hectorm
Showing with 36 additions and 24 deletions.

+12 −12 .github/workflows/main.yml

+6 −6 .github/workflows/security-code.yml

+3 −3 .github/workflows/security-scorecard.yml

+1 −1 Dockerfile

+12 −0 cetusguard/cetusguard_test.go

+1 −1 e2e/run.sh

+1 −1 go.mod
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -19,7 +19,7 @@ jobs:
       contents: 'read'
     steps:
       - name: 'Checkout'
-        uses: 'actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab'
+        uses: 'actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9'
       - name: 'Set up Go'
         uses: 'actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753'
         with:
@@ -36,7 +36,7 @@ jobs:
       contents: 'read'
     steps:
       - name: 'Checkout'
-        uses: 'actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab'
+        uses: 'actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9'
       - name: 'Set up Go'
         uses: 'actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753'
         with:
@@ -59,7 +59,7 @@ jobs:
         os: ['ubuntu-latest', 'windows-latest', 'macos-latest']
     steps:
       - name: 'Checkout'
-        uses: 'actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab'
+        uses: 'actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9'
       - name: 'Set up Go'
         uses: 'actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753'
         with:
@@ -77,7 +77,7 @@ jobs:
       contents: 'read'
     steps:
       - name: 'Checkout'
-        uses: 'actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab'
+        uses: 'actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9'
       - name: 'Set up Go'
         uses: 'actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753'
         with:
@@ -95,7 +95,7 @@ jobs:
       contents: 'read'
     steps:
       - name: 'Checkout'
-        uses: 'actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab'
+        uses: 'actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9'
       - name: 'Set up Go'
         uses: 'actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753'
         with:
@@ -132,7 +132,7 @@ jobs:
         ]
     steps:
       - name: 'Checkout'
-        uses: 'actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab'
+        uses: 'actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9'
       - name: 'Set up Go'
         uses: 'actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753'
         with:
@@ -160,21 +160,21 @@ jobs:
       contents: 'read'
     steps:
       - name: 'Checkout'
-        uses: 'actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab'
+        uses: 'actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9'
       - name: 'Set up QEMU'
-        uses: 'docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18'
+        uses: 'docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7'
       - name: 'Set up Docker Buildx'
-        uses: 'docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c'
+        uses: 'docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1'
       - name: 'Login to Docker Hub'
         if: "github.event_name != 'pull_request'"
-        uses: 'docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a'
+        uses: 'docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc'
         with:
           registry: 'docker.io'
           username: '${{ secrets.DOCKERHUB_USERNAME }}'
           password: '${{ secrets.DOCKERHUB_TOKEN }}'
       - name: 'Extract metadata'
         id: 'meta'
-        uses: 'docker/metadata-action@c4ee3adeed93b1fa6a762f209fb01608c1a22f1e'
+        uses: 'docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175'
         with:
           images: |
             docker.io/${{ github.repository }}
@@ -184,7 +184,7 @@ jobs:
             type=semver,pattern=v{{major}}.{{minor}}
             type=semver,pattern=v{{major}}
       - name: 'Build and push'
-        uses: 'docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671'
+        uses: 'docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825'
         with:
           context: './'
           platforms: 'linux/amd64,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/riscv64,linux/ppc64le,linux/s390x'

diff --git a/.github/workflows/security-code.yml b/.github/workflows/security-code.yml
@@ -27,20 +27,20 @@ jobs:
         language: ['go']
     steps:
       - name: 'Checkout'
-        uses: 'actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab'
+        uses: 'actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9'
       - name: 'Set up Go'
         uses: 'actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753'
         with:
           go-version-file: './go.mod'
           check-latest: true
       - name: 'Initialize CodeQL'
-        uses: 'github/codeql-action/init@0225834cc549ee0ca93cb085b92954821a145866'
+        uses: 'github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a'
         with:
           languages: '${{ matrix.language }}'
       - name: 'Autobuild'
-        uses: 'github/codeql-action/autobuild@0225834cc549ee0ca93cb085b92954821a145866'
+        uses: 'github/codeql-action/autobuild@cdcdbb579706841c47f7063dda365e292e5cad7a'
       - name: 'Perform CodeQL analysis'
-        uses: 'github/codeql-action/analyze@0225834cc549ee0ca93cb085b92954821a145866'
+        uses: 'github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a'
 
