From 699c2f5a4b36ad94b84cf799713d14e007304bc1 Mon Sep 17 00:00:00 2001
From: Ashur <mikulasek@live.com>
Date: Mon, 4 Jan 2021 20:46:07 +0100
Subject: [PATCH 1/3] Client IP is hased on date salt with SHA245

---
 configure.ac |  2 +-
 src/dns.c    | 48 +++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 173c41c..8ef102a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -156,7 +156,7 @@ if test "$with_ldns_libraries" != "no"; then
     LDFLAGS="${LDFLAGS} -L${with_ldns_libraries}"
 fi
 
-LDFLAGS="${LDFLAGS} -lldns"
+LDFLAGS="${LDFLAGS} -lldns -lssl -lcrypto"
 
 # Check or ldns headers
 AC_CHECK_HEADER(ldns/ldns.h,,LIBLDNS_H="no")
diff --git a/src/dns.c b/src/dns.c
index a438bb8..140f02a 100644
--- a/src/dns.c
+++ b/src/dns.c
@@ -31,6 +31,9 @@
 #include "passivedns.h"
 #include "dns.h"
 
+#include <openssl/sha.h>
+#include <math.h>
+
 #ifdef HAVE_JSON
 #include <jansson.h>
 #endif /* HAVE_JSON */
@@ -42,6 +45,8 @@ extern globalconfig config;
 #define DBUCKET_SIZE  3967   /* Carol that is primes */
 
 pdns_record *dbucket[DBUCKET_SIZE];
+char hash_datestamp[200];
+char hash_datesha256[65];
 
 uint64_t hash(unsigned char *str)
 {
@@ -644,6 +649,44 @@ const char *u_ntop(const struct in6_addr ip_addr, int af, char *dest)
     return dest;
 }
 
+void sha256(char *string, char salt[65], char outputBuffer[65]) 
+{
+    unsigned char hash[SHA256_DIGEST_LENGTH];
+    SHA256_CTX sha256;
+    SHA256_Init(&sha256);
+    if (strlen(salt) > 0) 
+    {
+        SHA256_Update(&sha256, salt, strlen(salt));
+    }
+    SHA256_Update(&sha256, string, strlen(string));
+    SHA256_Final(hash, &sha256);
+    int i = 0;
+    for(i = 0; i < SHA256_DIGEST_LENGTH; i++)
+    {
+        sprintf(outputBuffer + (i * 2), "%02x", hash[i]);
+    }
+    outputBuffer[64] = 0;
+}
+
+void sha256_string(pdns_record *l, char *string, char outputBuffer[65])
+{
+    struct tm *tmpTime;
+    char timestr[200];
+    char timebuf[200];
+    tmpTime = localtime(&l->last_seen.tv_sec);
+    strftime(timestr, sizeof(timestr), "%Y-%m-%d", tmpTime);
+    if (strcmp(timestr, hash_datestamp) != 0)
+    {
+        strcpy(hash_datestamp, timestr);
+        strftime(timebuf, sizeof(timestr), "%Y-%m-%d %H:%M:%S", tmpTime);
+        sprintf(timestr, "%s.%03d\n", timebuf, l->last_seen.tv_usec);
+        sha256(timestr, "", hash_datesha256);
+        //printf("%s -- %s\n", timestr, hash_datesha256);
+    }
+
+    sha256(string, hash_datesha256, outputBuffer);
+}
+
 void print_passet(pdns_record *l, pdns_asset *p, ldns_rr *rr,
                   ldns_rdf *lname, uint16_t rcode)
 {
@@ -1067,7 +1110,10 @@ void print_passet(pdns_record *l, pdns_asset *p, ldns_rr *rr,
         if (config.fieldsf & FIELD_CLIENT) {
             if (offset != 0)
                 offset += snprintf(output+offset, sizeof(buffer) - offset, "%s", d);
-            offset += snprintf(output+offset, sizeof(buffer) - offset, "%s", ip_addr_c);
+            
+            unsigned char shahash[65];
+            sha256_string(l, ip_addr_c, shahash);
+            offset += snprintf(output+offset, sizeof(buffer) - offset, "%s", shahash);
         }
 
         /* Print client hardware address  */

From 753d39fd1585b8fdad437ccabc045a8d397b69b2 Mon Sep 17 00:00:00 2001
From: Ashur <mikulasek@live.com>
Date: Tue, 5 Jan 2021 12:47:46 +0100
Subject: [PATCH 2/3] Update weekly not daily

---
 src/dns.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/dns.c b/src/dns.c
index 140f02a..d475da4 100644
--- a/src/dns.c
+++ b/src/dns.c
@@ -674,14 +674,14 @@ void sha256_string(pdns_record *l, char *string, char outputBuffer[65])
     char timestr[200];
     char timebuf[200];
     tmpTime = localtime(&l->last_seen.tv_sec);
-    strftime(timestr, sizeof(timestr), "%Y-%m-%d", tmpTime);
+    strftime(timestr, sizeof(timestr), "%Y-%U", tmpTime);
     if (strcmp(timestr, hash_datestamp) != 0)
     {
         strcpy(hash_datestamp, timestr);
-        strftime(timebuf, sizeof(timestr), "%Y-%m-%d %H:%M:%S", tmpTime);
+        strftime(timebuf, sizeof(timestr), "%U %Y-%m-%d %H:%M:%S", tmpTime);
         sprintf(timestr, "%s.%03d\n", timebuf, l->last_seen.tv_usec);
         sha256(timestr, "", hash_datesha256);
-        //printf("%s -- %s\n", timestr, hash_datesha256);
+        //printf("** %s -- %s\n", timestr, hash_datesha256);
     }
 
     sha256(string, hash_datesha256, outputBuffer);

From 76e47099141d4e8fd7ea8d1e09983f5982a886a0 Mon Sep 17 00:00:00 2001
From: czechbol <adamludes@gmail.com>
Date: Fri, 11 Oct 2024 14:19:29 +0200
Subject: [PATCH 3/3] Add GitHub Actions workflow

---
 .github/workflows/license-check.yml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 .github/workflows/license-check.yml

diff --git a/.github/workflows/license-check.yml b/.github/workflows/license-check.yml
new file mode 100644
index 0000000..93219ab
--- /dev/null
+++ b/.github/workflows/license-check.yml
@@ -0,0 +1,29 @@
+name: License Compliance Check
+# UNCOMMENT TO ENABLE THE WORKFLOW
+# on:
+#   push:
+#     branches:
+#     - "**"
+#     paths-ignore:
+#     - "k8s/**"
+#     - "**/*.md"
+jobs:
+  license-check:
+    runs-on: ubuntu-latest
+    steps:
+
+# SETUP DEVELOPMENT ENVIRONMENT FOR THE LANGUAGE OF THE REPOSITORY
+# this should be similar to the setup for tests
+
+###############################################################
+#    - name: Checkout and setup go for private repositories
+#      uses: whalebone/github-actions-go/checkout-setup@v1
+#      with:
+#        go-version-file: "go.mod"
+#        GH_USERNAME: ${{ secrets.GH_USERNAME }}
+#        GH_TOKEN: ${{ secrets.GH_TOKEN }}
+###############################################################
+    - name: Run License Compliance Check
+      uses: whalebone/license-compliance@v1
+      with:
+        licenses_group: 'cloud' # 'cloud' or 'onprem' at the moment