Skip to content
This repository has been archived by the owner on Apr 9, 2024. It is now read-only.

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history 
Co-authored-by: Adam Batori <adam.batori@praetorian.com>
Co-authored-by: Anthony Weems <amlweems@gmail.com>
Co-authored-by: Brian <brian.sizemore@praetorian.com>
Co-authored-by: Garrett Gu <gu@utexas.edu>
Co-authored-by: Harry Wallace <58926491+praetorian-harry@users.noreply.github.com>
Co-authored-by: Harry Wallace <harrison.wallace@praetorian.com>
Co-authored-by: James <james.austgen@praetorian.com>
Co-authored-by: James Austgen <66981570+praetorian-james@users.noreply.github.com>
Co-authored-by: John Stawinski <john.stawinski@praetorian.com>
Co-authored-by: Michael Weber <michael.weber@praetorian.com>
Co-authored-by: Richard Ford <77762097+dickyford@users.noreply.github.com>
Co-authored-by: Steven Cheng <steven.cheng@praetorian.com>
Co-authored-by: Tristan Wiesepape <tristan.wiesepape@praetorian.com>
Co-authored-by: Tristan Wiesepape <wiesepapetristan@gmail.com>
Co-authored-by: isp1r0 <ian.spiro@praetorian.com>
Co-authored-by: isp1r0 <spirooo@gmail.com>
Co-authored-by: jstawinski <64742258+jstawinski@users.noreply.github.com>
Co-authored-by: jstawinski <jstawinski@kali.kali.com>
Co-authored-by: michael.lindsey <michael.lindsey@praetorian.com>
Co-authored-by: mjl-praetorian <84747641+mjl-praetorian@users.noreply.github.com>
Co-authored-by: praetorian-james <66981570+praetorian-james@users.noreply.github.com>
  • Loading branch information
@praetorian-harry @HCAdam
@amlweems @garrettgu10 @praetorian-james @jstawinski @michaelweber @dickyford @qwetboy10 @isp1r0 @mjl-praetorian
20 people committed Aug 18, 2021
0 parents commit ab61976
Show file tree
Hide file tree
Showing 77 changed files with 5,510 additions and 0 deletions.
107 changes: 107 additions & 0 deletions .github/workflows/ci.yml
@@ -0,0 +1,107 @@
# Copyright 2020 Praetorian Security, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Used as inspiration: https://github.com/caddyserver/caddy/blob/master/.github/workflows/ci.yml

name: CI

on:
push:
branches:
- main
- development
pull_request:
branches:
- main
- development

jobs:
test:
runs-on: ubuntu-latest

steps:
- name: Install Go
uses: actions/setup-go@v2
with:
go-version: 1.16

- name: Checkout code
uses: actions/checkout@v2

- name: Print Go version and environment
id: vars
run: |
printf "Using go at: $(which go)\n"
printf "Go version: $(go version)\n"
printf "\n\nGo environment:\n\n"
go env
printf "\n\nSystem environment:\n\n"
env
# Calculate the short SHA1 hash of the git commit
echo "::set-output name=short_sha::$(git rev-parse --short HEAD)"
echo "::set-output name=go_cache::$(go env GOCACHE)"
# - name: Cache the build cache
# uses: actions/cache@v2
# with:
# path: ${{ steps.vars.outputs.go_cache }}
# key: ${{ runner.os }}-go-ci-${{ hashFiles('**/go.sum') }}
# restore-keys: |
# ${{ runner.os }}-go-ci

- name: Get dependencies
run: |
go mod download
- name: Build all binaries
env:
CGO_ENABLED: 0
run: |
go build
# Commented bits below were useful to allow the job to continue
# even if the tests fail, so we can publish the report separately
# For info about set-output, see https://stackoverflow.com/questions/57850553/github-actions-check-steps-status
- name: Run tests
# id: step_test
# continue-on-error: true
run: |
go test -v ./...
# From https://github.com/reviewdog/action-golangci-lint
# golangci-lint:
# name: golangci-lint
# runs-on: ubuntu-latest
# steps:
# - name: Checkout code into the Go module directory
# uses: actions/checkout@v2
#
# - name: Run golangci-lint
# uses: reviewdog/action-golangci-lint@v1
# # uses: docker://reviewdog/action-golangci-lint:v1 # pre-build docker image
# with:
# github_token: ${{ secrets.github_token }}
#
# goreleaser-check:
# runs-on: ubuntu-latest
# steps:
# - name: checkout
# uses: actions/checkout@v2
# - uses: goreleaser/goreleaser-action@v2
# with:
# version: latest
# args: check
# env:
# TAG: ${{ steps.vars.outputs.version_tag }}
#
44 changes: 44 additions & 0 deletions .github/workflows/release.yml
@@ -0,0 +1,44 @@
# Copyright 2020 Praetorian Security, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

on:
push:
# Sequence of patterns matched against refs/tags
tags:
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10

name: Release

jobs:
goreleaser:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
-
name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.16
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
with:
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
9 changes: 9 additions & 0 deletions .gitignore
@@ -0,0 +1,9 @@
# Visual Studio Code
.devcontainer/

# macOS
.DS_Store

# Binaries
ssa-poc
gokart
43 changes: 43 additions & 0 deletions .goreleaser.yml
@@ -0,0 +1,43 @@
# Copyright 2021 Praetorian Security, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Documentation on this file structure: https://goreleaser.com
before:
hooks:
- go mod download
builds:
-
id: gokart
main: ./main.go
binary: gokart
env:
- CGO_ENABLED=0
goos:
- linux
- darwin
goarch:
- amd64
archives:
- replacements:
darwin: darwin_macOS
amd64: x86_64
changelog:
# skip changelog generation for now
skip: true
sort: asc
filters:
exclude:
- '^docs:'
- '^test:'

128 changes: 128 additions & 0 deletions CODE_OF_CONDUCT.md
@@ -0,0 +1,128 @@
# Contributor Covenant Code of Conduct

## Our Pledge

We as members, contributors, and leaders pledge to make participation in our
community a harassment-free experience for everyone, regardless of age, body
size, visible or invisible disability, ethnicity, sex characteristics, gender
identity and expression, level of experience, education, socio-economic status,
nationality, personal appearance, race, religion, or sexual identity
and orientation.

