Google Git
Sign in
apache/caldera/HEAD
  1. 3735d9e security(file_svc): containment check on save_file to block agent-contact path traversal (#3380) by deacon-mp · 5 weeks ago master
  2. 0433803 security(ci): pin SonarSource/sonarqube-scan-action to a commit SHA (#3379) by deacon-mp · 5 weeks ago
  3. 35563c6 ci: swap safety check for pip-audit (PyPA, no API key) (#3377) by deacon-mp · 5 weeks ago
  4. 3f5d449 security(ci): fix SONAR_TOKEN exfiltration via pull_request_target sonar_fork_pr (#3376) by deacon-mp · 5 weeks ago
  5. c12162e ci: add .safety-policy.yml and use --policy-file in tox safety env (#3375) by deacon-mp · 5 weeks ago
  6. fd515c8 build(deps): bump postcss from 8.4.31 to 8.5.10 (#3369) by dependabot[bot] · 5 weeks ago
  7. cc93a0f build(deps): bump lxml from 6.0.2 to 6.1.0 (#3365) by dependabot[bot] · 7 weeks ago
  8. c90d553 encode link commands in unit tests (#3371) by uruwhy · 7 weeks ago
  9. 8ac92d1 remove update configuration functionality from rest API v1 (#3370) by uruwhy · 7 weeks ago
  10. 17615ac Bump picomatch from 2.3.1 to 2.3.2 (#3350) by dependabot[bot] · 9 weeks ago
  11. ba8d473 build(deps): bump cryptography from 46.0.5 to 46.0.7 (#3360) by dependabot[bot] · 9 weeks ago
  12. 3c38876 Bump flatted from 3.2.9 to 3.4.2 (#3348) by dependabot[bot] · 10 weeks ago
  13. 0cd64e0 fix: upgrade pyasn1 to address CVE-2026-30922 (#3346) by deacon-mp · 10 weeks ago
  14. f630405 fix: --fresh fails to clean cookie_storage, auth_svc crashes on key mismatch (#3355) by deacon-mp · 10 weeks ago
  15. 28a9be4 fix: sanitize object IDs to prevent path traversal in BaseApiManager (#3299) by deacon-mp · 2 months ago
  16. c928eb2 Bump aiohttp from 3.13.3 to 3.13.4 (#3353) by dependabot[bot] · 3 months ago
  17. ab2adb7 feat: add search filter to payload list API (#3288) by deacon-mp · 3 months ago
  18. e568f4a fix(deps): upgrade aioftp from ~=0.20.0 to ==0.27.2 (#3333) by deacon-mp · 3 months ago
  19. 29706f9 Feature/persistent sessions (#3264) by David Clute · 3 months ago
  20. a29906d fix: register SIGTERM handler in run_tasks() to save state on service shutdown (#3018) (#3277) by deacon-mp · 3 months ago
  21. 973ed61 fix: validate upload filename character set in file_svc (#3267) by deacon-mp · 3 months ago
  22. e534004 fix: correct exfil operation filter and patch path traversal bypass (#3280) by deacon-mp · 3 months ago
  23. b6ee9ca fix: prevent operation report from returning null when link paw absent (#3048) (#3279) by deacon-mp · 3 months ago
  24. 981ab92 fix: resolve trait-only relationship facts from source fact list on operation init (#3278) by deacon-mp · 3 months ago
  25. c7be7b1 fix: guard against None agent in operations summary endpoint (#3181) (#3276) by deacon-mp · 3 months ago
  26. bc39c02 fix: degrade gracefully when magma plugin dist is absent (#3275) by deacon-mp · 3 months ago
  27. bca138a fix: reduce global client_max_size and add configurable setting (#3268) by deacon-mp · 3 months ago
  28. 5c63df5 fix: replace deprecated asyncio.get_event_loop() with new_event_loop() (#3266) by deacon-mp · 3 months ago
  29. d748c6b fix: replace create_subprocess_shell (#3265) by deacon-mp · 3 months ago
  30. b6156b9 hash passwords and API keys in main config (#3257) by Daniel Matthews · 3 months ago