   analyze-gosec:
     name: 'Gosec analysis'
@@ -51,7 +51,7 @@ jobs:
       security-events: 'write'
     steps:
       - name: 'Checkout'
-        uses: 'actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab'
+        uses: 'actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9'
       - name: 'Set up Go'
         uses: 'actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753'
         with:
@@ -62,6 +62,6 @@ jobs:
         with:
           args: '-no-fail -tests -fmt sarif -out ./results.sarif ./...'
       - name: 'Upload SARIF file'
-        uses: 'github/codeql-action/upload-sarif@0225834cc549ee0ca93cb085b92954821a145866'
+        uses: 'github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a'
         with:
           sarif_file: './results.sarif'
diff --git a/.github/workflows/security-scorecard.yml b/.github/workflows/security-scorecard.yml
@@ -20,15 +20,15 @@ jobs:
       security-events: 'write'
     steps:
       - name: 'Checkout'
-        uses: 'actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab'
+        uses: 'actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9'
       - name: 'Perform security analysis'
-        uses: 'ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af'
+        uses: 'ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031'
         with:
           results_file: './results.sarif'
           results_format: 'sarif'
           repo_token: '${{ secrets.GITHUB_TOKEN }}'
           publish_results: false
       - name: 'Upload SARIF file'
-        uses: 'github/codeql-action/upload-sarif@0225834cc549ee0ca93cb085b92954821a145866'
+        uses: 'github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a'
         with:
           sarif_file: './results.sarif'
diff --git a/Dockerfile b/Dockerfile
@@ -4,7 +4,7 @@
 ## "build" stage
 ##################################################
 
-FROM --platform=${BUILDPLATFORM:-linux/amd64} docker.io/golang:1.20.4-bullseye@sha256:918857f4064db0fff49799ce5e7c4d43e394f452111cd89cca9af539c18a76a8 AS build
+FROM --platform=${BUILDPLATFORM:-linux/amd64} docker.io/golang:1.21.0-bookworm@sha256:475706e47abe616a9d32754359d2582c26d4084dcc40de41d9f11c38b8698732 AS build
 
 ARG TARGETOS
 ARG TARGETARCH

diff --git a/cetusguard/cetusguard_test.go b/cetusguard/cetusguard_test.go
@@ -1186,6 +1186,10 @@ func httpClientAllowedReq(scheme string, addr string) (*http.Request, error) {
 	req.URL.Scheme = scheme
 	req.URL.Host = addr
 
+	if strings.HasPrefix(addr, "/") {
+		req.Host = "test.cetusguard.localhost"
+	}
+
 	return req, nil
 }
 
@@ -1198,6 +1202,10 @@ func httpClientDeniedMethodReq(scheme string, addr string) (*http.Request, error
 	req.URL.Scheme = scheme
 	req.URL.Host = addr
 
+	if strings.HasPrefix(addr, "/") {
+		req.Host = "test.cetusguard.localhost"
+	}
+
 	return req, nil
 }
 
@@ -1210,6 +1218,10 @@ func httpClientDeniedPatternReq(scheme string, addr string) (*http.Request, erro
 	req.URL.Scheme = scheme
 	req.URL.Host = addr
 
+	if strings.HasPrefix(addr, "/") {
+		req.Host = "test.cetusguard.localhost"
+	}
+
 	return req, nil
 }
 

diff --git a/e2e/run.sh b/e2e/run.sh
@@ -5,7 +5,7 @@ export LC_ALL='C'
 
 SCRIPT_DIR="$(CDPATH='' cd -- "$(dirname -- "${0:?}")" && pwd -P)"
 
-CLI_TREEISH='v24.0.2'
+CLI_TREEISH='v24.0.5'
 CLI_REMOTE='https://github.com/docker/cli.git'
 CLI_PATCH="${SCRIPT_DIR:?}/cli.patch"
 CLI_DIR="$(mktemp -d)"

diff --git a/go.mod b/go.mod
@@ -1,3 +1,3 @@
 module github.com/hectorm/cetusguard
 
-go 1.20
+go 1.21