From 7f8bc28c1269ac7b7f96672ee9dc52c33045c547 Mon Sep 17 00:00:00 2001 From: Sebastian Brizuela Date: Wed, 17 Dec 2025 19:30:50 -0300 Subject: [PATCH 1/7] Add CONTRIBUTING.md to .github directory --- .github/CONTRIBUTING.md | 51 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 .github/CONTRIBUTING.md diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md new file mode 100644 index 0000000..2683413 --- /dev/null +++ b/.github/CONTRIBUTING.md @@ -0,0 +1,51 @@ +# Contributing to RoomRTC + +Thank you for your interest in contributing to RoomRTC! We welcome contributions from the community. + +## How to Contribute + +### Reporting Issues + +- Check if the issue already exists in the issue tracker +- Use a clear and descriptive title +- Provide detailed steps to reproduce the problem +- Include relevant logs, screenshots, or code samples + +### Submitting Changes + +1. **Fork the repository** and create your branch from `main` +2. **Make your changes** following our coding standards +3. **Test your changes** thoroughly +4. **Commit your changes** with clear, descriptive commit messages +5. **Push to your fork** and submit a pull request + +### Pull Request Guidelines + +- Provide a clear description of the changes +- Reference any related issues +- Ensure all tests pass +- Update documentation as needed +- Keep pull requests focused on a single concern + +### Code Style + +- Follow the existing code style in the project +- Write clear, readable code with appropriate comments +- Keep functions small and focused + +### Development Setup + +1. Clone the repository +2. Install dependencies +3. Create a new branch for your feature or fix +4. Make your changes and test locally + +## Code of Conduct + +Please be respectful and constructive in all interactions. We are committed to providing a welcoming and inclusive environment for all contributors. + +## Questions? + +Feel free to open an issue for questions or clarifications about contributing. + +Thank you for contributing to RoomRTC! \ No newline at end of file From 9aa03e9f37b79df3674b4f283be4b721d4f30f99 Mon Sep 17 00:00:00 2001 From: Sebastian Brizuela Date: Wed, 17 Dec 2025 19:37:16 -0300 Subject: [PATCH 2/7] Add comprehensive SECURITY.md with security policy and best practices --- .github/SECURITY.md | 142 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 142 insertions(+) create mode 100644 .github/SECURITY.md diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 0000000..f9d7717 --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,142 @@ +# Security Policy + +## Supported Versions + +We release patches for security vulnerabilities in the following versions: + +| Version | Supported | +| ------- | ------------------ | +| 1.x.x | :white_check_mark: | +| < 1.0 | :x: | + +**Note:** We recommend always using the latest stable version to ensure you have all security updates and patches. + +## Reporting a Vulnerability + +We take the security of RoomRTC seriously. If you believe you have found a security vulnerability, please report it to us as described below. + +### How to Report + +**Please do NOT report security vulnerabilities through public GitHub issues.** + +Instead, please report security vulnerabilities by: + +1. **Email**: Send an email to [security contact - update with actual email] +2. **Subject Line**: Include "RoomRTC Security Vulnerability" in the subject +3. **Details to Include**: + - Type of vulnerability + - Full paths of source file(s) related to the vulnerability + - Location of the affected source code (tag/branch/commit or direct URL) + - Step-by-step instructions to reproduce the issue + - Proof-of-concept or exploit code (if possible) + - Impact of the vulnerability, including how an attacker might exploit it + +### What to Expect + +- **Acknowledgment**: You should receive an acknowledgment within 48 hours +- **Investigation**: We will investigate and validate the reported vulnerability +- **Updates**: We will keep you informed about the progress of the fix +- **Resolution**: Once the vulnerability is fixed, we will notify you and publicly acknowledge your responsible disclosure (unless you prefer to remain anonymous) +- **Timeline**: We aim to resolve critical vulnerabilities within 30 days + +### Disclosure Policy + +- Please give us reasonable time to address the vulnerability before any public disclosure +- We will credit you for the discovery in our security advisories (unless you prefer anonymity) +- We follow coordinated disclosure practices + +## Security Best Practices + +### For Users + +1. **Keep Updated**: Always use the