From 335ce9eddb53ac1ff7e7b22b64a0bed0d704d4c9 Mon Sep 17 00:00:00 2001 From: whonion Date: Sun, 30 Jun 2024 01:39:46 +0800 Subject: [PATCH] Initial commit --- .gitattributes | 3 + .github/CONTRIBUTING.md | 71 +++++++++++++++++++ .github/ISSUE_TEMPLATE/BUG-REPORT.yml | 80 ++++++++++++++++++++++ .github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml | 63 +++++++++++++++++ .github/ISSUE_TEMPLATE/config.yml | 1 + .github/PULL_REQUEST_TEMPLATE.md | 18 +++++ .github/dependabot.yml | 12 ++++ .github/workflows/build.yml | 10 +++ .vscode/settings.json | 3 + CODE_OF_CONDUCT.md | 43 ++++++++++++ LICENSE | 21 ++++++ README.md | 21 ++++++ SECURITY.md | 56 +++++++++++++++ src/module.md | 1 + 14 files changed, 403 insertions(+) create mode 100644 .gitattributes create mode 100644 .github/CONTRIBUTING.md create mode 100644 .github/ISSUE_TEMPLATE/BUG-REPORT.yml create mode 100644 .github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 .github/PULL_REQUEST_TEMPLATE.md create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/build.yml create mode 100644 .vscode/settings.json create mode 100644 CODE_OF_CONDUCT.md create mode 100644 LICENSE create mode 100644 README.md create mode 100644 SECURITY.md create mode 100644 src/module.md diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..f0aa0b5 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,3 @@ +# Auto detect text files and perform LF normalization +* text=auto +* linguist-language=markdown \ No newline at end of file diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md new file mode 100644 index 0000000..9315020 --- /dev/null +++ b/.github/CONTRIBUTING.md @@ -0,0 +1,71 @@ +# Contributing + +## Request for changes/ Pull Requests +You first need to create a fork of the [github-issue-template](https://github.com/whonion/all-project-template/) repository to commit your changes to it. Methods to fork a repository can be found in the [GitHub Documentation](https://docs.github.com/en/get-started/quickstart/fork-a-repo). + +Then add your fork as a local project: + +```sh +# Using HTTPS +git clone https://github.com/whonion/all-project-template.git + +# Using SSH +git clone git@github.com:whonion/all-project-template.git +``` + +> [Which remote URL should be used ?](https://docs.github.com/en/get-started/getting-started-with-git/about-remote-repositories) + +Then, go to your local folder + +```sh +cd github-issue-template +``` + +Add git remote controls : + +```sh +# Using HTTPS +git remote add fork https://github.com/YOUR-USERNAME/all-project-template.git +git remote add upstream https://github.com/whonion/all-project-template.git + + +# Using SSH +git remote add fork git@github.com:YOUR-USERNAME/all-project-template.git +git remote add upstream git@github.com/whonion/all-project-template.git +``` + +You can now verify that you have your two git remotes: + +```sh +git remote -v +``` + +## Receive remote updates +In view of staying up to date with the central repository : + +```sh +git pull upstream main +``` + +## Choose a base branch +Before starting development, you need to know which branch to base your modifications/additions on. When in doubt, use main. + +| Type of change | | Branches | +| :------------------ |:---------:| ---------------------:| +| Documentation | | `main` | +| Bug fixes | | `main` | +| New features | | `main` | +| New issues models | | `YOUR-USERNAME:patch` | + +```sh +# Switch to the desired branch +git switch main + +# Pull down any upstream changes +git pull + +# Create a new branch to work on +git switch --create patch/1234-name-issue +``` + +Commit your changes, then push the branch to your fork with `git push -u fork` and open a pull request on [the all-project-template repository](https://github.com/whonion/all-project-template/) following the template provided. \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/BUG-REPORT.yml b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml new file mode 100644 index 0000000..8ec72e3 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml @@ -0,0 +1,80 @@ +name: "🐛 Bug Report" +description: Create a new ticket for a bug. +title: "🐛 [BUG] - " +labels: [ + "bug" +] +body: + - type: textarea + id: description + attributes: + label: "Description" + description: Please enter an explicit description of your issue + placeholder: Short and explicit description of your incident... + validations: + required: true + - type: input + id: reprod-url + attributes: + label: "Reproduction URL" + description: Please enter your GitHub URL to provide a reproduction of the issue + placeholder: ex. https://github.com/USERNAME/REPO-NAME + validations: + required: true + - type: textarea + id: reprod + attributes: + label: "Reproduction steps" + description: Please enter an explicit description of your issue + value: | + 1. Go to '...' + 2. Click on '....' + 3. Scroll down to '....' + 4. See error + render: bash + validations: + required: true + - type: textarea + id: screenshot + attributes: + label: "Screenshots" + description: If applicable, add screenshots to help explain your problem. + value: | + ![DESCRIPTION](LINK.png) + render: bash + validations: + required: false + - type: textarea + id: logs + attributes: + label: "Logs" + description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks. + render: bash + validations: + required: false + - type: dropdown + id: browsers + attributes: + label: "Browsers" + description: What browsers are you seeing the problem on ? + multiple: true + options: + - Firefox + - Chrome + - Safari + - Microsoft Edge + - Opera + validations: + required: false + - type: dropdown + id: os + attributes: + label: "OS" + description: What is the impacted environment ? + multiple: true + options: + - Windows + - Linux + - Mac + validations: + required: false \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml b/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml new file mode 100644 index 0000000..9951fde --- /dev/null +++ b/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml @@ -0,0 +1,63 @@ +name: "💡 Feature Request" +description: Create a new ticket for a new feature request +title: "💡 [REQUEST] - <title>" +labels: [ + "question" +] +body: + - type: input + id: start_date + attributes: + label: "Start Date" + description: Start of development + placeholder: "month/day/year" + validations: + required: false + - type: textarea + id: implementation_pr + attributes: + label: "Implementation PR" + description: Pull request used + placeholder: "#Pull Request ID" + validations: + required: false + - type: textarea + id: reference_issues + attributes: + label: "Reference Issues" + description: Common issues + placeholder: "#Issues IDs" + validations: + required: false + - type: textarea + id: summary + attributes: + label: "Summary" + description: Provide a brief explanation of the feature + placeholder: Describe in a few lines your feature request + validations: + required: true + - type: textarea + id: basic_example + attributes: + label: "Basic Example" + description: Indicate here some basic examples of your feature. + placeholder: A few specific words about your feature request. + validations: + required: true + - type: textarea + id: drawbacks + attributes: + label: "Drawbacks" + description: What are the drawbacks/impacts of your feature request ? + placeholder: Identify the drawbacks and impacts while being neutral on your feature request + validations: + required: true + - type: textarea + id: unresolved_question + attributes: + label: "Unresolved questions" + description: What questions still remain unresolved ? + placeholder: Identify any unresolved issues. + validations: + required: false \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..ec4bb38 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1 @@ +blank_issues_enabled: false \ No newline at end of file diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..f15b10c --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,18 @@ +## PR Type +What kind of change does this PR introduce? +``` +[ ] Bugfix +[ ] Feature +[ ] Code style update (formatting, local variables) +[ ] Refactoring (no functional changes, no api changes) +[ ] Build related changes +[ ] CI related changes +[ ] Documentation content changes +[ ] Tests +[ ] Other +``` +## What's new? +- + +## Screenshots +N/A \ No newline at end of file diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..dc27713 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: "/" + schedule: + interval: daily + open-pull-requests-limit: 10 + + - package-ecosystem: "gitsubmodule" + directory: "/" + schedule: + interval: "weekly" \ No newline at end of file diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..dfd16b0 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,10 @@ +name: Build + +on: [push, pull_request] + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..3ebdbc0 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "CodeGPT.apiKey": "CodeGPT Plus Beta" +} \ No newline at end of file diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..46b2a08 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,43 @@ +# Contributor Code of Conduct + +As contributors and maintainers of this project, +and in the interest of fostering an open and welcoming community, +we pledge to respect all people who contribute through reporting issues, +posting feature requests, updating documentation, +submitting pull requests or patches, and other activities. + +We are committed to making participation in this project +a harassment-free experience for everyone, +regardless of level of experience, gender, gender identity and expression, +sexual orientation, disability, personal appearance, +body size, race, ethnicity, age, religion, or nationality. + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery +* Personal attacks +* Trolling or insulting/derogatory comments +* Public or private harassment +* Publishing other's private information, +such as physical or