  31. 8373f7c Add architecture field to agent deployment commands (#3260) by Chris Lenk · 3 months ago
  32. 688e17d Bump minimatch from 3.1.2 to 3.1.5 (#3258) by dependabot[bot] · 3 months ago
  33. 899528e fix: reuse existing fact source on operation close (#3261) by ChenFryd · 3 months ago
  34. 94f99bf fix: bump cryptography to 46.0.5 and expand CI security coverage by deacon-mp · 3 months ago
  35. 62a41f8 Update server to launch without magma plugin (#3255) by Kara Pepper · 4 months ago
  36. 4bf7465 improve DNS contact unit test coverage (#3251) by Daniel Matthews · 4 months ago
  37. 4ed3182 fix: docker-compose, volumes don't overwrite UI (#3205) by nblair2 · 4 months ago
  38. fc70ba9 calculate agent alive/dead status server-side (#3249) by Daniel Matthews · 4 months ago
  39. b272e09 Edit core code to launch / run unit tests when magma plugin is not present (#3250) by Kara Pepper · 4 months ago
  40. 473bebe decouple manx from core (#3242) by Daniel Matthews · 4 months ago
  41. a9371d4 create placeholder facts if they're None when creating relationships (#3248) by Daniel Matthews · 5 months ago
  42. 20bfc01 make data_svc load_ability_file function more resilient (#3244) by Daniel Matthews · 5 months ago
  43. 222b42a Eliminate Caldera Core Dependencies on Plugins: stockpile (#3243) by Kara Pepper · 5 months ago
  44. 9ecebcc Clean up generated YML files from unit tests (#3237) by Daniel Matthews · 5 months ago
  45. 1a19420 Addressing some unit test warnings (#3222) by Daniel Matthews · 5 months ago
  46. 0f2fca5 Update app_svc.py (#3198) by Tim Brigham OC · 5 months ago
  47. c3b8bbc Bump postcss from 8.4.30 to 8.4.31 (#2830) by dependabot[bot] · 5 months ago
  48. 6e15b84 ignore fact creation timestamp comparison in test_update_schedule (#3241) by Daniel Matthews · 5 months ago
  49. e28b4c2 Bump js-yaml from 4.1.0 to 4.1.1 (#3229) by dependabot[bot] · 5 months ago
  50. 72a0317 Bump braces from 3.0.2 to 3.0.3 (#3003) by dependabot[bot] · 5 months ago
  51. cf7c441 Bump aiohttp from 3.12.14 to 3.13.3 (#3239) by dependabot[bot] · 5 months ago
  52. b0cf23c update lxml requirement to match svglib dependency (#3238) by Daniel Matthews · 5 months ago
  53. 950a52b Fix typo in feature request template (#3240) by Chris Lenk · 5 months ago
  54. 258d141 Bump marshmallow from 3.20.1 to 3.26.2 (#3236) by dependabot[bot] · 6 months ago
  55. 7c2936e Fix empty Everything Bagel adversary (replace !='training' with =='training') (#3234) by Louis · 6 months ago
  56. 806d63a Remove auto assigned responders (#3231) by Chris Lenk · 6 months ago
  57. c2fbedb fix asyncmock and atomic planner test (#3219) by Daniel Matthews · 7 months ago
  58. fa8a44c Update Magma Submodule (#3225) by Ricky Chen · 7 months ago
  59. 54dd264 set finished and cleanup state properly for operations (#3214) by Daniel Matthews · 8 months ago
  60. 0ff0bff don't override coverage path for sonar (#3216) by Daniel Matthews · 8 months ago
  61. 38bc3d4 ignore fact creation timestamp comparison in scheduling unit test (#3215) by Daniel Matthews · 8 months ago
  62. 5eb0f29 remove python 3.9 from tox (#3210) by Daniel Matthews · 8 months ago
  63. 802589f Fix Data Loading Issue (#3207) by Devon Colmer · 9 months ago
