customer-engineering/gitex2026
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
gitex2026/AttackSurface/docs/CHANGELOG.md
administrator db41397368 chore: auto-commit 2026-04-24 12:36
2026-04-24 12:36:21 +00:00

93 lines
No EOL
4 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
### Added
- GoTestWAF native report (`report_{token}.html`) now gets QR code injected for booth scanning
- SMTP configuration via environment variables (SMTP_HOST, SMTP_PORT, SMTP_USERNAME, SMTP_PASSWORD, SMTP_FROM)
- Public base URL configuration via AASD_BASE_URL env var for QR codes and email links
- QR code injected into consultant-facing GoTestWAF report (non-clickable `<img>`, no link)
### Changed
- QR code on user-facing report now points to consultant report (`report_{token}.html`) instead of itself
- Report link in simulation page no longer opens in new tab (removed `target="_blank"`)
- Booth CTA text: "Bring this code to BU 4" → "Show this code to Sechpoint Aftica Team"
- SMTP username corrected from `postpost@sechpoint.app``post@sechpoint.app`
- Email report link uses configurable base URL instead of hardcoded `http://localhost:8080`
### Fixed
- **Critical**: SMTP authentication failure — corrected typo in username (`postpost` → `post`)
- QR code encoding relative paths — now uses full public URL from AASD_BASE_URL
- Email report links hardcoded to localhost — now use configured base URL
### Removed
- "Email Report to Me" button and sendEmail JavaScript from user-facing report (prevented auto-email/spam concern)
- Hardcoded report link target in simulation page
## [0.3.0] - 2026-04-22
### Added
- Comprehensive email validation with regex pattern
- Domain security validation (path traversal prevention, length limits)
- Graceful shutdown with OS signal handling (SIGINT, SIGTERM)
- Context propagation for GoTestWAF scan cancellation
- Reports static file serving endpoint (`/reports/*`)
- Go 1.25.0 compiler support
- Scan status polling endpoint (`/scan-status/:domain`) for real-time updates
### Changed
- GoTestWAF command flags updated for compatibility:
- Removed invalid `--testCase "all"` flag
- Added `--reportFormat html` flag for HTML report generation
- Fixed report file naming consistency
- Improved error handling throughout application
- Enhanced code quality with Go idiomatic patterns
- Updated main.go with proper context management
### Fixed
- **Critical**: GoTestWAF integration bugs causing scan failures
- **Critical**: Missing `--reportFormat` flag preventing HTML report generation
- **Critical**: Report file mismatch between stored results and generated files
- **Security**: Weak email validation allowing malformed input
- **Security**: Path traversal vulnerability in domain handling
- **Code Quality**: Monolithic function structure violating 50-line limit
- **Concurrency**: Potential race conditions in map access
- **Resource Leaks**: Goroutines not properly cancelled on shutdown
- **Missing Feature**: Reports not served via web endpoint
### Removed
- Invalid GoTestWAF flag `--testCase "all"` (not supported in current version)
## [0.2.0] - 2026-04-21
### Added
- Gin web framework dependency installed
- POST `/start` endpoint with email domain extraction and validation
- Static file serving (`/static`, `/`, `/simulation`)
- Inmemory storage for scan results with threadsafe mutex
- Basic HTML frontend: capture page (`index.html`) with QR placeholder
- Simulation page (`simulation.html`) with JavaScript step sequencer
- Consultant dashboard (`/admindashboard`) with results table
- GoTestWAF binary integration (background execution with flags)
- Reports directory autocreation
- Server listens on `0.0.0.0:8080` for booth WiFi access
### Changed
- Project structure refined: `AttackSurface/{bin,src,docs}`
- Git repository initialized with `main` branch
- Go 1.24.4 installed via official binary
### Fixed
- N/A
## [0.1.0] - 2026-04-21
### Added
- Project initialization based on PROJECT_PLAN.md
- Basic directory structure for Go web application
- GoTestWAF binary integration (planned)
Reference in a new issue View git blame Copy permalink