We pledge to act and interact in ways that contribute to an open, welcoming,
diverse, inclusive, and healthy community.

## Our Standards

Examples of behavior that contributes to a positive environment for our
community include:

* Demonstrating empathy and kindness toward other people
* Being respectful of differing opinions, viewpoints, and experiences
* Giving and gracefully accepting constructive feedback
* Accepting responsibility and apologizing to those affected by our mistakes,
and learning from the experience
* Focusing on what is best not just for us as individuals, but for the
overall community

Examples of unacceptable behavior include:

* The use of sexualized language or imagery, and sexual attention or
advances of any kind
* Trolling, insulting or derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or email
address, without their explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting

## Enforcement Responsibilities

Community leaders are responsible for clarifying and enforcing our standards of
acceptable behavior and will take appropriate and fair corrective action in
response to any behavior that they deem inappropriate, threatening, offensive,
or harmful.

Community leaders have the right and responsibility to remove, edit, or reject
comments, commits, code, wiki edits, issues, and other contributions that are
not aligned to this Code of Conduct, and will communicate reasons for moderation
decisions when appropriate.

## Scope

This Code of Conduct applies within all community spaces, and also applies when
an individual is officially representing the community in public spaces.
Examples of representing our community include using an official e-mail address,
posting via an official social media account, or acting as an appointed
representative at an online or offline event.

## Enforcement

Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported to the community leaders responsible for enforcement at
opensource@praetorian.com.
All complaints will be reviewed and investigated promptly and fairly.

All community leaders are obligated to respect the privacy and security of the
reporter of any incident.

## Enforcement Guidelines

Community leaders will follow these Community Impact Guidelines in determining
the consequences for any action they deem in violation of this Code of Conduct:

### 1. Correction

**Community Impact**: Use of inappropriate language or other behavior deemed
unprofessional or unwelcome in the community.

**Consequence**: A private, written warning from community leaders, providing
clarity around the nature of the violation and an explanation of why the
behavior was inappropriate. A public apology may be requested.

### 2. Warning

**Community Impact**: A violation through a single incident or series
of actions.

**Consequence**: A warning with consequences for continued behavior. No
interaction with the people involved, including unsolicited interaction with
those enforcing the Code of Conduct, for a specified period of time. This
includes avoiding interactions in community spaces as well as external channels
like social media. Violating these terms may lead to a temporary or
permanent ban.

### 3. Temporary Ban

**Community Impact**: A serious violation of community standards, including
sustained inappropriate behavior.

**Consequence**: A temporary ban from any sort of interaction or public
communication with the community for a specified period of time. No public or
private interaction with the people involved, including unsolicited interaction
with those enforcing the Code of Conduct, is allowed during this period.
Violating these terms may lead to a permanent ban.

### 4. Permanent Ban

**Community Impact**: Demonstrating a pattern of violation of community
standards, including sustained inappropriate behavior, harassment of an
individual, or aggression toward or disparagement of classes of individuals.

**Consequence**: A permanent ban from any sort of public interaction within
the community.

## Attribution

This Code of Conduct is adapted from the [Contributor Covenant][homepage],
version 2.0, available at
https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.

Community Impact Guidelines were inspired by [Mozilla's code of conduct
enforcement ladder](https://github.com/mozilla/diversity).

[homepage]: https://www.contributor-covenant.org

For answers to common questions about this code of conduct, see the FAQ at
https://www.contributor-covenant.org/faq. Translations are available at
https://www.contributor-covenant.org/translations.
35 changes: 35 additions & 0 deletions CONTRIBUTING.md
@@ -0,0 +1,35 @@
# How to contribute

The entire point of us making this available is so that we can get input and contributions, so we are really glad you're thinking about contributing.
A good place to start thinking about places we need help is our [Issues](issues) page.

Before you begin:
- Check to see if you're on the must up to date master branch of GoKart
- Have you read the [code of conduct](CODE_OF_CONDUCT.md)?

If you want to reach out to us to chat, you can email the GoKart team at <GoKart@praetorian.com>.

## Testing

Make sure your code submission runs well against some test repos. Consider testing both positive and negative use cases - that is, if you update a signature
to find more vulnerabilities, that's great. However, **please** make sure it doesn't find vulnerabilities where there are none.

## Submitting changes

Please send a [GitHub Pull Request to GoKart](pull/new/master) with a clear list of what you've done
(read more about [pull requests](http://help.github.com/pull-requests/)). When you send a pull request, you'll be forever adored if you help us also add
to our tests so we can make sure this feature or bug fix stays working. Please make sure all of your commits are atomic (one feature per commit).

Always write a clear log message for your commits. One-line messages are fine for small changes, but bigger changes should look like this:

$ git commit -m "A brief summary of the commit
>
> A paragraph describing what changed and its impact."

## Coding conventions

Start reading our code and things should be pretty clear. We optimize for readability and simplicity, wherever possible. Clear beats out clever every time :)

## Attribution

These guidelines are very loosely adapted from <https://github.com/opengovernment/opengovernment>.

0 comments on commit ab61976

Please sign in to comment.