gilles/cameradar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4535a38ad8cdc1ad7cc1fcc649cc2cd40c76475e
cameradar/CONTRIBUTING.md
T
Brendan Le Glaunec b335f98330 docs: add instructions on what targets to test against (#418)
2026-03-09 14:54:54 +01:00

3.2 KiB
Raw Blame History

Contributing

Thanks for helping improve Cameradar. Please keep changes focused and aligned with the project goals.

Development setup

  • Go 1.25 or later
  • Docker (optional, for container testing)

Clone the repo and install dependencies using Go modules.

go mod download

Test against fake targets

Use the following options when you want reproducible local testing.

Testing discovery behavior

Use scanme.nmap.org to validate discovery-related behavior.

  • scanme.nmap.org does not expose RTSP or RTSPS ports.
  • Target its open ports (for example 22, 80, 9929, 31337) to test discovery flow, reporting, and scan handling.

Example command:

cameradar -t scanme.nmap.org -p 22

Testing RTSP and attack behavior

Use RTSPAllTheThings to test RTSP-specific logic and camera attack flows.

  • It supports both basic and digest authentication.
  • It behaves like a standards-compliant RTSP camera.

Caution

It is no longer maintained and has limited camera emulation coverage.

Example command:

docker run --net=host -p 8554:8554 -e RTSP_USERNAME=admin -e RTSP_PASSWORD=12345 -e RTSP_PORT=8554 -e RTSP_AUTHENTICATION_METHOD=digest ullaakut/rtspatt

Many real cameras slightly diverge from strict RTSP behavior. For example, some devices allow DESCRIBE without authentication, or return 403 and 404 in an order that differs from strict expectations. Unfortunately, RTSPATT cannot reproduce those behaviors.

Prefer real cameras when possible

The most reliable testing method is running against real cameras and real network conditions.

Caution

Scan only authorized targets and networks.

Run tests

make test

Formatting and linting

Keep code idiomatic and consistent with existing style. By default, follow the Uber Go Style Guide and the guidelines from Effective Go.

make fmt

Dependency for linting

  • golangci-lint
    • see current version defined in .github/workflows/test.yaml at jobs.tests.steps.["Run linter"]
    • configured in .golangci.yml
make lint

Commit messages and PR titles

Use Conventional Commits for commit messages and pull request titles.

  • Use the format: type: subject
  • Write the subject in imperative mood: add, update, remove, fix, refactor
  • Do not use gerunds in subjects: avoid adding, updating, removing

Examples:

  • feat: add RTSP timeout flag
  • fix: remove duplicate progress line
  • docs: update commit message guidelines

Reporting issues

Use the issue template in .github/ISSUE_TEMPLATE.md. Include the version, environment, and repro steps. Only scan authorized targets.

Pull requests

  1. Create a feature branch from master.
  2. Keep PRs focused and small.
  3. Update documentation when behavior changes.
  4. Add or update tests when possible.
  5. Ensure make test passes.
  6. Try to bring as much test coverage as possible with your changes.
  7. Use a Conventional Commit-style PR title with an imperative subject.
Reference in New Issue View Git Blame Copy Permalink