basic fixes

Author: f0ssel

cli/cli.go

@@ -186,7 +186,7 @@ func Run(ctx context.Context, config Config, args []string) error {
 		cmd.Stdin = os.Stdin
 
 		logger.Debug("Executing command in boundary", "command", strings.Join(args, " "))
-		err := boundaryInstance.Command(args).Run()
+		err := cmd.Run()
 		if err != nil {
 			logger.Error("Command execution failed", "error", err)
 		}

jail/unprivileged.go

@@ -1,6 +1,7 @@
 package jail
 
 import (
+	"fmt"
 	"log/slog"
 	"os/exec"
 )
@@ -34,9 +35,11 @@ func (u *Unprivileged) Start() error {
 	u.logger.Debug("Starting in unprivileged mode")
 	e := getEnvs(u.configDir, u.caCertPath)
 	u.commandEnv = mergeEnvs(e, map[string]string{
-		"HOME":    u.homeDir,
-		"USER":    u.username,
-		"LOGNAME": u.username,
+		"HOME":        u.homeDir,
+		"USER":        u.username,
+		"LOGNAME":     u.username,
+		"HTTP_PROXY":  fmt.Sprintf("http://localhost:%d", u.httpProxyPort),
+		"HTTPS_PROXY": fmt.Sprintf("https://localhost:%d", u.httpProxyPort),
 	})
 	return nil
 }
@@ -53,4 +56,4 @@ func (u *Unprivileged) Command(command []string) *exec.Cmd {
 func (u *Unprivileged) Close() error {
 	u.logger.Debug("Closing unprivileged jail")
 	return nil
-}
+}

proxy/proxy.go

@@ -133,16 +133,20 @@ func (p *Server) handleHTTP(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// Forward regular HTTP request
-	p.forwardHTTPRequest(w, r)
+	p.forwardRequest(w, r, false)
 }
 
-// forwardHTTPRequest forwards a regular HTTP request
-func (p *Server) forwardHTTPRequest(w http.ResponseWriter, r *http.Request) {
+// forwardRequest forwards a regular HTTP request
+func (p *Server) forwardRequest(w http.ResponseWriter, r *http.Request, https bool) {
 	p.logger.Debug("forwardHTTPRequest called", "method", r.Method, "url", r.URL.String(), "host", r.Host)
 
+	s := "http"
+	if https {
+		s = "https"
+	}
 	// Create a new request to the target server
 	targetURL := &url.URL{
-		Scheme:   "http",
+		Scheme:   s,
 		Host:     r.Host,
 		Path:     r.URL.Path,
 		RawQuery: r.URL.RawQuery,
@@ -357,13 +361,21 @@ func (p *Server) handleTLSConnection(tlsConn *tls.Conn, hostname string) {
 
 // handleDecryptedHTTPS handles decrypted HTTPS requests and applies rules
 func (p *Server) handleDecryptedHTTPS(w http.ResponseWriter, r *http.Request) {
+	fullURL := r.URL.String()
+	if r.URL.Host == "" {
+		// Fallback: construct URL from Host header
+		fullURL = fmt.Sprintf("https://%s%s", r.Host, r.URL.Path)
+		if r.URL.RawQuery != "" {
+			fullURL += "?" + r.URL.RawQuery
+		}
+	}
 	// Check if request should be allowed
-	result := p.ruleEngine.Evaluate(r.Method, r.URL.String())
+	result := p.ruleEngine.Evaluate(r.Method, fullURL)
 
 	// Audit the request
 	p.auditor.AuditRequest(audit.Request{
 		Method:  r.Method,
-		URL:     r.URL.String(),
+		URL:     fullURL,
 		Allowed: result.Allowed,
 		Rule:    result.Rule,
 	})
@@ -374,7 +386,7 @@ func (p *Server) handleDecryptedHTTPS(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// Forward the HTTPS request (now handled same as HTTP after TLS termination)
-	p.forwardHTTPRequest(w, r)
+	p.forwardRequest(w, r, true)
 }
 
 // handleConnectionWithTLSDetection detects TLS vs HTTP and handles appropriately