forked from coredns/coredns
-
Notifications
You must be signed in to change notification settings - Fork 27
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4,295 changed files
with
9,255 additions
and
1,186,705 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
* | ||
!coredns |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
--- | ||
name: Question | ||
about: A question related to CoreDNS | ||
labels: question | ||
|
||
--- | ||
<!-- Please only use this template for submitting a generic question --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,7 +6,7 @@ to ensure responsible handling of critical issues. | |
|
||
## Product Security Team (PST) | ||
|
||
Security vulnerabilities should be handled quickly and sometimes privately. | ||
Security vulnerabilities should be handled quickly and sometimes privately. | ||
The primary goal of this process is to reduce the total time users are vulnerable to publicly known exploits. | ||
|
||
The Product Security Team (PST) is responsible for organizing the entire response including internal communication and external disclosure. | ||
|
@@ -23,7 +23,7 @@ The initial Product Security Team will consist of the set of maintainers that vo | |
|
||
### Private Disclosure Processes | ||
|
||
If you find a security vulnerability or any security related issues, | ||
If you find a security vulnerability or any security related issues, | ||
please DO NOT file a public issue. Do not create a Github issue. | ||
Instead, send your report privately to [email protected]. | ||
Security reports are greatly appreciated and we will publicly thank you for it. | ||
|
@@ -36,7 +36,7 @@ For instance, that could include: | |
|
||
### Public Disclosure Processes | ||
|
||
If you know of a publicly disclosed security vulnerability please IMMEDIATELY email [email protected] | ||
If you know of a publicly disclosed security vulnerability please IMMEDIATELY email [email protected] | ||
to inform the Product Security Team (PST) about the vulnerability so we start the patch, release, and communication process. | ||
|
||
If possible the PST will ask the person making the public report if the issue can be handled via a private disclosure process | ||
|
@@ -56,7 +56,7 @@ Note that given the current size of the CoreDNS community it is likely that the | |
The PST may decide to bring in additional contributors for added expertise depending on the area of the code that contains the vulnerability. | ||
|
||
All of the timelines below are suggestions and assume a Private Disclosure. | ||
If the Team is dealing with a Public Disclosure all timelines become ASAP. | ||
If the Team is dealing with a Public Disclosure all timelines become ASAP. | ||
If the fix relies on another upstream project's disclosure timeline, that will adjust the process as well. | ||
We will work with the upstream project to fit their timeline and best protect our users. | ||
|
||
|
@@ -88,14 +88,14 @@ discussed on the [email protected] mailing list. | |
|
||
### Fix Disclosure Process | ||
|
||
With the Fix Development underway the CoreDNS Security Team needs to come up with an overall communication plan for the wider community. | ||
This Disclosure process should begin after the Team has developed a fix or mitigation | ||
With the Fix Development underway the CoreDNS Security Team needs to come up with an overall communication plan for the wider community. | ||
This Disclosure process should begin after the Team has developed a fix or mitigation | ||
so that a realistic timeline can be communicated to users. | ||
|
||
**Disclosure of Forthcoming Fix to Users** (Completed within 1-7 days of Disclosure) | ||
|
||
- The Fix Lead will create a github issue in CoreDNS project to inform users that a security vulnerability | ||
has been disclosed and that a fix will be made available, with an estimation of the Release Date. | ||
has been disclosed and that a fix will be made available, with an estimation of the Release Date. | ||
It will include any mitigating steps users can take until a fix is available. | ||
|
||
The communication to users should be actionable. | ||
|
@@ -104,7 +104,7 @@ They should know when to block time to apply patches, understand exact mitigatio | |
**Optional Fix Disclosure to Private Distributors List** (Completed within 1-14 days of Disclosure): | ||
|
||
- The Fix Lead will make a determination with the help of the Fix Team if an issue is critical enough to require early disclosure to distributors. | ||
Generally this Private Distributor Disclosure process should be reserved for remotely exploitable or privilege escalation issues. | ||
Generally this Private Distributor Disclosure process should be reserved for remotely exploitable or privilege escalation issues. | ||
Otherwise, this process can be skipped. | ||
- The Fix Lead will email the patches to [email protected] so distributors can prepare their own release to be available to users on the day of the issue's announcement. | ||
Distributors should read about the [Private Distributor List](#private-distributor-list) to find out the requirements for being added to this list. | ||
|
@@ -133,7 +133,7 @@ individuals to find out about security issues. | |
|
||
The information members receive on [email protected] must not be | ||
made public, shared, nor even hinted at anywhere beyond the need-to-know within | ||
your specific team except with the list's explicit approval. | ||
your specific team except with the list's explicit approval. | ||
This holds true until the public disclosure date/time that was agreed upon by the list. | ||
Members of the list and others may not use the information for anything other | ||
than getting the issue fixed for your respective distribution's users. | ||
