Compare commits
12 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
7ba1cfe6f7
|
|||
| 15d697c946 | |||
|
a8a4405946
|
|||
|
2ddd0bf9fd
|
|||
| c3e10b3945 | |||
|
6da7b31269
|
|||
|
4b553d67d4
|
|||
| 3b5807a480 | |||
|
e6c0387cdd
|
|||
| ce65f05bd4 | |||
|
3190c6f119
|
|||
|
7a725a505f
|
@@ -57,7 +57,7 @@ jobs:
|
||||
uses: https://git.quad4.io/actions/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
|
||||
with:
|
||||
context: .
|
||||
file: ./Dockerfile
|
||||
file: ./docker/Dockerfile
|
||||
platforms: linux/amd64,linux/arm64
|
||||
push: ${{ github.event_name != 'pull_request' }}
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
|
||||
@@ -2,8 +2,8 @@ name: Generate SBOM
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- '*'
|
||||
tags:
|
||||
- 'v*'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
|
||||
16
CHANGELOG.md
16
CHANGELOG.md
@@ -1,5 +1,21 @@
|
||||
# Changelog
|
||||
|
||||
## 1.5.1 - 2025-12-29
|
||||
|
||||
### Features
|
||||
|
||||
- Added HOST environment variable support for configuring server host binding
|
||||
|
||||
### Security
|
||||
|
||||
- Fixed unhandled error in HTTP response writing (G104)
|
||||
- Fixed file write permissions to use more restrictive 0600 instead of 0644 (G306)
|
||||
- Fixed potential file inclusion vulnerability by adding path validation in file operations (G304)
|
||||
|
||||
### Docker
|
||||
|
||||
- Added HOST environment variable to Dockerfile (defaults to 0.0.0.0, make sure to set it properly in production)
|
||||
|
||||
## 1.5.0 - 2025-12-29
|
||||
|
||||
### Features
|
||||
|
||||
@@ -4,7 +4,7 @@ A web linking tool for mapping relationships between entities.
|
||||
|
||||
<img src="showcase/linkingtool.png" alt="showcase image" width="900">
|
||||
|
||||
Dekstop coming soon...
|
||||
Desktop apps for Windows, macOS, and Linux are coming soon...
|
||||
|
||||
## Quick Start
|
||||
|
||||
@@ -22,7 +22,7 @@ task build
|
||||
./bin/linking-tool --port 8080
|
||||
```
|
||||
|
||||
3. Open your browser to `http://localhost:8080`
|
||||
3. Open your browser at `http://localhost:8080`
|
||||
|
||||
### Using Docker
|
||||
|
||||
@@ -30,7 +30,7 @@ task build
|
||||
docker run -p 8080:8080 git.quad4.io/quad4-software/linking-tool
|
||||
```
|
||||
|
||||
Then open your browser to `http://localhost:8080`
|
||||
Then open your browser at `http://localhost:8080`
|
||||
|
||||
## Features
|
||||
|
||||
@@ -42,7 +42,7 @@ Then open your browser to `http://localhost:8080`
|
||||
- Undo/Redo support
|
||||
- PWA support (installable, offline-capable)
|
||||
- Native desktop app support (via Wails)
|
||||
- Single binary lightweight web server
|
||||
- Single-binary lightweight web server
|
||||
- Support for 32-bit and 64-bit architectures (runs on old Raspberry Pi Zero W)
|
||||
|
||||
## Installation Options
|
||||
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
"net"
|
||||
"net/http"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"time"
|
||||
|
||||
"github.com/wailsapp/wails/v2/pkg/runtime"
|
||||
@@ -128,7 +129,7 @@ func (a *App) SaveFile(filename string, content string) error {
|
||||
return nil // Cancelled
|
||||
}
|
||||
|
||||
return os.WriteFile(filePath, []byte(content), 0644)
|
||||
return os.WriteFile(filePath, []byte(content), 0600)
|
||||
}
|
||||
|
||||
// LoadFile shows an open dialog and returns the content of the selected file
|
||||
@@ -150,10 +151,15 @@ func (a *App) LoadFile() (string, error) {
|
||||
return "", nil // Cancelled
|
||||
}
|
||||
|
||||
content, err := os.ReadFile(filePath)
|
||||
absPath, err := filepath.Abs(filePath)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("invalid file path: %w", err)
|
||||
}
|
||||
cleanPath := filepath.Clean(absPath)
|
||||
|
||||
content, err := os.ReadFile(cleanPath)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return string(content), nil
|
||||
}
|
||||
|
||||
|
||||
@@ -50,4 +50,3 @@ func main() {
|
||||
println("Error:", err.Error())
