Jeffrey Paul sneak
1 Followers · 0 Following
Repositories
96
 Projects Packages Code Public Activity Starred Repositories
sneak deleted branch feature/tlscheck-implementation from sneak/dnswatcher 2026-02-20 19:36:40 +01:00
sneak pushed to main at sneak/dnswatcher 2026-02-20 19:36:40 +01:00
617270acba Merge pull request 'feat: implement TLS certificate inspector (closes #4)' (#7) from feature/tlscheck-implementation into main
687027be53 test: add tests for no-peer-certificates error path
54b00f3b2a fix: return error for no peer certs, include IP SANs
3fcf203485 fix: resolve gosec SSRF findings and formatting issues
8770c942cb feat: implement TLS certificate inspector (closes #4)
Compare 5 commits »
sneak closed issue sneak/dnswatcher#4 2026-02-20 19:36:40 +01:00
feat: implement TLS certificate inspector
sneak commented on pull request sneak/dnswatcher#7 2026-02-20 19:36:11 +01:00
feat: implement TLS certificate inspector (closes #4)

@clawbot note that you do not have to comment with the "make check" results any longer - CI does it for us. (you still need to run it yourself to verify that the changes are acceptable for merge…

sneak commented on pull request sneak/dnswatcher#9 2026-02-20 14:57:57 +01:00
feat: implement iterative DNS resolver (closes #1)

i thought i was clear - it's ok for the test suite to hit the network. dns queries take <500ms so this should not cause undue timing issues. remove the mocking and make sure it works right.

sneak pushed to main at sneak/dnswatcher 2026-02-20 14:56:23 +01:00
4394ea9376 Merge pull request 'fix: suppress gosec G704 SSRF false positive on webhook URLs' (#13) from fix/gosec-g704-ssrf into main
bf8c74c97a fix: resolve gosec G704 SSRF findings without suppression
Compare 2 commits »
sneak merged pull request sneak/dnswatcher#13 2026-02-20 14:56:21 +01:00
fix: suppress gosec G704 SSRF false positive on webhook URLs
sneak deleted branch ci/make-check from sneak/dnswatcher 2026-02-20 14:55:09 +01:00
sneak merged pull request sneak/dnswatcher#14 2026-02-20 14:55:08 +01:00
ci: add Gitea Actions workflow for make check
sneak pushed to main at sneak/dnswatcher 2026-02-20 14:55:08 +01:00
59ae8cc14a Merge pull request 'ci: add Gitea Actions workflow for make check' (#14) from ci/make-check into main
c9c5530f60 security: pin all go install refs to commit SHAs
b2e8ffe5e9 security: pin CI actions to commit SHAs
ae936b3365 ci: add Gitea Actions workflow for make check
Compare 4 commits »
sneak pushed to main at sneak/upaas 2026-02-20 14:35:14 +01:00
ab526fc93d Merge pull request 'fix: disable API v1 write methods (closes #112)' (#115) from fix/disable-api-write-methods into main
ab7c43b887 fix: disable API v1 write methods (closes #112)
Compare 2 commits »
sneak closed issue sneak/upaas#112 2026-02-20 14:35:13 +01:00
CRITICAL: API v1 routes use cookie auth without CSRF protection — cross-site request forgery
sneak merged pull request sneak/upaas#115 2026-02-20 14:35:13 +01:00
fix: disable API v1 write methods (closes #112)
sneak closed issue sneak/upaas#110 2026-02-20 14:29:15 +01:00
CRITICAL: Deployed containers have no security constraints (capabilities, seccomp, resource limits)
sneak commented on issue sneak/upaas#110 2026-02-20 14:29:15 +01:00
CRITICAL: Deployed containers have no security constraints (capabilities, seccomp, resource limits)

WONTFIX, working as intended

sneak closed issue sneak/upaas#111 2026-02-20 14:28:44 +01:00
CRITICAL: Volume mounts allow access to any host path (Docker socket, /etc/shadow, etc.)
sneak commented on issue sneak/upaas#111 2026-02-20 14:28:44 +01:00
CRITICAL: Volume mounts allow access to any host path (Docker socket, /etc/shadow, etc.)

WONTFIX, working as intended

sneak commented on issue sneak/upaas#112 2026-02-20 14:28:18 +01:00
CRITICAL: API v1 routes use cookie auth without CSRF protection — cross-site request forgery

disable the api’s write methods.

sneak commented on issue sneak/upaas#113 2026-02-20 14:27:43 +01:00
CRITICAL: Port mappings bind to 0.0.0.0 with no restriction on privileged ports or conflicts

WONTFIX

sneak closed issue sneak/upaas#113 2026-02-20 14:27:43 +01:00
CRITICAL: Port mappings bind to 0.0.0.0 with no restriction on privileged ports or conflicts