Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Template for Issue #171

Closed

Commits on Jan 10, 2024

  1. 132 feat clo monitor recommendations (in-toto#150)

    * Add Security Insights, Security, and Dependency files
    * Pin dependencies, update permissions in workflows, and add license scanning
    * Add badges to README, add license to fossa scan
    ---------
    
    Signed-off-by: John Kjell <john@testifysec.com>
    jkjell authored Jan 10, 2024
    Configuration menu
    Copy the full SHA
    93977fd View commit details
    Browse the repository at this point in the history

Commits on Jan 11, 2024

  1. chore: bump golang from 1.21.5-alpine to 1.21.6-alpine (in-toto#153)

    Bumps golang from 1.21.5-alpine to 1.21.6-alpine.
    
    ---
    updated-dependencies:
    - dependency-name: golang
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Jan 11, 2024
    Configuration menu
    Copy the full SHA
    2b5ad30 View commit details
    Browse the repository at this point in the history

Commits on Jan 16, 2024

  1. chore: bump actions/upload-artifact from 4.0.0 to 4.1.0 (in-toto#157)

    Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.0.0 to 4.1.0.
    - [Release notes](https://github.com/actions/upload-artifact/releases)
    - [Commits](actions/upload-artifact@c7d193f...1eb3cb2)
    
    ---
    updated-dependencies:
    - dependency-name: actions/upload-artifact
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Jan 16, 2024
    Configuration menu
    Copy the full SHA
    5193e8a View commit details
    Browse the repository at this point in the history
  2. Add template for Pull Requests (in-toto#155)

    Signed-off-by: Prashant Rewar <108176843+prashantrewar@users.noreply.github.com>
    prashantrewar authored Jan 16, 2024
    Configuration menu
    Copy the full SHA
    63afaea View commit details
    Browse the repository at this point in the history

Commits on Jan 17, 2024

  1. Fix "uncontrolled data use" (in-toto#151)

    * Fix "uncontrolled data use" from not verifying input to archivista get/store request parameters
    
    Signed-off-by: John Kjell <john@testifysec.com>
    
    * Migrate UT to testify test suite (in-toto#154)
    
    Signed-off-by: Kairo de Araujo <kairo.araujo@testifysec.com>
    
    ---------
    
    Signed-off-by: John Kjell <john@testifysec.com>
    Signed-off-by: Kairo de Araujo <kairo.araujo@testifysec.com>
    jkjell authored Jan 17, 2024
    Configuration menu
    Copy the full SHA
    b627df3 View commit details
    Browse the repository at this point in the history

Commits on Jan 23, 2024

  1. chore: bump actions/upload-artifact from 4.1.0 to 4.2.0 (in-toto#161)

    Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.1.0 to 4.2.0.
    - [Release notes](https://github.com/actions/upload-artifact/releases)
    - [Commits](actions/upload-artifact@1eb3cb2...694cdab)
    
    ---
    updated-dependencies:
    - dependency-name: actions/upload-artifact
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Jan 23, 2024
    Configuration menu
    Copy the full SHA
    12f281b View commit details
    Browse the repository at this point in the history
  2. chore: bump github/codeql-action from 3.23.0 to 3.23.1 (in-toto#162)

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.0 to 3.23.1.
    - [Release notes](https://github.com/github/codeql-action/releases)
    - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
    - [Commits](github/codeql-action@e5f05b8...0b21cf2)
    
    ---
    updated-dependencies:
    - dependency-name: github/codeql-action
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Jan 23, 2024
    Configuration menu
    Copy the full SHA
    0b89efa View commit details
    Browse the repository at this point in the history
  3. chore: bump actions/dependency-review-action from 3.1.5 to 4.0.0 (in-…

    …toto#163)
    
    Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.1.5 to 4.0.0.
    - [Release notes](https://github.com/actions/dependency-review-action/releases)
    - [Commits](actions/dependency-review-action@c74b580...4901385)
    
