Releases: AikidoSec/firewall-tester-action
Releases · AikidoSec/firewall-tester-action
v1.0.11
v1.0.10
- Cap GitHub step summary to 1024KB with progressive truncation
v1.0.9
- fix markdown
- Enhance shell injection tests by adding special character tests (
\r,\v,\f...) - Add path traversal test cases (
/./)
v1.0.8
Instead of stopping at the first assertion failure, tests now use AssertionCollector to gather all failures and report them at once.
v1.0.7
- add test for AIKIDO_DISABLE
- fix test_internet_not_available
v1.0.6
- Add logging of test stdout and stderr in run_test.py
- Fix path traversal test for Ruby
v1.0.5
- fix test_outbound_domain_blocking - core only accepts Unicode hostnames
v1.0.4
What's Changed
- Fix wave attack test (allow both LRU and sliding window)
- stored_ssrf - add test cases -- IP addresses for Google Cloud Metadata Service or direct IMDS IP access should be allowed
- Implement traffic country-based blocking and allowance tests
v1.0.3
- Enhance allowedIPAddresses test with CIDR ranges and IPv6 cases
- Fix tests for bypassed IPs (Admin IP restrictions and blocked users)
- Add IDN and percent-encoding bypass tests for outbound domain blocking
v1.0.2
- wave attack – add samples metadata validation
- Update test_stored_ssrf – bypassed IP test case
- Add bypassed IP test
- Verifies bypass for rate limiting, attack detection, bot blocking, and geo-blocking
- Ensures bypassed IPs generate no API spec discovery data or attack statistics
- Confirms support for IPv4/IPv6 single addresses and CIDR ranges
- Confirms bypass does not override route-level admin IP restrictions or blocked user IDs
- Add test outbound domain blocking
- Validates blocking of explicitly blocked domains
- Verifies bypassed IPs can access any domain
- Ensures
forceProtectionOffdoes not affect outbound domain blocking - Confirms allowed domains work when
blockNewOutgoingRequests = true - Ensures new domains are blocked when
blockNewOutgoingRequests = true - Tests case-insensitive hostname matching
- Validates heartbeat reporting for blocked, allowed, and bypassed domains
- Ensures new domains are allowed when
blockNewOutgoingRequests = false - Confirms explicitly blocked domains remain blocked when
blockNewOutgoingRequests = false - Verifies detection mode (
block: false) does not block