Skip to content

cherry: dont send net-connection for sinkhole ip, bump armour and go-version#482

Open
h0x0er wants to merge 1 commit into
mainfrom
cherry/updates
Open

cherry: dont send net-connection for sinkhole ip, bump armour and go-version#482
h0x0er wants to merge 1 commit into
mainfrom
cherry/updates

Conversation

@h0x0er

@h0x0er h0x0er commented Jun 15, 2026

Copy link
Copy Markdown
Member

No description provided.

@h0x0er
dont send net-connection for sinkhole ip, bump armour and go-version
9564f9e 
* dont send net-connection for sinkhole ip

* bump armour to v1.2.4

* armour: bump to v1.4.0

* bump go version to 1.26.2
@h0x0er h0x0er requested a review from varunsh-coder June 15, 2026 12:24
@varunsh-coder varunsh-coder requested a review from Copilot June 16, 2026 00:56
Copilot AI reviewed Jun 16, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the agent’s networking telemetry behavior to avoid reporting connections to the StepSecurity DNS sinkhole IP (used during DNS blocking), and bumps the Go toolchain plus several dependencies (including github.com/step-security/armour).

Changes:

  • Skip handling of network events targeting StepSecuritySinkHoleIPAddress in handleNetworkEvent.
  • Bump Go version to 1.26.2 and upgrade github.com/step-security/armour to v1.4.0 (plus related golang.org/x/* updates).
  • Update GitHub Actions workflows to use Go 1.26.2.

Reviewed changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
eventhandler.go Adds sinkhole IP short-circuit and adjusts net-connection reporting logic.
go.mod Bumps Go version and updates module requirements (notably armour).
go.sum Updates checksums to match new dependency versions.
.github/workflows/test.yml Uses Go 1.26.2 in CI.
.github/workflows/release.yml Uses Go 1.26.2 for release workflow.
.github/workflows/int.yml Uses Go 1.26.2 for integration workflow.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread eventhandler.go

func (eventHandler *EventHandler) handleNetworkEvent(event *Event) {

// sinkhole is returned in-case of dns-block
Comment thread eventhandler.go
Comment on lines +167 to +170
// sinkhole is returned in-case of dns-block
if event.IPAddress == StepSecuritySinkHoleIPAddress {
return
}
Comment thread eventhandler.go
Comment on lines 200 to +202
reverseLookUp := eventHandler.DNSProxy.GetReverseIPLookup(event.IPAddress)
status := ""
matchedPolicy := ""
reason := ""
if eventHandler.DNSProxy.GlobalBlocklist != nil && eventHandler.DNSProxy.GlobalBlocklist.IsIPAddressBlocked(event.IPAddress) {
status = "Dropped"
matchedPolicy = GlobalBlocklistMatchedPolicy
reason = eventHandler.DNSProxy.GlobalBlocklist.BlockedIPAddressReason(event.IPAddress)
}
eventHandler.ApiClient.sendNetConnection(eventHandler.CorrelationId, eventHandler.Repo, event.IPAddress, event.Port, reverseLookUp, status, matchedPolicy, reason, event.Timestamp, tool)
eventHandler.ApiClient.sendNetConnection(eventHandler.CorrelationId, eventHandler.Repo, event.IPAddress, event.Port, reverseLookUp, "", "", "", event.Timestamp, tool)

Comment thread eventhandler.go
Comment on lines +167 to +170
// sinkhole is returned in-case of dns-block
if event.IPAddress == StepSecuritySinkHoleIPAddress {
return
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@varunsh-coder varunsh-coder Awaiting requested review from varunsh-coder

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@h0x0er