This commit introduces a new audit report, AUDIT-INPUT-VALIDATION.md, which details the security audit of the project's input validation and sanitization.
The report includes:
- An inventory of input entry points.
- An analysis of validation gaps.
- A description of potential injection vectors.
- Remediation recommendations with code examples.
Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
This commit adds the `AUDIT-AUTH.md` file, which documents the findings of a security audit focused on authentication and authorization mechanisms.
The audit concluded that the Poindexter repository is a Go library for data structures and does not contain any authentication or authorization flows. Therefore, the audit's primary finding is that these security concerns are not applicable to this codebase.
Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
- Add support for 13 additional record types: ALIAS, RP, SSHFP, TLSA,
DS, DNSKEY, NAPTR, LOC, HINFO, CERT, SMIMEA, WR (Web Redirect), SPF
- Add GetDNSRecordTypeInfo() for metadata with RFC references
- Add GetCommonDNSRecordTypes() for commonly used types
- Add structured types for CAA, SSHFP, TLSA, DS, DNSKEY, NAPTR, RP,
LOC, ALIAS, and WebRedirect records
- Export new functions in WASM bindings
- Update TypeScript definitions and loader.js
- Add comprehensive tests for new record types
Add comprehensive DNS tools module for network analysis:
DNS Lookup functionality:
- Support for A, AAAA, MX, TXT, NS, CNAME, SOA, PTR, SRV, CAA records
- DNSLookup() and DNSLookupAll() for single/complete lookups
- Configurable timeouts
- Structured result types for all record types
RDAP (new-style WHOIS) support:
- RDAPLookupDomain() for domain registration data
- RDAPLookupIP() for IP address information
- RDAPLookupASN() for autonomous system info
- Built-in server registry for common TLDs and RIRs
- ParseRDAPResponse() for extracting key domain info
External tool link generators:
- GetExternalToolLinks() - 20+ links for domain analysis
- GetExternalToolLinksIP() - IP-specific analysis tools
- GetExternalToolLinksEmail() - Email/domain verification
Tools include: MXToolbox (DNS, MX, SPF, DMARC, DKIM, blacklist),
DNSChecker, ViewDNS, IntoDNS, DNSViz, SecurityTrails, SSL Labs,
Shodan, Censys, IPInfo, AbuseIPDB, VirusTotal, and more.
WASM bindings expose link generators and RDAP URL builders
for use in TypeScript/browser environments.
Add comprehensive networking analytics to support peer selection based
on performance and trust metrics for KD-Tree based NAT routing:
- Add kdtree_analytics.go with TreeAnalytics, PeerAnalytics,
DistributionStats, NATRoutingMetrics, TrustMetrics, and
QualityWeights structures
- Track query/insert/delete operations with timing statistics
- Track per-peer selection frequency and average distances
- Add PeerQualityScore() for composite peer ranking
- Add ComputeTrustScore() for reputation-based selection
- Add distribution statistics (min, max, mean, median, percentiles)
- Add feature normalization helpers for multi-dimensional peer data
WASM/TypeScript integration:
- Expose all analytics via WASM bindings
- Update TypeScript definitions with full type coverage
- Update loader.js with new API methods
- Update TypeScript demo to showcase analytics features
Includes comprehensive test coverage for all analytics functionality.
This commit introduces a comprehensive test suite for the `gonum` backend, which was previously untested. It also adds tests for the `kdtree_helpers` package, specifically for the `ComputeNormStats3D` and `BuildND` functions.
The new tests cover a wide range of scenarios, including:
- Basic functionality of `Nearest`, `KNearest`, and `Radius`
- Edge cases such as empty trees, zero/negative inputs, and mismatched dimensions
- Various data configurations, including collinear points and negative coordinates
This commit also includes minor fixes to the existing tests to improve their robustness and accuracy.
As a result of these changes, the overall test coverage of the project has been increased from 80% to over 90%.
