Skip to content

Update to latest QA tests (v1.0.4) #864

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
hansott wants to merge 13 commits into
base: main
Choose a base branch
from
Open

Update to latest QA tests (v1.0.4) #864

hansott wants to merge 13 commits into from

Conversation

@hansott
Copy link
Member

@hansott hansott commented Dec 23, 2025
edited by aikido-pr-checks bot
Loading

Summary by Aikido

⚡ Enhancements

  • Short-circuited middleware, route, and DNS checks for bypassed IPs
  • Removed bypass-IP exemption so rate limits applied to bypasses
  • Included IPv4-mapped IPv6 addresses when initializing bypassed IP lists
  • Updated QA workflow to use firewall-tester-action version v1.0.4

🔧 Refactors

  • Changed inspection to skip attack detection when forceProtectionOff set

@hansott hansott mentioned this pull request Dec 23, 2025
Closed
@hansott
Move bypass IP check to middleware check
e2bebea 
We did the check specifically for rate limiting but not yet for blocked
user IDs.
aikido-pr-checks[bot]
aikido-pr-checks bot reviewed Dec 23, 2025
View reviewed changes
aikido-pr-checks[bot]
aikido-pr-checks bot reviewed Dec 23, 2025
View reviewed changes
@hansott
Report hostnames in unicode version
f327688
@hansott
If bypass IP, don't discover API spec nor count request
f22feb8
@hansott
Fix test for forceProtectionOff
184b5df 
In c12ee52 we've changed that we check
this flag after inspecting args of an instrumented function

For HTTP clients this means that we'll still call
`agent.onConnectHostname(url.hostname, port);`

And `agent.getConfig().shouldBlockOutgoingRequest(url.hostname)` too

Blocking of new outbound connections should always work, doesn't matter
if the route protection was disabled
@hansott
Move isGatewayEvent(..) logic inside incrementStatsAndDiscoverAPISpec
c92efb5 
So that `onRequest` will always be called

Mistake in f22feb8
@hansott
Format code
33c8510
timokoessler
timokoessler reviewed Dec 26, 2025
View reviewed changes
end2end/tests/hono-xml-blocklists.test.js
`Your IP address is not allowed to access this resource. (Your IP: 1.3.2.2)`
);
t.same(resp3.status, 200);
t.match(await resp3.text(), "Admin panel");
Copy link
Member

@timokoessler timokoessler Dec 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So https://github.com/AikidoSec/zen-specs/pull/7/changes is obsolete? I still think it is confusing 😅

@amaliarodriguezguevara-dotcom amaliarodriguezguevara-dotcom mentioned this pull request Dec 28, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timokoessler timokoessler timokoessler left review comments

+1 more reviewer

@aikido-pr-checks aikido-pr-checks[bot] aikido-pr-checks[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hansott @timokoessler