4 KiB
4 KiB
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
[Unreleased]
Added
- GoTestWAF native report (
report_{token}.html) now gets QR code injected for booth scanning - SMTP configuration via environment variables (SMTP_HOST, SMTP_PORT, SMTP_USERNAME, SMTP_PASSWORD, SMTP_FROM)
- Public base URL configuration via AASD_BASE_URL env var for QR codes and email links
- QR code injected into consultant-facing GoTestWAF report (non-clickable
<img>, no link)
Changed
- QR code on user-facing report now points to consultant report (
report_{token}.html) instead of itself - Report link in simulation page no longer opens in new tab (removed
target="_blank") - Booth CTA text: "Bring this code to BU 4" → "Show this code to Sechpoint Aftica Team"
- SMTP username corrected from
postpost@sechpoint.app→post@sechpoint.app - Email report link uses configurable base URL instead of hardcoded
http://localhost:8080
Fixed
- Critical: SMTP authentication failure — corrected typo in username (
postpost→post) - QR code encoding relative paths — now uses full public URL from AASD_BASE_URL
- Email report links hardcoded to localhost — now use configured base URL
Removed
- "Email Report to Me" button and sendEmail JavaScript from user-facing report (prevented auto-email/spam concern)
- Hardcoded report link target in simulation page
[0.3.0] - 2026-04-22
Added
- Comprehensive email validation with regex pattern
- Domain security validation (path traversal prevention, length limits)
- Graceful shutdown with OS signal handling (SIGINT, SIGTERM)
- Context propagation for GoTestWAF scan cancellation
- Reports static file serving endpoint (
/reports/*) - Go 1.25.0 compiler support
- Scan status polling endpoint (
/scan-status/:domain) for real-time updates
Changed
- GoTestWAF command flags updated for compatibility:
- Removed invalid
--testCase "all"flag - Added
--reportFormat htmlflag for HTML report generation - Fixed report file naming consistency
- Removed invalid
- Improved error handling throughout application
- Enhanced code quality with Go idiomatic patterns
- Updated main.go with proper context management
Fixed
- Critical: GoTestWAF integration bugs causing scan failures
- Critical: Missing
--reportFormatflag preventing HTML report generation - Critical: Report file mismatch between stored results and generated files
- Security: Weak email validation allowing malformed input
- Security: Path traversal vulnerability in domain handling
- Code Quality: Monolithic function structure violating 50-line limit
- Concurrency: Potential race conditions in map access
- Resource Leaks: Goroutines not properly cancelled on shutdown
- Missing Feature: Reports not served via web endpoint
Removed
- Invalid GoTestWAF flag
--testCase "all"(not supported in current version)
[0.2.0] - 2026-04-21
Added
- Gin web framework dependency installed
- POST
/startendpoint with email domain extraction and validation - Static file serving (
/static,/,/simulation) - In‑memory storage for scan results with thread‑safe mutex
- Basic HTML frontend: capture page (
index.html) with QR placeholder - Simulation page (
simulation.html) with JavaScript step sequencer - Consultant dashboard (
/admin‑dashboard) with results table - GoTestWAF binary integration (background execution with flags)
- Reports directory auto‑creation
- Server listens on
0.0.0.0:8080for booth Wi‑Fi access
Changed
- Project structure refined:
AttackSurface/{bin,src,docs} - Git repository initialized with
mainbranch - Go 1.24.4 installed via official binary
Fixed
- N/A
[0.1.0] - 2026-04-21
Added
- Project initialization based on PROJECT_PLAN.md
- Basic directory structure for Go web application
- GoTestWAF binary integration (planned)