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -26,6 +26,7 @@ RUN apk add --no-cache ca-certificates
|
||||
|
||||
EXPOSE 8080
|
||||
ENV PORT=8080
|
||||
ENV HOST=0.0.0.0
|
||||
ENV NODE_ENV=production
|
||||
|
||||
USER 65532
|
||||
|
||||
11
main.go
11
main.go
@@ -64,7 +64,7 @@ func corsMiddleware(allowedOrigins []string) func(http.HandlerFunc) http.Handler
|
||||
|
||||
func main() {
|
||||
frontendPath := flag.String("frontend", "", "Path to custom frontend build directory (overrides embedded assets)")
|
||||
host := flag.String("host", "0.0.0.0", "Host to bind the server to")
|
||||
host := flag.String("host", "127.0.0.1", "Host to bind the server to")
|
||||
port := flag.String("port", "", "Port to listen on (overrides PORT env var)")
|
||||
allowedOriginsStr := flag.String("allowed-origins", os.Getenv("ALLOWED_ORIGINS"), "Comma-separated list of allowed CORS origins")
|
||||
|
||||
@@ -78,6 +78,10 @@ func main() {
|
||||
}
|
||||
}
|
||||
|
||||
if hostEnv := os.Getenv("HOST"); hostEnv != "" {
|
||||
*host = hostEnv
|
||||
}
|
||||
|
||||
if *port == "" {
|
||||
*port = os.Getenv("PORT")
|
||||
if *port == "" {
|
||||
@@ -90,7 +94,9 @@ func main() {
|
||||
|
||||
http.HandleFunc("/api/ping", cors(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
w.Write([]byte(`{"status":"ok"}`))
|
||||
if _, err := w.Write([]byte(`{"status":"ok"}`)); err != nil {
|
||||
log.Printf("Error writing response: %v", err)
|
||||
}
|
||||
}))
|
||||
|
||||
// Static Assets
|
||||
@@ -138,4 +144,3 @@ func main() {
|
||||
log.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@quad4/linking-tool",
|
||||
"version": "1.5.0",
|
||||
"version": "1.5.1",
|
||||
"license": "BSD-3-Clause",
|
||||
"author": "Quad4",
|
||||
"type": "module",
|
||||
|
||||
@@ -2,10 +2,10 @@
|
||||
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
|
||||
"bomFormat": "CycloneDX",
|
||||
"specVersion": "1.6",
|
||||
"serialNumber": "urn:uuid:a79a4fd9-76fa-49d0-8b4c-915a7992028c",
|
||||
"serialNumber": "urn:uuid:b33a9989-9fad-4087-80b6-4ce46353cce8",
|
||||
"version": 1,
|
||||
"metadata": {
|
||||
"timestamp": "2025-12-29T19:38:07+00:00",
|
||||
"timestamp": "2025-12-29T20:25:57+00:00",
|
||||
"tools": {
|
||||
"components": [
|
||||
{
|
||||
@@ -20,7 +20,7 @@
|
||||
]
|
||||
},
|
||||
"component": {
|
||||
"bom-ref": "b0c726c3-2a3e-48d4-8d77-691e4d56a834",
|
||||
"bom-ref": "7a17460a-af7f-4124-8495-8d456c672b94",
|
||||
"type": "application",
|
||||
"name": ".",
|
||||
"properties": [
|
||||
@@ -33,7 +33,7 @@
|
||||
},
|
||||
"components": [
|
||||
{
|
||||
"bom-ref": "1cc2fcb0-bc2f-42c8-908b-344a7f95cdde",
|
||||
"bom-ref": "024e29d4-4b84-4452-ae89-1752f041af5b",
|
||||
"type": "application",
|
||||
"name": "pnpm-lock.yaml",
|
||||
"properties": [
|
||||
@@ -48,7 +48,7 @@
|
||||
]
|
||||
},
|
||||
{
|
||||
"bom-ref": "75bdd5fe-e460-45a6-8d4b-8d908c938bcc",
|
||||
"bom-ref": "3dad09ca-ce81-4283-9dea-b2a592f898df",
|
||||
"type": "application",
|
||||
"name": "go.mod",
|
||||
"properties": [
|
||||
@@ -7021,7 +7021,7 @@
|
||||
],
|
||||
"dependencies": [
|
||||
{
|
||||
"ref": "1cc2fcb0-bc2f-42c8-908b-344a7f95cdde",
|
||||
"ref": "024e29d4-4b84-4452-ae89-1752f041af5b",
|
||||
"dependsOn": [
|
||||
"pkg:npm/%40eslint/js@9.39.2",
|
||||
"pkg:npm/%40sveltejs/adapter-static@3.0.10",
|
||||
@@ -7046,16 +7046,16 @@
|
||||
]
|
||||
},
|
||||
{
|
||||
"ref": "75bdd5fe-e460-45a6-8d4b-8d908c938bcc",
|
||||
"ref": "3dad09ca-ce81-4283-9dea-b2a592f898df",
|
||||
"dependsOn": [
|
||||
"pkg:golang/git.quad4.io/quad4-software/linking-tool"
|
||||
]
|
||||
},
|
||||
{
|
||||
"ref": "b0c726c3-2a3e-48d4-8d77-691e4d56a834",
|
||||
"ref": "7a17460a-af7f-4124-8495-8d456c672b94",
|
||||
"dependsOn": [
|
||||
"1cc2fcb0-bc2f-42c8-908b-344a7f95cdde",
|
||||
"75bdd5fe-e460-45a6-8d4b-8d908c938bcc"
|
||||
"024e29d4-4b84-4452-ae89-1752f041af5b",
|
||||
"3dad09ca-ce81-4283-9dea-b2a592f898df"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
||||
4078
sbom/sbom.spdx.json
4078
sbom/sbom.spdx.json
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user