Skip to content

Update QA tests to v1.0.16#1030

Open
hansott wants to merge 7 commits into
mainfrom
update-firewall-tester-action
Open

Update QA tests to v1.0.16#1030
hansott wants to merge 7 commits into
mainfrom
update-firewall-tester-action

Conversation

@hansott
Copy link
Copy Markdown
Member

@hansott hansott commented May 20, 2026
edited by aikido-pr-checks Bot
Loading

Summary by Aikido

Security Issues: 0 🔍 Quality Issues: 1 Resolved Issues: 0

🚀 New Features

  • Added hostnameToUnicode helper to convert punycode hostnames to unicode

⚡ Enhancements

  • Updated QA workflow to use and pin firewall-tester-action v1.0.16
  • Normalized stored hostnames and heartbeat reports to unicode form
  • Checked bypassed IPs earlier to skip blocking and inspections
  • Ignored inspection results and attack reporting for bypassed IP addresses

More info

hansott added 3 commits May 20, 2026 17:38
@hansott
Update firewall-tester-action to v1.0.16
a1e0406
@hansott
Pin firewall-tester-action to commit SHA
02fd63b
@hansott
Convert punycode hostnames to unicode in heartbeats
476d4a5 
new URL(...) converts hostnames to punycode, but we want to report
the human-readable unicode version in heartbeats.
aikido-pr-checks[bot]
aikido-pr-checks Bot reviewed May 20, 2026
View reviewed changes
Comment thread library/agent/Agent.ts Outdated
@codecov
Copy link
Copy Markdown

codecov Bot commented May 20, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 90.90909% with 6 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
library/helpers/hostnameToUnicode.ts 70.00% 6 Missing ⚠️

📢 Thoughts on this report? Let us know!

aikido-pr-checks[bot]
aikido-pr-checks Bot reviewed May 20, 2026
View reviewed changes
Comment thread library/helpers/normalizeHostname.ts Outdated
@hansott
Convert punycode hostnames to unicode
ff41bf9 
Config stores domain names as unicode (e.g. münchen.example.com),
but new URL() converts hostnames to punycode. Add hostnameToUnicode
helper and apply it in domain blocking and heartbeat reporting only,
keeping normalizeHostname unchanged to avoid breaking SSRF detection.
aikido-pr-checks[bot]
aikido-pr-checks Bot reviewed May 20, 2026
View reviewed changes
Comment thread library/helpers/hostnameToUnicode.ts
timokoessler
timokoessler approved these changes May 21, 2026
View reviewed changes
Comment thread library/agent/Hostnames.ts
}

hostname = normalizeHostname(hostname);
hostname = hostnameToUnicode(normalizeHostname(hostname));
Copy link
Copy Markdown
Member

@timokoessler timokoessler May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In a lot of places we are doing the opposite thing tho 😅

new URL("https://tkössler.de")
URL {
  href: 'https://xn--tkssler-b1a.de/',
  origin: 'https://xn--tkssler-b1a.de',
  protocol: 'https:',
  username: '',
  password: '',
  host: 'xn--tkssler-b1a.de',
  hostname: 'xn--tkssler-b1a.de',
  port: '',
  pathname: '/',
  search: '',
  searchParams: URLSearchParams {},
  hash: ''
}
>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@teta2k teta2k teta2k approved these changes

@timokoessler timokoessler timokoessler approved these changes

+1 more reviewer

@aikido-pr-checks aikido-pr-checks[bot] aikido-pr-checks[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hansott @teta2k @timokoessler