test.go file. These tests specifically target the IntToAlgo functionality to ensure proper handling of negative, out-of-range, and very large input values. By covering these edge-cases, we enhance the reliability of the algorithm conversion process.
2024-03-17 22:05:35 +01:00
f5f6a12e83
Merge pull request #68 from wneessen/security-md
Create SECURITY.md
2024-03-17 21:33:25 +01:00
f65feff1f9
Create SECURITY.md 2024-03-17 21:32:57 +01:00
7f8fbb05bc
Merge pull request #67 from wneessen/token-permissions
Add read permissions to GitHub workflows
2024-03-17 20:23:45 +01:00
b289d440da
Update Go build command in GitHub workflow
The GitHub workflow script has been updated to use a different command for building the Go application. This will ensure that the application is built with necessary parameters for correct operation and proper linking of static libraries.
2024-03-17 20:23:29 +01:00
ef8e334df0
Add read permissions to GitHub workflows
The reuse and docker-publish workflow scripts in GitHub Actions have been updated. Now these scripts have permission to read contents. This will ensure secure access and controlled operations on repositories.
2024-03-17 20:16:27 +01:00
ba891efd37
Merge pull request #64 from wneessen/codeql
Create codeql.yml
2024-03-17 20:02:09 +01:00
bfc12841ce
Update Go version and build command in codeql workflow
The codeql workflow script has been updated. Specifically, the Go version in the build command has been changed from 1.22.0 to 1.22.1+auto, to ensure alignment with the Go version specified elsewhere in the project. Additionally, the build command itself has been simplified, utilizing '/usr/bin/env' to consolidate dependencies.
2024-03-17 19:59:29 +01:00
4ea41be22f
Update Go version and simplify build script
The Go version in go.mod has been updated from 1.22 to 1.22.0 to avoid potential compatibility issues. Additionally, the build process in codeql.yml has been simplified by consolidating multiple 'go mod' commands into a single 'go build' command.
2024-03-17 19:51:46 +01:00
2691b04e38
Upgrade Go version in go.mod
The Go version specified in the go.mod file has been upgraded from 1.22 to 1.22.0. This may be necessary to avoid compatibility issues with updated systems and dependencies.
2024-03-17 19:49:43 +01:00
decf5526d1
Downgrade Go version in go.mod
The Go version specified in the go.mod file has been downgraded from 1.22.1 to 1.22. This change is necessary to maintain compatibility with systems and dependencies that may not yet support the latest version of Go.
2024-03-17 19:38:12 +01:00
061b9f4f7f
Upgrade Go version in go.mod
The Go version specified in the go.mod file has been upgraded from 1.21 to 1.22.1. This change ensures the use of the latest Go features and improvements, enhancing the overall project performance.
2024-03-17 19:36:40 +01:00
bffc8ac65e
Update Go version in go.mod
The Go version specified in the go.mod file has been downgraded from 1.22 to 1.21. This is to ensure compatibility with the project's specified dependencies.
2024-03-17 19:33:18 +01:00
6f25663957
Update Go build steps in GitHub workflow
The build steps in the CodeQL action of the GitHub workflow have been updated. Instead of using the 'apt-get' command, the 'go mod tidy', 'go mod download', and 'go mod verify' are now used. This improves the building process by organizing and verifying the dependencies.
2024-03-17 19:31:10 +01:00
31cf70c678
Update golangci-lint workflow permissions
The "read-all" permission has been eliminated from the .github/workflows/golangci-lint.yml file. In its place, more specific read permissions have been implemented to enhance security measures and establish accurate access levels.
2024-03-17 19:28:59 +01:00
4bc210f1ab
Refine permissions in CodeQL workflow
The "read-all" permission has been removed from the CodeQL workflow. Instead, the workflow now includes a specific read permission for contents, ensuring a more precise and secure access level.
2024-03-17 19:28:06 +01:00
b36aeeeab6
Update CodeQL workflow to include Go installation and building
The previous autobuild process has been disabled in the Github actions workflow. A new step for Go installation and manual building of the application using Go has been implemented, providing enhanced control and flexibility over the project's build process.