  64. e626e3e update installation info (#3199) by Daniel Matthews · 9 months ago
  65. 5849e3c Use updated golang version in dockerfile (#3202) by Daniel Matthews · 9 months ago
  66. 18529aa fix(3078, 3079): Resolve issues in Operations API Manager and Plugin Hooks (#3187) by Ricky Chen · 9 months ago
  67. a12cab9 Refactor SonarQube scan for forked PRs by deacon-mp · 9 months ago
  68. 29a83a5 Enable SonarQube scan for forked PRs by deacon-mp · 9 months ago
  69. 29f7170 Disable SonarQube scan for forked pull requests by deacon-mp · 9 months ago
  70. 74fb323 Delete .github/workflows/sonar-fork-pr.yml by deacon-mp · 9 months ago
  71. 1bd1815 Deacon mp patch SonarC (#3213) by deacon-mp · 9 months ago
  72. e394b03 Add SonarQube workflow for forked pull requests by deacon-mp · 9 months ago
  73. 4f7432b Enhance DELETE Payload Sanitization in API Handler (#3188) by Ricky Chen · 9 months ago
  74. f1bb6c3 Bump SonarSource/sonarqube-scan-action in /.github/workflows (#3209) by dependabot[bot] · 9 months ago
  75. b4d8c37 Switch to SonarQube (#3201) by Daniel Matthews · 9 months ago
  76. 3b796f3 Bump aiohttp from 3.10.11 to 3.12.14 (#3189) by dependabot[bot] · 10 months ago
  77. 4935b8a Merge pull request #3197 from HackedRico/fix-docker-workflow by Daniel Matthews · 10 months ago
  78. cffbedd fix!: Docker Workflow indentation by Ricky · 10 months ago
  79. 3917b80 Update tox.ini by deacon-mp · 10 months ago
  80. 032ec16 Merge pull request #3178 from mitre/dependabot/pip/setuptools-78.1.1 by deacon-mp · 12 months ago
  81. 48447d2 Update security.yml by deacon-mp · 12 months ago
  82. d41eb47 Update quality.yml by deacon-mp · 12 months ago
  83. 5e9ad93 Update payload_api.py by deacon-mp · 12 months ago
  84. 8312732 Merge pull request #3186 from RachHavoc/rcm/cwe-22-fix by deacon-mp · 12 months ago
  85. 14c3562 adding some extra file sanitization by RachHavoc · 12 months ago
  86. cd28656 remove unnecessary comments by RachHavoc · 12 months ago
  87. 7afe808 fix cwe 22 by RachHavoc · 12 months ago
  88. 82cf692 Bump setuptools from 75.6.0 to 78.1.1 by dependabot[bot] · 1 year, 1 month ago
  89. b24f6e7 app version tag by elegantmoose · 1 year, 2 months ago 5.3.0
  90. f48a078 Merge pull request #3171 from mitre/repin/04242025 by Michael Kouremetis · 1 year, 2 months ago
  91. 70fc3fb update magma and stockpile by elegantmoose · 1 year, 2 months ago
  92. 0a2547d Merge pull request #3168 from mitre/fix-tox-20250416 by Michael Kouremetis · 1 year, 2 months ago
  93. db9187a Merge branch 'master' into fix-tox-20250416 by Daniel Matthews · 1 year, 2 months ago
  94. 24f849d Merge pull request #3170 from mitre/repin/04182025 by Michael Kouremetis · 1 year, 2 months ago
  95. 4b83917 repin by elegantmoose · 1 year, 2 months ago
  96. 2c69e21 Merge pull request #3167 from mitre/issue-3132 by Michael Kouremetis · 1 year, 2 months ago
  97. c796e7e reverting scan command to check due to account requirement by Daniel Matthews · 1 year, 2 months ago
  98. 75346b9 Update requirements.txt by Daniel Matthews · 1 year, 2 months ago
  99. e6a500c swap out deprecated check command by Daniel Matthews · 1 year, 2 months ago
  100. b723aac add 0-score fact to unit test by Daniel Matthews · 1 year, 2 months ago