latest stable version of RoomRTC +2. **Secure Configuration**: + - Use strong, unique passwords for any authentication + - Enable HTTPS/WSS for all WebRTC connections + - Configure proper CORS policies +3. **Network Security**: + - Use TURN servers with authentication + - Implement proper firewall rules + - Validate and sanitize all user inputs +4. **Monitoring**: + - Monitor your application logs for suspicious activity + - Set up alerts for unusual connection patterns + +### For Developers + +1. **Secure Coding Practices**: + - Validate and sanitize all inputs, especially signaling data + - Use parameterized queries to prevent injection attacks + - Implement proper authentication and authorization + - Follow the principle of least privilege + +2. **WebRTC Security**: + - Always use HTTPS for serving WebRTC applications + - Use WSS (WebSocket Secure) for signaling + - Implement proper STUN/TURN server authentication + - Validate peer connections before establishing media streams + +3. **Dependencies**: + - Regularly update all dependencies + - Use tools like `npm audit` or `yarn audit` to check for known vulnerabilities + - Review dependency licenses and security advisories + +4. **Data Protection**: + - Implement end-to-end encryption for sensitive data + - Don't store sensitive information in logs + - Follow GDPR and other relevant data protection regulations + - Use secure token generation for session management + +5. **Code Review**: + - Conduct security-focused code reviews + - Use static analysis tools to identify potential vulnerabilities + - Implement automated security testing in CI/CD pipelines + +### Security Checklist + +Before deploying RoomRTC in production: + +- [ ] All communications use HTTPS/WSS +- [ ] Authentication is properly implemented +- [ ] Input validation is in place for all user inputs +- [ ] CORS policies are correctly configured +- [ ] Rate limiting is implemented to prevent DoS attacks +- [ ] Error messages don't expose sensitive information +- [ ] Security headers are properly configured +- [ ] Dependencies are up to date +- [ ] Logging doesn't include sensitive data +- [ ] Security testing has been performed + +## Known Security Considerations + +### WebRTC Specific + +1. **IP Address Exposure**: WebRTC can expose users' real IP addresses even when using a VPN. Consider: + - Implementing IP masking via TURN servers + - Warning users about potential IP exposure + - Providing configuration options for privacy-conscious users + +2. **Cross-Site Scripting (XSS)**: Ensure all user-generated content is properly sanitized + +3. **Man-in-the-Middle Attacks**: Always use encrypted connections and verify peer identities + +## Security Updates + +Security updates and patches will be announced through: +- GitHub Security Advisories +- Release notes +- Project README + +Subscribe to repository releases to stay informed about security updates. + +## Additional Resources + +- [WebRTC Security Architecture](https://datatracker.ietf.org/doc/html/rfc8827) +- [OWASP WebRTC Security Guidelines](https://owasp.org/) +- [MDN Web Security](https://developer.mozilla.org/en-US/docs/Web/Security) + +--- + +**Last Updated**: 2025-12-17 + +Thank you for helping keep RoomRTC and its users safe! \ No newline at end of file From 4e78f7e93e992a02fd767ca5457c2c08945c257a Mon Sep 17 00:00:00 2001 From: Sebastian Brizuela Date: Wed, 17 Dec 2025 19:39:06 -0300 Subject: [PATCH 3/7] Update security contact email in SECURITY.md --- .github/SECURITY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/SECURITY.md b/.github/SECURITY.md index f9d7717..84d61b7 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -21,7 +21,7 @@ We take the security of RoomRTC seriously. If you believe you have found a secur Instead, please report security vulnerabilities by: -1. **Email**: Send an email to [security contact - update with actual email] +1. **Email**: Send an email to sebita29@gmail.com 2. **Subject Line**: Include "RoomRTC Security Vulnerability" in the subject 3. **Details to Include**: - Type of vulnerability @@ -139,4 +139,4 @@ Subscribe to repository releases to stay informed about security updates. **Last Updated**: 2025-12-17 -Thank you for helping keep RoomRTC and its users safe! \ No newline at end of file +Thank you for helping keep RoomRTC and its users safe! From 4abb9411ef7cf55dbcbadf93dc427c37beb91cd6 Mon Sep 17 00:00:00 2001 From: Sebastian Brizuela Date: Wed, 17 Dec 2025 19:40:32 -0300 Subject: [PATCH 4/7] Add LICENSE file --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 74eb827..c1f0c29 