feat: Add testing infrastructure and documentation
- Set up Vitest for unit testing with jsdom - Add test setup with Web Audio API and requestAnimationFrame mocks - Create initial test suites for DOM and animations modules - Add test scripts to package.json (test, test:ui, test:run, coverage) - Update CI workflow to include test execution - Create CONTRIBUTING.md with conventional commits guidelines - Create SECURITY.md with security policy - Update ESLint config to support test files - All tests passing (8/8) Co-authored-by: ZaneThePython <102631678+ZaneThePython@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
71
SECURITY.md
Normal file
71
SECURITY.md
Normal file
@@ -0,0 +1,71 @@
|
||||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
|
||||
This is a personal website project. The latest version on the `main` branch is always supported.
|
||||
|
||||
| Version | Supported |
|
||||
| ------- | ------------------ |
|
||||
| Latest | :white_check_mark: |
|
||||
| Older | :x: |
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
If you discover a security vulnerability in this project, please report it responsibly:
|
||||
|
||||
### Email
|
||||
Send details to [contact@zane.org](mailto:contact@zane.org) with:
|
||||
- Description of the vulnerability
|
||||
- Steps to reproduce
|
||||
- Potential impact
|
||||
- Suggested fix (if any)
|
||||
|
||||
### What to Expect
|
||||
- **Response time**: Within 48 hours
|
||||
- **Updates**: Regular communication about the issue
|
||||
- **Fix timeline**: Depends on severity and complexity
|
||||
- **Disclosure**: Coordinated disclosure after fix is deployed
|
||||
|
||||
### Please Do Not
|
||||
- Create public issues for security vulnerabilities
|
||||
- Exploit vulnerabilities beyond proof-of-concept
|
||||
- Access data that doesn't belong to you
|
||||
- Perform DoS attacks
|
||||
|
||||
## Security Measures
|
||||
|
||||
This project implements several security best practices:
|
||||
|
||||
### Code Security
|
||||
- **Input Sanitization**: All user inputs are sanitized (minimal as site is static)
|
||||
- **Dependencies**: Regular security audits via `npm audit`
|
||||
- **Linting**: ESLint configured to catch common security issues
|
||||
- **CSP Ready**: Content Security Policy headers can be added by hosting provider
|
||||
|
||||
### Build Security
|
||||
- **Dependency Scanning**: GitHub Dependabot enabled
|
||||
- **Automated Updates**: Security patches applied automatically
|
||||
- **CI/CD**: All code passes linting and build checks
|
||||
|
||||
### Best Practices
|
||||
- No sensitive data in repository
|
||||
- No API keys or credentials in code
|
||||
- HTTPS enforced on live site
|
||||
- Regular dependency updates
|
||||
- Minimal external dependencies
|
||||
|
||||
## Known Limitations
|
||||
|
||||
As a static personal website:
|
||||
- No backend or database
|
||||
- No user authentication
|
||||
- No data collection or storage
|
||||
- Minimal attack surface
|
||||
|
||||
## Security Updates
|
||||
|
||||
Security fixes are released as soon as possible after discovery. Check the [CHANGELOG](CHANGELOG.md) for security-related updates.
|
||||
|
||||
---
|
||||
|
||||
*Last updated: November 2024*
|
||||
Reference in New Issue
Block a user