diff --git a/go.mod b/go.mod index 1d903230fde..03851a9d285 100644 --- a/go.mod +++ b/go.mod @@ -52,7 +52,7 @@ require ( github.com/yosida95/uritemplate/v3 v3.0.2 // indirect go.uber.org/atomic v1.7.0 // indirect go.uber.org/multierr v1.9.0 // indirect - golang.org/x/sync v0.17.0 // indirect + golang.org/x/sync v0.18.0 // indirect golang.org/x/sys v0.38.0 // indirect golang.org/x/term v0.36.0 // indirect golang.org/x/text v0.30.0 // indirect diff --git a/go.sum b/go.sum index 7dd701b0b2e..8523b6d40cc 100644 --- a/go.sum +++ b/go.sum @@ -127,8 +127,8 @@ go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI= go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ= golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= -golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= -golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= +golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/pkg/workflow/data/ecosystem_domains.json b/pkg/workflow/data/ecosystem_domains.json index 0d1ce173c31..72ffbda47c9 100644 --- a/pkg/workflow/data/ecosystem_domains.json +++ b/pkg/workflow/data/ecosystem_domains.json @@ -33,7 +33,14 @@ "api.snapcraft.io", "packagecloud.io", "packages.cloud.google.com", - "packages.microsoft.com" + "packages.microsoft.com", + "golang.org", + "proxy.golang.org", + "sum.golang.org", + "npmjs.org", + "registry.npmjs.org", + "pypi.org", + "files.pythonhosted.org" ], "containers": [ "ghcr.io", diff --git a/pkg/workflow/domains.go b/pkg/workflow/domains.go index 846a8f27566..e1ca9ae8b24 100644 --- a/pkg/workflow/domains.go +++ b/pkg/workflow/domains.go @@ -54,7 +54,7 @@ func getEcosystemDomains(category string) []string { // Returns empty slice if network permissions configured but no domains allowed (deny all) // Returns domain list if network permissions configured with allowed domains // Supports ecosystem identifiers: -// - "defaults": basic infrastructure (certs, JSON schema, Ubuntu, common package mirrors, Microsoft sources) +// - "defaults": basic infrastructure (certs, JSON schema, Ubuntu, common package mirrors, Microsoft sources, Go, Node, Python) // - "containers": container registries (Docker, GitHub Container Registry, etc.) // - "dotnet": .NET and NuGet ecosystem // - "dart": Dart/Flutter ecosystem diff --git a/pkg/workflow/ecosystem_domains_test.go b/pkg/workflow/ecosystem_domains_test.go index 0786ebc9c53..1dafaf645d5 100644 --- a/pkg/workflow/ecosystem_domains_test.go +++ b/pkg/workflow/ecosystem_domains_test.go @@ -18,6 +18,13 @@ func TestEcosystemDomainExpansion(t *testing.T) { "archive.ubuntu.com", // Ubuntu "packagecloud.io", // Common Package Mirrors "packages.microsoft.com", // Microsoft Sources + "golang.org", // Go ecosystem + "proxy.golang.org", // Go proxy + "sum.golang.org", // Go checksum database + "npmjs.org", // Node ecosystem + "registry.npmjs.org", // NPM registry + "pypi.org", // Python ecosystem + "files.pythonhosted.org", // Python files } for _, expectedDomain := range expectedDomains { @@ -38,9 +45,6 @@ func TestEcosystemDomainExpansion(t *testing.T) { "ghcr.io", // Container registries "nuget.org", // .NET "github.com", // GitHub (not in defaults anymore) - "golang.org", // Go - "npmjs.org", // Node - "pypi.org", // Python } for _, excludedDomain := range excludedDomains {