Security and Testing infrastructure Remediation#666
Merged
Conversation
Wikid82
pushed a commit
that referenced
this pull request
Feb 8, 2026
Contributor
✅ Supply Chain Verification Results✅ PASSED 📦 SBOM Summary
🔍 Vulnerability Scan
📎 Artifacts
Generated by Supply Chain Verification workflow • View Details |
Wikid82
pushed a commit
that referenced
this pull request
Feb 8, 2026
The golangci-lint-action v9.2.0 requires version strings in "vX.Y.Z" format. Previous attempt to remove the "v" prefix caused validation error: "invalid version string '1.64.5', expected format v1.2 or v1.2.3" Updated both ci-pipeline.yml and quality-checks.yml to use "v1.64.5" instead of "1.64.5" to match the action's expected format. Fixes: #666 (PR CI validation failure)
Wikid82
pushed a commit
that referenced
this pull request
Feb 8, 2026
The golangci-lint-action v9.2.0 dropped support for golangci-lint v1.x and requires v2.x versions. The error "golangci-lint v1 is not supported by golangci-lint-action >= v7" indicates we need to upgrade, not downgrade. Updated both ci-pipeline.yml and quality-checks.yml from v1.64.5 to v2.8.0 to align with the current golangci-lint major version. Fixes: #666 (golangci-lint version compatibility error)
Wikid82
pushed a commit
that referenced
this pull request
Feb 8, 2026
The golangci-lint v2.x series requires a different configuration schema: 1. `linters-settings` must be nested under `linters.settings` 2. `issues.exclude-generated-strict` is not supported 3. `issues.exclude-rules` complex syntax replaced with simpler `exclude` patterns Changes to both backend/.golangci-fast.yml and backend/.golangci.yml: - Restructured linter settings under `linters.settings` - Converted exclude-rules to simple exclude patterns - Added proper v2.x directives (exclude-use-default, max-issues-per-linter) - Maintained all security checks and error handling exclusions This resolves the "invalid configuration keys" error when running golangci-lint v2.8.0 with golangci-lint-action v9.2.0. Fixes: #666 (golangci-lint configuration schema validation)
Wikid82
pushed a commit
that referenced
this pull request
Feb 8, 2026
The golangci-lint v2.8.0 schema validation rejected all properties in the issues section: - exclude-use-default - exclude-dirs - exclude-files - exclude - max-issues-per-linter - max-same-issues Solution: Removed the entire issues section from both config files. Linter behavior is now controlled exclusively through linters.settings, which is properly configured for govet, errcheck, gosec, gocritic, etc. Changes to backend/.golangci-fast.yml and backend/.golangci.yml: - Removed issues section entirely (v2.x schema incompatible) - Retained all linter-specific settings under linters.settings - Linters will run with their configured settings and default behaviors This resolves the jsonschema validation error: "additional properties ... not allowed" Fixes: #666 (golangci-lint v2.x schema validation)
…arity and functionality
- Enhanced manual DNS provider tests with better API health checks and loading state handling. - Simplified navigation steps and improved accessibility checks in the manual DNS provider tests. - Refactored proxy host dropdown tests to ensure dropdowns open correctly and options are clickable. - Added assertions for dropdown visibility and selected values in proxy host tests. - Removed redundant checks and improved overall test readability and maintainability.
…navigation validation
…ove feedback speed
…g of bugs requiring code changes
…SQLite with WAL mode
…tory permission errors
…ndling and response validation
…assert status code
… timeout for improved isolation
…t' instead of 'config'
…nsistent test behavior
…TestRunScheduledBackup_CleanupFails
… improved test isolation
…sts for consistency
…ef for improved accuracy
…g test for improved reliability
…end coverage - Implemented a new script `local-patch-report.sh` to generate a local patch report. - The report computes patch coverage based on changes from the current branch against `origin/main`. - Integrated backend and frontend coverage inputs, producing both Markdown and JSON output artifacts. - Updated existing frontend coverage script to validate the presence of LCOV coverage file. - Added tests for coverage computation and parsing of unified diffs for changed lines. - Enhanced error handling and validation for coverage inputs and baseline references.
…sts across multiple agent and instruction files
… behavior - Implemented tests for `extractAuthCookieToken` to ensure it returns an empty string when the request is nil and ignores non-auth cookies. - Added tests for `isAdminSecurityControlPlaneRequest` to verify it correctly uses the decoded raw path. - Enhanced `NewRateLimitMiddleware` tests to check fallback behavior for non-positive window values and to ensure it bypasses rate limiting for control plane bearer requests.
…nd security headers - Implement tests for BackupService to handle database extraction from backup archives with SHM and WAL entries. - Add tests for BackupService to validate behavior when creating backups for non-SQLite databases and handling oversized database entries. - Introduce tests for CrowdSec startup to ensure proper error handling during configuration creation. - Enhance LogService tests to cover scenarios for skipping dot and empty directories and handling read directory errors. - Add tests for SecurityHeadersService to ensure proper error handling during preset creation and updates. - Update ProxyHostForm tests to include HSTS subdomains toggle and validation for port input handling. - Enhance DNSProviders tests to validate manual challenge completion and error handling when no providers are available. - Extend UsersPage tests to ensure fallback mechanisms for clipboard operations when the clipboard API fails.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
placeholder....
Chores of this PR:
Migrate base image to Alpine to fix known Debian CVEs.
Make sure testing infrastructure has no regression and passes all green. Includes local and CI E2E, Integrations, Frontend and Backend Coverage.
DoD Checklist:
Closes Issues: #40, #587, #589, #592, #610, #618, #638, #664, #665, #631