    ---
    updated-dependencies:
    - dependency-name: actions/dependency-review-action
      dependency-type: direct:production
      update-type: version-update:semver-major
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Jan 23, 2024
    Configuration menu
    Copy the full SHA
    aa2d930 View commit details
    Browse the repository at this point in the history
  4. Configuration menu
    Copy the full SHA
    25d5f43 View commit details
    Browse the repository at this point in the history
  5. Configuration menu
    Copy the full SHA
    b44f651 View commit details
    Browse the repository at this point in the history
  6. Configuration menu
    Copy the full SHA
    488c3dd View commit details
    Browse the repository at this point in the history
  7. fix: consistency protection storing attestations (in-toto#160)

    COMMIT MESSAGE
    
    Adds protection to the users while storing attestations
    
    As Archivista relies on Object Storage/Filesystem to store the blob
    attestation and the SQL server to register the attestations for
    querying using GraphSQL, the flow needs to be consistent, as the
    services can fail.
    
    Ideally, the Store should happen transactional and not finish with
    inconsistency: file available in the SQL but not in the metadata
    Storage, for example. If it happens, the user will query the SQL
    but will not be able to retrieve/download the attestation blob.
    
    A minor fix is done in this PR, first adding the to the metadata
    storage and after registering in the SQL server.
    So, if the metadata storage fails, it will not continue and save
    it in the SQL server.
    
    Signed-off-by: Kairo Araujo <kairo.araujo@testifysec.com>
    kairoaraujo authored Jan 23, 2024
    Configuration menu
    Copy the full SHA
    a059114 View commit details
    Browse the repository at this point in the history

Commits on Jan 24, 2024

  1. refactoring: Server API service (in-toto#152)

    * refactor: rename var `mysql*` to `sql*`
    
    The current variable name `mysqlStore` and `mysqlStoreCh` can generate
    confusion as it comes from a factory store that support multiple
    databases (MySQL and Postgres).
    
    Signed-off-by: Kairo de Araujo <kairo.araujo@testifysec.com>
    
    * refactor: simplify archivista, move API to server
    
    This commit simplifies the archivista cmd (`cmd/archivista`),
    removing the API logic to the server, where all handlers for
    HTTP requests are implemented.
    
    This also includes the API Swagger documentation.
    
    Signed-off-by: Kairo Araujo <kairo.araujo@testifysec.com>
    
    * refactoring: rename store APIs to upload
    
    This refactoring focuses on the code readability and maintainability
    easier for new contributors.
    
    `Store` -> `Upload`
    `StoreWithHeaders` -> `UploadWithHeaders`
    
    The `Store` will be exclusive for the Store method used by
    `metadataStore` and `objectStore`, causing less confusion.
    
    It renames the functions but keeps backward compatibility to allow
    the current users the possibility to migrate.
    
    Signed-off-by: Kairo Araujo <kairo.araujo@testifysec.com>
    
    * tests: Add unit tests for server.go
    
    This add unit tests for main functions for server.go
    
    Signed-off-by: Kairo Araujo <kairo.araujo@testifysec.com>
    
    * fix: Add more consistent HTTP errors
    
    This commit fixes some status codes that can cause misunderstanding.
    
    Some errors were returning Bad Request (400) even when the user
    sends a correct request. The errors originating from the
    infrastructure or error during operations should raise
    Internal Server Error (500) as they are not expected.
    
    Unit tests are included to avoid regression
    
    Signed-off-by: Kairo Araujo <kairo.araujo@testifysec.com>
    
    ---------
    
    Signed-off-by: Kairo de Araujo <kairo.araujo@testifysec.com>
    Signed-off-by: Kairo Araujo <kairo.araujo@testifysec.com>
    kairoaraujo authored Jan 24, 2024
    Configuration menu
    Copy the full SHA
    fe1b2b3 View commit details
    Browse the repository at this point in the history
  2. chore: bump golang from fd78f2f to 51a7800 (in-toto#170)

    Bumps golang from `fd78f2f` to `51a7800`.
    
    ---
    updated-dependencies:
    - dependency-name: golang
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    dependabot[bot] authored Jan 24, 2024
    Configuration menu
    Copy the full SHA
    f749b47 View commit details
    Browse the repository at this point in the history

Commits on Jan 29, 2024

  1. Add Tempalte for Issue

    Signed-off-by: Prashant Rewar <108176843+prashantrewar@users.noreply.github.com>
    prashantrewar committed Jan 29, 2024
    Configuration menu
    Copy the full SHA
    1bb1a91 View commit details
    Browse the repository at this point in the history