|
@@ -144,7 +144,7 @@ find out information on a need-to-know basis. | |
|
||
In the unfortunate event you share the information beyond what is allowed by | ||
this policy, you _must_ urgently inform the [email protected] | ||
mailing list of exactly what information leaked and to whom. | ||
mailing list of exactly what information leaked and to whom. | ||
|
||
If you continue to leak information and break the policy outlined here, you | ||
will be removed from the list. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
#!/usr/bin/env bash | ||
# | ||
# Description: Fix up the file mtimes based on the git log. | ||
|
||
set -u -o pipefail | ||
|
||
if [[ ! -f 'coredns.1.md' ]]; then | ||
echo 'ERROR: Must be run from the top of the git repo.' | ||
exit 1 | ||
fi | ||
|
||
for file in coredns.1.md corefile.5.md plugin/*/README.md; do | ||
time=$(git log --pretty=format:%cd -n 1 --date='format:%Y%m%d%H%M.%S' "${file}") | ||
touch -m -t "${time}" "${file}" | ||
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
name: "CodeQL" | ||
|
||
on: | ||
push: | ||
branches: [ master ] | ||
pull_request: | ||
branches: [ master ] | ||
schedule: | ||
- cron: '22 10 * * 4' | ||
|
||
jobs: | ||
analyze: | ||
name: Analyze | ||
runs-on: ubuntu-latest | ||
|
||
strategy: | ||
fail-fast: false | ||
matrix: | ||
language: [ 'go' ] | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v2 | ||
|
||
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@v1 | ||
with: | ||
languages: ${{ matrix.language }} | ||
|
||
- name: Autobuild | ||
uses: github/codeql-action/autobuild@v1 | ||
|
||
- name: Perform CodeQL Analysis | ||
uses: github/codeql-action/analyze@v1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
name: Go Coverage | ||
on: [push, pull_request] | ||
jobs: | ||
test: | ||
name: Coverage | ||
runs-on: ubuntu-latest | ||
steps: | ||
|
||
- name: Install Go | ||
uses: actions/setup-go@v2 | ||
with: | ||
go-version: 1.15 | ||
id: go | ||
|
||
- name: Check out code | ||
uses: actions/checkout@v2 | ||
|
||
- name: Build | ||
run: go build -v ./... | ||
|
||
- name: Test With Coverage | ||
run: | | ||
for d in request core coremain plugin test; do \ | ||
( cd $d; go test -coverprofile=cover.out -covermode=atomic -race ./...; [ -f cover.out ] && cat cover.out >> ../coverage.txt ); \ | ||
done | ||
- name: Upload coverage to Codecov | ||
uses: codecov/codecov-action@v1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
name: Go Fmt | ||
|
||
on: | ||
push: | ||
branches: | ||
- 'master' | ||
paths: | ||
- '**.go' | ||
|
||
jobs: | ||
fix: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- | ||
name: Checkout | ||
uses: actions/checkout@v2 | ||
- | ||
name: Fmt | ||
run: | | ||
find . -not -path '*/\.git/*' -type f -name '*.go' -exec gofmt -s -w {} \+ | ||
- | ||
name: Set up Git | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
run: | | ||
git config user.name "coredns-auto-go-fmt[bot]" | ||
git config user.email "coredns-auto-go-fmt[bot]@users.noreply.github.com" | ||
git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git | ||
- | ||
name: Commit and push changes | ||
run: | | ||
git add . | ||
if output=$(git status --porcelain) && [ ! -z "$output" ]; then | ||
git commit -m 'auto go fmt' | ||
git push | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
name: Go Tests | ||
on: [push, pull_request] | ||
jobs: | ||
test: | ||
name: Test | ||
runs-on: ubuntu-latest | ||
steps: | ||
|
||
- name: Install Go | ||
uses: actions/setup-go@v2 | ||
with: | ||
go-version: 1.15 | ||
id: go | ||
|
||
- name: Check out code | ||
uses: actions/checkout@v2 | ||
|
||
- name: Build | ||
run: go build -v ./... | ||
|
||
- name: Test | ||
run: | | ||
( cd request; go test -race ./... ) | ||
( cd core; go test -race ./... ) | ||
( cd coremain; go test -race ./... ) | ||
test-plugins: | ||
name: Test Plugins | ||
runs-on: ubuntu-latest | ||
steps: | ||
|
||
- name: Install Go | ||
uses: actions/setup-go@v2 | ||
with: | ||
go-version: 1.15 | ||
id: go | ||
|
||
- name: Check out code | ||
uses: actions/checkout@v2 | ||
|
||
- name: Build | ||
run: go build -v ./... | ||
|
||
- name: Test | ||
run: ( cd plugin; go test -race ./... ) | ||
|
||
test-e2e: | ||
name: Test e2e | ||
runs-on: ubuntu-latest | ||
steps: | ||
|
||
- name: Install Go | ||
uses: actions/setup-go@v2 | ||
with: | ||
go-version: 1.15 | ||
id: go | ||
|
||
- name: Check out code | ||
uses: actions/checkout@v2 | ||
|
||
- name: Build | ||
run: go build -v ./... | ||
|
||
- name: Test | ||
run: | | ||
go install github.com/fatih/faillint | ||
( cd test; go test -race ./... ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
name: Make Doc | ||
|
||
on: | ||
push: | ||
branches: | ||
- 'master' | ||
paths: | ||
- '.github/workflows/make.doc.yml' | ||
- 'coredns.1.md' | ||
- 'corefile.5.md' | ||
- 'plugin/*/README.md' | ||
|
||
jobs: | ||
fix: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- | ||
name: Checkout | ||
uses: actions/checkout@v2 | ||
- | ||
name: Setup Go | ||
uses: actions/setup-go@v2 | ||
with: | ||
go-version: '^1.14.1' | ||
- | ||
name: Update Docs | ||
run: | | ||
./.github/fixup_file_mtime.sh | ||
make -f Makefile.doc | ||
- | ||
name: Set up Git | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
run: | | ||
git config user.name "coredns-auto-go-mod-tidy[bot]" | ||
git config user.email "coredns-auto-go-mod-tidy[bot]@users.noreply.github.com" | ||
git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git | ||
- | ||
name: Commit and push changes | ||
run: | | ||
git add . | ||
if output=$(git status --porcelain) && [ ! -z "$output" ]; then | ||
git commit -m 'auto make -f Makefile.doc' | ||
git push | ||
fi |
Oops, something went wrong.