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2024 taller-1-fiuba-rust +Copyright (c) 2025 Sebastian Brizuela Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal From 89597d34ff3ee0e1b4dc1543f15b45c78e1a017c Mon Sep 17 00:00:00 2001 From: Sebastian Brizuela Date: Wed, 17 Dec 2025 19:46:55 -0300 Subject: [PATCH 5/7] Add issue template for better issue reporting --- .github/ISSUE_TEMPLATE.md | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE.md diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 0000000..6944c4f --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,37 @@ +# Issue Template + +## Issue Type +- [ ] Bug Report +- [ ] Feature Request +- [ ] Documentation Update +- [ ] Question +- [ ] Other + +## Description +A clear and concise description of the issue. + +## Steps to Reproduce (for bugs) +1. Go to '...' +2. Click on '...' +3. Scroll down to '...' +4. See error + +## Expected Behavior +What you expected to happen. + +## Actual Behavior +What actually happened. + +## Screenshots +If applicable, add screenshots to help explain your problem. + +## Environment (if relevant) +- OS: [e.g. Windows, macOS, Linux] +- Browser: [e.g. Chrome, Firefox, Safari] +- Version: [e.g. 1.0.0] + +## Additional Context +Add any other context about the problem here. + +## Possible Solution (optional) +If you have suggestions on how to fix the issue. \ No newline at end of file From 7bdecfa1d1e31c37e8876f50f10c55fbf5d3bb7b Mon Sep 17 00:00:00 2001 From: Sebastian Brizuela Date: Wed, 17 Dec 2025 19:49:00 -0300 Subject: [PATCH 6/7] Add pull request template --- .github/PULL_REQUEST_TEMPLATE.md | 47 ++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..f15e259 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,47 @@ +## Description + +Please include a summary of the changes and the related issue. Explain the motivation and context for this pull request. + +Fixes # (issue) + +## Type of Change + +Please delete options that are not relevant. + +- [ ] Bug fix (non-breaking change which fixes an issue) +- [ ] New feature (non-breaking change which adds functionality) +- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) +- [ ] Documentation update +- [ ] Code refactoring +- [ ] Performance improvement +- [ ] Other (please describe): + +## How Has This Been Tested? + +Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. + +- [ ] Test A +- [ ] Test B + +**Test Configuration**: +* Browser/Environment: +* Version: + +## Checklist + +- [ ] My code follows the style guidelines of this project +- [ ] I have performed a self-review of my own code +- [ ] I have commented my code, particularly in hard-to-understand areas +- [ ] I have made corresponding changes to the documentation +- [ ] My changes generate no new warnings +- [ ] I have added tests that prove my fix is effective or that my feature works +- [ ] New and existing unit tests pass locally with my changes +- [ ] Any dependent changes have been merged and published + +## Screenshots (if applicable) + +Add screenshots to help explain your changes. + +## Additional Notes + +Add any other context about the pull request here. \ No newline at end of file From a5113dd89875141d5e7aeea074e205535e7bb540 Mon Sep 17 00:00:00 2001 From: Sebastian Brizuela Date: Wed, 17 Dec 2025 19:59:47 -0300 Subject: [PATCH 7/7] Add GitHub usernames to team members list Updated team members section to include GitHub usernames. --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index b870875..aad7f85 100644 --- a/README.md +++ b/README.md @@ -34,12 +34,12 @@ This repository contains all source code, documentation, and configuration files ## 👥 Team Members -| StudentID | Name | -| :-------: | :------ | -| 103384 | Adriana Macarena Iglesias Tripodi | -| 105288 | Sebastián Brizuela | -| 105400 | Franco Altieri Lamas | -| 105907 | Nicolás Chen | +| StudentID | Name | Github | +| :-------: | :-------------------------------- | :----------------------------------------------- | +| 103384 | Adriana Macarena Iglesias Tripodi | [AIglesiasT](https://github.com/AIglesiasT) | +| 105288 | Sebastián Brizuela | [SebaB29](https://github.com/SebaB29) | +| 105400 | Franco Altieri Lamas | [FrancoAltieri](https://github.com/FrancoAltieri) | +| 105907 | Nicolás Chen | [nichen710](https://github.com/nichen710) | ## ℹ️ About the Project @@ -221,4 +221,4 @@ This repository includes a `LICENSE` file. Please refer to it for detailed licen --- -**Developed with 🦀 by Rusty Coders | Taller de Programación I - FIUBA - 2025** \ No newline at end of file +**Developed with 🦀 by Rusty Coders | Taller de Programación I - FIUBA - 2025**