electronic +addresses, without explicit permission +* Other unethical or unprofessional conduct. + +Project maintainers have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct. +By adopting this Code of Conduct, +project maintainers commit themselves to fairly and consistently +applying these principles to every aspect of managing this project. +Project maintainers who do not follow or enforce the Code of Conduct +may be permanently removed from the project team. + +This code of conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. + +Instances of abusive, harassing, or otherwise unacceptable behavior +may be reported by opening an issue +or contacting one or more of the project maintainers. + +This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.2.0, +available at [http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/) diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..1c9c2f6 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2024 RegEdit | whonion.app + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..6db9ba8 --- /dev/null +++ b/README.md @@ -0,0 +1,21 @@ +[![Status](https://img.shields.io/badge/Project%20Stage-Development-red.svg)](https://github.com/whonion/all-project-template/blob/main/) [![MIT License](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT) [![Build](https://github.com/whonion/all-project-template/actions/workflows/build.yml/badge.svg)](https://github.com/whonion/all-project-template/actions/workflows/build.yml) + +# All Project Template + +Template for creating new project repositories + +## Prerequisites + +- Linux Ubuntu 20.04 +- Installed dependencies +- Installed another tools + +## Installation + +### Installing on Linux + +### Installing on Windows + +### Installing on MacOS + +## Usage diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..18c9217 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,56 @@ +# Security and Vulnerability Reporting + +Sensitive security-related questions, comments, and reports should be sent to +the [gvisor-security mailing list][gvisor-security-list]. You should receive a +prompt response, typically within 48 hours. + +## Security issue taxonomy + +We distinguish the following type of issues, listed from most to least severe: + +- Issues that go **beyond the sandbox boundary**: + - **Container escapes**: Issues that allow arbitrary code to run on the + host machine. + - gVisor's purpose is to prevent these. + - **Data exfiltration** from the host: Issues that allow reading arbitrary + files or file metadata from the host (other than those intended to be + visible to the sandbox). + - **Sandbox-to-sandbox lateral movement**: Issues that allow arbitrary + code execution in a different sandbox on the same host. + - **Denial-of-service attacks** that affect **the host kernel** (i.e. + trigger a host kernel panic). + - **Denial-of-service attacks** that affect **other sandboxes on the same + host**. + - This excludes things like causing CPU starvation when a sandbox is + running without resource constraints. +- Issues that **remain confined to a single sandbox**: + - **Denial-of-service attacks** that affect a single sandbox and are + **triggerable remotely** (e.g. by sending a specially-crafted network + packet). + - **Privilege escalation within the sandbox** (e.g. being able to do what + in-sandbox `root` would be able to do from an in-sandbox non-`root` + user). + - **Denial-of-service attacks** that affect a single sandbox and are + **triggerable from user code** running in that sandbox. + - **Data integrity issues** relative to Linux behavior. + - gVisor aims to be bug-for-bug compatible with Linux. While most + compatibility issues are not security issues, it is conceivable that + some compatibility issues may manifest as persistent data + corruption; for example, differences in I/O syscall implementations + may cause a database program to end up storing invalid data. + +While all of the above are security issues, we generally only assign CVEs for +issues that go beyond the sandbox boundary. Since gVisor is a container security +platform, its main security focus is on preventing a user workload from "getting +out of the box", relative to issues that remain within the proverbial box. +Therefore, security issues that remain contained to a single sandbox are not +considered critical and are not given CVE numbers by default. If you would still +like to get a CVE number issued, you may report it to +[BugHunter](https://g.co/vulnz). + +## Security list access + +Policies for security list access, vulnerability embargo, and vulnerability +disclosure are outlined in the [governance policy](GOVERNANCE.md). + +[gvisor-security-list]: https://groups.google.com/forum/#!forum/gvisor-security diff --git a/src/module.md b/src/module.md new file mode 100644 index 0000000..cb7e72a --- /dev/null +++ b/src/module.md @@ -0,0 +1 @@ +**This directory is used as a rule for placing modules of the main program** \ No newline at end of file