gilles/cameradar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
improve-contributing-guide
cameradar/CONTRIBUTING.md
T
Brendan Le Glaunec 629bc7df33 docs: add instructions on what targets to test against
2026-03-09 07:52:00 +01:00

114 lines
3.2 KiB
Markdown
Raw Permalink Blame History

## Contributing
Thanks for helping improve Cameradar.
Please keep changes focused and aligned with the project goals.
## Development setup
- Go 1.25 or later
- Docker (optional, for container testing)
Clone the repo and install dependencies using Go modules.
```bash
go mod download
```
### Test against fake targets
Use the following options when you want reproducible local testing.
#### Testing discovery behavior
Use `scanme.nmap.org` to validate discovery-related behavior.
- `scanme.nmap.org` does not expose RTSP or RTSPS ports.
- Target its open ports (for example `22`, `80`, `9929`, `31337`) to test discovery flow, reporting, and scan handling.
Example command:
```bash
cameradar -t scanme.nmap.org -p 22
```
#### Testing RTSP and attack behavior
Use [RTSPAllTheThings](https://github.com/Ullaakut/RTSPAllTheThings) to test RTSP-specific logic and camera attack flows.
- It supports both basic and digest authentication.
- It behaves like a standards-compliant RTSP camera.
> [!CAUTION]
> It is no longer maintained and has limited camera emulation coverage.
Example command:
```bash
docker run --net=host -p 8554:8554 -e RTSP_USERNAME=admin -e RTSP_PASSWORD=12345 -e RTSP_PORT=8554 -e RTSP_AUTHENTICATION_METHOD=digest ullaakut/rtspatt
```
Many real cameras slightly diverge from strict RTSP behavior. For example, some devices allow `DESCRIBE` without authentication, or return `403` and `404` in an order that differs from strict expectations.
Unfortunately, RTSPATT cannot reproduce those behaviors.
#### Prefer real cameras when possible
The most reliable testing method is running against real cameras and real network conditions.
> [!CAUTION]
> Scan only authorized targets and networks.
## Run tests
```bash
make test
```
## Formatting and linting
Keep code idiomatic and consistent with existing style.
By default, follow the [Uber Go Style Guide](https://github.com/uber-go/guide) and the guidelines from [Effective Go](https://go.dev/doc/effective_go).
```bash
make fmt
```
### Dependency for linting
* golangci-lint
* see current version defined in `.github/workflows/test.yaml` at `jobs.tests.steps.["Run linter"]`
* configured in `.golangci.yml`
```bash
make lint
```
## Commit messages and PR titles
Use [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) for commit messages and pull request titles.
- Use the format: `type: subject`
- Write the subject in imperative mood: `add`, `update`, `remove`, `fix`, `refactor`
- Do not use gerunds in subjects: avoid `adding`, `updating`, `removing`
Examples:
- `feat: add RTSP timeout flag`
- `fix: remove duplicate progress line`
- `docs: update commit message guidelines`
## Reporting issues
Use the issue template in [.github/ISSUE_TEMPLATE.md](.github/ISSUE_TEMPLATE.md).
Include the version, environment, and repro steps.
Only scan authorized targets.
## Pull requests
1. Create a feature branch from `master`.
2. Keep PRs focused and small.
3. Update documentation when behavior changes.
4. Add or update tests when possible.
5. Ensure `make test` passes.
6. Try to bring as much test coverage as possible with your changes.
7. Use a Conventional Commit-style PR title with an imperative subject.
Reference in New Issue View Git Blame Copy Permalink