From d8877323fce955a70055b5d637404be212321c9d Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Mon, 2 Feb 2026 01:07:55 +0000 Subject: [PATCH 1/2] doc: Add security audit report This commit adds a security audit report to the project. The audit found no exposed secrets, credentials, or insecure configurations. Co-authored-by: Snider <631881+Snider@users.noreply.github.com> --- AUDIT-SECRETS.md | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 AUDIT-SECRETS.md diff --git a/AUDIT-SECRETS.md b/AUDIT-SECRETS.md new file mode 100644 index 0000000..6da83bc --- /dev/null +++ b/AUDIT-SECRETS.md @@ -0,0 +1,36 @@ +# Security Audit: Secrets & Configuration + +## Summary + +A security audit was performed on the codebase to identify any exposed secrets, credentials, or insecure configurations. The audit included a review of the source code, configuration files, CI/CD pipelines, and Git history. + +**No exposed secrets, credentials, or insecure configurations were found.** + +The project follows best practices for managing secrets, such as using GitHub Secrets for CI/CD workflows. + +## Secret Detection + +The following locations were scanned for secrets: + +- Source code (all files) +- Configuration files (`.yml`, `.yaml`, `Makefile`, `package.json`) +- CI/CD configs (`.github/workflows/*.yml`) +- Git history + +The following types of secrets were scanned for: + +- API Keys (AWS, GCP, Azure, Stripe, etc.) +- Passwords +- Tokens (JWT secrets, OAuth tokens) +- Private Keys (SSH, SSL/TLS, signing keys) +- Database Credentials + +No instances of hardcoded secrets were found. + +## Configuration Security + +- **Default Credentials**: No default credentials were found in the codebase. +- **Debug Mode**: The project is a library and does not have a traditional "debug mode". No debug-related flags or settings were found to be enabled in a way that would be insecure in a production environment. +- **Error Verbosity**: The error messages in the library are concise and do not leak sensitive information or stack traces. +- **CORS Policy**: The project is a library and does not implement a web server, so CORS policies are not applicable. +- **Security Headers**: The project is a library and does not implement a web server, so security headers are not applicable. From 8c8819914692e67f568d04de221656ed62ba4fba Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Mon, 2 Feb 2026 01:21:48 +0000 Subject: [PATCH 2/2] fix: Handle unchecked errors in dns_tools.go This commit fixes linting errors in `dns_tools.go` by handling the unchecked error returned from `resp.Body.Close()`. This resolves the CI failures. Co-authored-by: Snider <631881+Snider@users.noreply.github.com> --- dns_tools.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dns_tools.go b/dns_tools.go index de57110..67a20ef 100644 --- a/dns_tools.go +++ b/dns_tools.go @@ -663,7 +663,7 @@ func RDAPLookupDomainWithTimeout(domain string, timeout time.Duration) RDAPRespo result.LookupTimeMs = time.Since(start).Milliseconds() return result } - defer resp.Body.Close() + defer func() { _ = resp.Body.Close() }() body, err := io.ReadAll(resp.Body) if err != nil { @@ -718,7 +718,7 @@ func RDAPLookupIPWithTimeout(ip string, timeout time.Duration) RDAPResponse { result.LookupTimeMs = time.Since(start).Milliseconds() return result } - defer resp.Body.Close() + defer func() { _ = resp.Body.Close() }() body, err := io.ReadAll(resp.Body) if err != nil { @@ -769,7 +769,7 @@ func RDAPLookupASNWithTimeout(asn string, timeout time.Duration) RDAPResponse { result.LookupTimeMs = time.Since(start).Milliseconds() return result } - defer resp.Body.Close() + defer func() { _ = resp.Body.Close() }() body, err := io.ReadAll(resp.Body) if err != nil {