mirror of
https://github.com/gin-gonic/gin.git
synced 2026-07-08 11:41:09 +08:00
Compare commits
4 Commits
02c3d3d570
...
1ee8ec4bcf
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
1ee8ec4bcf | ||
|
|
5e5ff3ace4 | ||
|
|
c4e549a738 | ||
|
|
0fe68969cf |
16
.github/workflows/gin.yml
vendored
16
.github/workflows/gin.yml
vendored
@ -81,19 +81,3 @@ jobs:
|
||||
uses: codecov/codecov-action@v5
|
||||
with:
|
||||
flags: ${{ matrix.os }},go-${{ matrix.go }},${{ matrix.test-tags }}
|
||||
|
||||
vulnerability-scanning:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v5
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Run Trivy vulnerability scanner in repo mode
|
||||
uses: aquasecurity/trivy-action@0.33.1
|
||||
with:
|
||||
scan-type: "fs"
|
||||
ignore-unfixed: true
|
||||
format: "table"
|
||||
exit-code: "1"
|
||||
severity: "CRITICAL,HIGH,MEDIUM"
|
||||
|
||||
57
.github/workflows/trivy-scan.yml
vendored
Normal file
57
.github/workflows/trivy-scan.yml
vendored
Normal file
@ -0,0 +1,57 @@
|
||||
name: Trivy Security Scan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
pull_request:
|
||||
branches:
|
||||
- master
|
||||
schedule:
|
||||
# Run every 3 months (quarterly) on the 1st day at 00:00 UTC
|
||||
# Months: January (1), April (4), July (7), October (10)
|
||||
- cron: '0 0 1 1,4,7,10 *'
|
||||
workflow_dispatch: # Allow manual trigger
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
security-events: write # Required for uploading SARIF results
|
||||
|
||||
jobs:
|
||||
trivy-scan:
|
||||
name: Trivy Security Scan
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v5
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Run Trivy vulnerability scanner (source code)
|
||||
uses: aquasecurity/trivy-action@0.33.1
|
||||
with:
|
||||
scan-type: 'fs'
|
||||
scan-ref: '.'
|
||||
scanners: 'vuln,secret,misconfig'
|
||||
format: 'sarif'
|
||||
output: 'trivy-results.sarif'
|
||||
severity: 'CRITICAL,HIGH,MEDIUM'
|
||||
ignore-unfixed: true
|
||||
|
||||
- name: Upload Trivy results to GitHub Security tab
|
||||
uses: github/codeql-action/upload-sarif@v3
|
||||
if: always()
|
||||
with:
|
||||
sarif_file: 'trivy-results.sarif'
|
||||
|
||||
- name: Run Trivy scanner (table output for logs)
|
||||
uses: aquasecurity/trivy-action@0.33.1
|
||||
if: always()
|
||||
with:
|
||||
scan-type: 'fs'
|
||||
scan-ref: '.'
|
||||
scanners: 'vuln,secret,misconfig'
|
||||
format: 'table'
|
||||
severity: 'CRITICAL,HIGH,MEDIUM'
|
||||
ignore-unfixed: true
|
||||
exit-code: '1'
|
||||
@ -4,7 +4,10 @@
|
||||
|
||||
package render
|
||||
|
||||
import "net/http"
|
||||
import (
|
||||
"net/http"
|
||||
"strconv"
|
||||
)
|
||||
|
||||
// Data contains ContentType and bytes data.
|
||||
type Data struct {
|
||||
@ -15,6 +18,9 @@ type Data struct {
|
||||
// Render (Data) writes data with custom ContentType.
|
||||
func (r Data) Render(w http.ResponseWriter) (err error) {
|
||||
r.WriteContentType(w)
|
||||
if len(r.Data) > 0 {
|
||||
w.Header().Set("Content-Length", strconv.Itoa(len(r.Data)))
|
||||
}
|
||||
_, err = w.Write(r.Data)
|
||||
return
|
||||
}
|
||||
|
||||
@ -8,6 +8,7 @@ import (
|
||||
"encoding/xml"
|
||||
"errors"
|
||||
"html/template"
|
||||
"io"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
@ -427,6 +428,36 @@ func TestRenderData(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, "#!PNG some raw data", w.Body.String())
|
||||
assert.Equal(t, "image/png", w.Header().Get("Content-Type"))
|
||||
assert.Equal(t, "19", w.Header().Get("Content-Length"))
|
||||
}
|
||||
|
||||
func TestRenderDataContentLength(t *testing.T) {
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
size, err := strconv.Atoi(r.URL.Query().Get("size"))
|
||||
assert.NoError(t, err)
|
||||
|
||||
data := Data{
|
||||
ContentType: "application/octet-stream",
|
||||
Data: make([]byte, size),
|
||||
}
|
||||
assert.NoError(t, data.Render(w))
|
||||
}))
|
||||
t.Cleanup(srv.Close)
|
||||
|
||||
for _, size := range []int{0, 1, 100, 100_000} {
|
||||
t.Run(strconv.Itoa(size), func(t *testing.T) {
|
||||
resp, err := http.Get(srv.URL + "?size=" + strconv.Itoa(size))
|
||||
require.NoError(t, err)
|
||||
defer resp.Body.Close()
|
||||
|
||||
assert.Equal(t, "application/octet-stream", resp.Header.Get("Content-Type"))
|
||||
assert.EqualValues(t, strconv.Itoa(size), resp.Header.Get("Content-Length"))
|
||||
|
||||
actual, err := io.Copy(io.Discard, resp.Body)
|
||||
require.NoError(t, err)
|
||||
assert.EqualValues(t, size, actual)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestRenderString(t *testing.T) {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user