2024-03-17 19:24:19 +01:00
043008a97d
Update CodeQL workflow to include Go installation and building
The previous autobuild process has been disabled in the Github actions workflow. A new step for Go installation and manual building of the application using Go has been implemented, providing enhanced control and flexibility over the project's build process.
2024-03-17 19:22:18 +01:00
2af31dcb48
Disable Autobuild and setup manual Go build in CodeQL workflow
The Github actions autobuild functionality has been commented out and replaced with manual building using Go. This customized build command ensures better flexibility and control over the build process.
2024-03-17 19:19:38 +01:00
7ebaf2d2b7
Add read-all permissions to workflow files
This commit adds "read-all" permissions to golangci-lint, codecov, and sonarqube workflow files. This change ensures that all necessary activities are allowed during the workflow processes.
2024-03-17 19:15:34 +01:00
eec1b36edc
Add read-all permissions and SPDX license headers in codeql.yml
The commit adds SPDX-FileCopyrightText and SPDX-License-Identifier headers at the top of codeql.yml, specifying a CC0-1.0 license for Winni Neessen's 2022 copyright. It also grants read-all permissions, ensuring all needed activities are allowed in the file's workflow.
2024-03-17 19:14:42 +01:00
2d674214a7
Create codeql.yml 2024-03-17 19:12:21 +01:00
a61ac9b877
Merge pull request #61 from wneessen/fix_reuse
Add SPDX license headers in scorecard.yml
2024-03-17 19:06:13 +01:00
6697ac53db
Add SPDX license headers in scorecard.yml
SPDX-FileCopyrightText and SPDX-License-Identifier license headers have been added to the top of the scorecard.yml file. The headers pertain to the 2022 copyright of Winni Neessen and define the license to be CC0-1.0.
2024-03-17 19:05:33 +01:00
64f7eed954
Create scorecard.yml 2024-03-17 19:01:57 +01:00
4a6b9b325f
Update version number in README and apg.go for proper semver ruling
The version number has been corrected to 1.1.0 from 1.0.1. This change was made in both the README.md file and the apg.go file. This update reflects the new algorithm for binary secrets introduction in version 1.1.0 instead of version 1.0.1.
2024-03-17 18:31:58 +01:00
9f035c5834
Merge pull request #60 from wneessen/binary_random
Add binary mode for secret generation
2024-03-17 18:26:03 +01:00
183754e869
Add new test case to spelling_test.go
A new test case named "Pronounce_Mixed" has been added to the file spelling_test.go. This new case helps validate the behavior of the function when dealing with mixed syllables. More specifically, it deals with a situation where a number and a pronounceable syllable are combined, enhancing the overall robustness of the spelling tests.
2024-03-17 18:23:12 +01:00
c697a8ef8e
Update error handling in test for HasBeenPwned
The test for HasBeenPwned function in hibp_test.go has been updated to handle errors more effectively. Instead of failing the test directly upon encountering an error, it now logs the error and terminates the current subtest. This improves the test's resilience and makes debugging easier.
2024-03-17 18:23:04 +01:00
c8a4cf2837
Refactor variable initialization in generateBinary function
This commit refactors the way the 'length' variable is initialized in the generateBinary function of the Generator struct in random.go. Notably, it makes use of Go's type inference feature to eliminate the need to explicitly declare the variable type.
2024-03-17 18:12:17 +01:00
acadccc84a
Add binary mode for secret generation
This commit updates the password generator to now include a binary mode. This mode produces a 256 bits long fully binary secret which can be used for AES-256 encryption. New flags `-bh` (print hex representation) and `-bn` (new line after secret) have been added for this mode. The version has also been updated to 1.0.1 recognizing this new addition.
2024-03-17 18:09:27 +01:00
641af1f88c
Merge pull request #59 from wneessen/pin-gen
Add examples section to README.md and pin-generator example
2024-03-16 11:17:39 +01:00
2c7db946be
Add examples section to README.md and pin-generator example
This commit introduces a new "Examples" section in the README.md to illustrate usage, ranging from website login password, PIN generation, to phone verification. In addition, it includes a new file under the example-code directory for a PIN generator using apg-go.
2024-03-16 11:17:06 +01:00
3e819976f6
Merge pull request #58 from wneessen/fix_typos
Fix typos
2024-03-16 10:45:01 +01:00