diff options
author | Varun Sharma <varunsh@stepsecurity.io> | 2023-08-11 23:23:08 -0700 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-08-12 03:56:47 -0300 |
commit | 7facc386cd085c7bf401d4742b9f9c6267caa3cd (patch) | |
tree | 79fc478e36c05093351da1271b1ea16330b53ef4 | |
parent | build(deps): bump step-security/harden-runner from 2.5.0 to 2.5.1 (diff) | |
download | firejail-7facc386cd085c7bf401d4742b9f9c6267caa3cd.tar.gz firejail-7facc386cd085c7bf401d4742b9f9c6267caa3cd.tar.zst firejail-7facc386cd085c7bf401d4742b9f9c6267caa3cd.zip |
Update allowed endpoints
Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
-rw-r--r-- | .github/workflows/build-extra.yml | 21 | ||||
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 2 |
2 files changed, 23 insertions, 0 deletions
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index 1e277cbcf..a36997838 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml | |||
@@ -58,8 +58,12 @@ jobs: | |||
58 | with: | 58 | with: |
59 | egress-policy: block | 59 | egress-policy: block |
60 | allowed-endpoints: > | 60 | allowed-endpoints: > |
61 | archive.ubuntu.com:80 | ||
61 | azure.archive.ubuntu.com:80 | 62 | azure.archive.ubuntu.com:80 |
62 | github.com:443 | 63 | github.com:443 |
64 | packages.microsoft.com:443 | ||
65 | ppa.launchpadcontent.net:443 | ||
66 | security.ubuntu.com:80 | ||
63 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | 67 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 |
64 | - name: update package information | 68 | - name: update package information |
65 | run: sudo apt-get update -qy | 69 | run: sudo apt-get update -qy |
@@ -88,8 +92,12 @@ jobs: | |||
88 | with: | 92 | with: |
89 | egress-policy: block | 93 | egress-policy: block |
90 | allowed-endpoints: > | 94 | allowed-endpoints: > |
95 | archive.ubuntu.com:80 | ||
91 | azure.archive.ubuntu.com:80 | 96 | azure.archive.ubuntu.com:80 |
92 | github.com:443 | 97 | github.com:443 |
98 | packages.microsoft.com:443 | ||
99 | ppa.launchpadcontent.net:443 | ||
100 | security.ubuntu.com:80 | ||
93 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | 101 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 |
94 | - name: update package information | 102 | - name: update package information |
95 | run: sudo apt-get update -qy | 103 | run: sudo apt-get update -qy |
@@ -114,8 +122,12 @@ jobs: | |||
114 | with: | 122 | with: |
115 | egress-policy: block | 123 | egress-policy: block |
116 | allowed-endpoints: > | 124 | allowed-endpoints: > |
125 | archive.ubuntu.com:80 | ||
117 | azure.archive.ubuntu.com:80 | 126 | azure.archive.ubuntu.com:80 |
118 | github.com:443 | 127 | github.com:443 |
128 | packages.microsoft.com:443 | ||
129 | ppa.launchpadcontent.net:443 | ||
130 | security.ubuntu.com:80 | ||
119 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | 131 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 |
120 | - name: update package information | 132 | - name: update package information |
121 | run: sudo apt-get update -qy | 133 | run: sudo apt-get update -qy |
@@ -136,8 +148,13 @@ jobs: | |||
136 | with: | 148 | with: |
137 | egress-policy: block | 149 | egress-policy: block |
138 | allowed-endpoints: > | 150 | allowed-endpoints: > |
151 | archive.ubuntu.com:80 | ||
139 | azure.archive.ubuntu.com:80 | 152 | azure.archive.ubuntu.com:80 |
140 | github.com:443 | 153 | github.com:443 |
154 | packages.microsoft.com:443 | ||
155 | ppa.launchpad.net:80 | ||
156 | ppa.launchpadcontent.net:443 | ||
157 | security.ubuntu.com:80 | ||
141 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | 158 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 |
142 | - name: update package information | 159 | - name: update package information |
143 | run: sudo apt-get update -qy | 160 | run: sudo apt-get update -qy |
@@ -154,8 +171,12 @@ jobs: | |||
154 | with: | 171 | with: |
155 | egress-policy: block | 172 | egress-policy: block |
156 | allowed-endpoints: > | 173 | allowed-endpoints: > |
174 | archive.ubuntu.com:80 | ||
157 | azure.archive.ubuntu.com:80 | 175 | azure.archive.ubuntu.com:80 |
158 | github.com:443 | 176 | github.com:443 |
177 | packages.microsoft.com:443 | ||
178 | ppa.launchpadcontent.net:443 | ||
179 | security.ubuntu.com:80 | ||
159 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | 180 | - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 |
160 | - name: update package information | 181 | - name: update package information |
161 | run: sudo apt-get update -qy | 182 | run: sudo apt-get update -qy |
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 497db02fd..0f9c0f740 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml | |||
@@ -81,8 +81,10 @@ jobs: | |||
81 | egress-policy: block | 81 | egress-policy: block |
82 | allowed-endpoints: > | 82 | allowed-endpoints: > |
83 | api.github.com:443 | 83 | api.github.com:443 |
84 | files.pythonhosted.org:443 | ||
84 | github.com:443 | 85 | github.com:443 |
85 | objects.githubusercontent.com:443 | 86 | objects.githubusercontent.com:443 |
87 | pypi.org:443 | ||
86 | uploads.github.com:443 | 88 | uploads.github.com:443 |
87 | 89 | ||
88 | - name: Checkout repository | 90 | - name: Checkout repository |