From b31dd83160da7a8f0360b7288ccb7c494e14097a Mon Sep 17 00:00:00 2001 From: BitterPanda Date: Wed, 24 Dec 2025 12:36:30 +0100 Subject: [PATCH 1/8] rename "domains" to clearer outbound_domains --- .../update_service_config.py | 2 +- .../update_service_config_test.py | 4 ++-- .../background_process/service_config.py | 8 ++++---- .../background_process/service_config_test.py | 14 +++++++------- aikido_zen/sinks/tests/socket_test.py | 18 +++++++++--------- 5 files changed, 23 insertions(+), 23 deletions(-) diff --git a/aikido_zen/background_process/cloud_connection_manager/update_service_config.py b/aikido_zen/background_process/cloud_connection_manager/update_service_config.py index 8e881a29..e09f2c3d 100644 --- a/aikido_zen/background_process/cloud_connection_manager/update_service_config.py +++ b/aikido_zen/background_process/cloud_connection_manager/update_service_config.py @@ -30,4 +30,4 @@ def update_service_config(connection_manager, res): ) if "domains" in res: - connection_manager.conf.update_domains(res["domains"]) + connection_manager.conf.update_outbound_domains(res["domains"]) diff --git a/aikido_zen/background_process/cloud_connection_manager/update_service_config_test.py b/aikido_zen/background_process/cloud_connection_manager/update_service_config_test.py index be35babb..83216530 100644 --- a/aikido_zen/background_process/cloud_connection_manager/update_service_config_test.py +++ b/aikido_zen/background_process/cloud_connection_manager/update_service_config_test.py @@ -108,7 +108,7 @@ def test_update_service_config_failure(): # Set initial values connection_manager.conf.set_block_new_outgoing_requests(True) - connection_manager.conf.update_domains([{"hostname": "test.com", "mode": "block"}]) + connection_manager.conf.update_outbound_domains([{"hostname": "test.com", "mode": "block"}]) # Test failed response res = {"success": False, "blockNewOutgoingRequests": False, "domains": []} @@ -215,7 +215,7 @@ def test_update_service_config_block_new_outgoing_requests_only(): connection_manager.block = False # Set initial domains - connection_manager.conf.update_domains( + connection_manager.conf.update_outbound_domains( [{"hostname": "existing.com", "mode": "allow"}] ) diff --git a/aikido_zen/background_process/service_config.py b/aikido_zen/background_process/service_config.py index 39222a34..8dfb39a2 100644 --- a/aikido_zen/background_process/service_config.py +++ b/aikido_zen/background_process/service_config.py @@ -23,7 +23,7 @@ def __init__( endpoints, last_updated_at, blocked_uids, bypassed_ips, received_any_stats ) self.block_new_outgoing_requests = False - self.domains = {} + self.outbound_domains = {} def update( self, @@ -77,15 +77,15 @@ def is_bypassed_ip(self, ip): """Checks if the IP is on the bypass list""" return self.bypassed_ips.has(ip) - def update_domains(self, domains): - self.domains = {domain["hostname"]: domain["mode"] for domain in domains} + def update_outbound_domains(self, domains): + self.outbound_domains = {domain["hostname"]: domain["mode"] for domain in domains} def set_block_new_outgoing_requests(self, value: bool): """Set whether to block new outgoing requests""" self.block_new_outgoing_requests = bool(value) def should_block_outgoing_request(self, hostname: str) -> bool: - mode = self.domains.get(hostname) + mode = self.outbound_domains.get(hostname) if self.block_new_outgoing_requests: # Only allow outgoing requests if the mode is "allow" diff --git a/aikido_zen/background_process/service_config_test.py b/aikido_zen/background_process/service_config_test.py index 447fd53e..d706d89f 100644 --- a/aikido_zen/background_process/service_config_test.py +++ b/aikido_zen/background_process/service_config_test.py @@ -53,7 +53,7 @@ def test_service_config_set_block_new_outgoing_requests(): def test_service_config_update_domains(): - """Test the update_domains method""" + """Test the update_outbound_domains method""" config = ServiceConfig( endpoints=[], last_updated_at=0, @@ -71,7 +71,7 @@ def test_service_config_update_domains(): {"hostname": "allowed.com", "mode": "allow"}, {"hostname": "test.com", "mode": "block"}, ] - config.update_domains(domains_data) + config.update_outbound_domains(domains_data) assert config.domains == { "example.com": "block", "allowed.com": "allow", @@ -79,11 +79,11 @@ def test_service_config_update_domains(): } # Test updating with empty list - config.update_domains([]) + config.update_outbound_domains([]) assert config.domains == {} # Test updating with single domain - config.update_domains([{"hostname": "single.com", "mode": "allow"}]) + config.update_outbound_domains([{"hostname": "single.com", "mode": "allow"}]) assert config.domains == {"single.com": "allow"} @@ -99,7 +99,7 @@ def test_service_config_should_block_outgoing_request(): # Test with block_new_outgoing_requests = False (default) # Only block if mode is "block" - config.update_domains( + config.update_outbound_domains( [ {"hostname": "blocked.com", "mode": "block"}, {"hostname": "allowed.com", "mode": "allow"}, @@ -125,13 +125,13 @@ def test_service_config_should_block_outgoing_request(): # Test edge cases config.set_block_new_outgoing_requests(False) - config.update_domains([]) # No domains configured + config.update_outbound_domains([]) # No domains configured assert ( config.should_block_outgoing_request("any.com") is False ) # No blocking when no domains config.set_block_new_outgoing_requests(True) - config.update_domains([]) # No domains configured + config.update_outbound_domains([]) # No domains configured assert ( config.should_block_outgoing_request("any.com") is True ) # Block all when block_new_outgoing_requests=True diff --git a/aikido_zen/sinks/tests/socket_test.py b/aikido_zen/sinks/tests/socket_test.py index 7d039276..cfeb0f96 100644 --- a/aikido_zen/sinks/tests/socket_test.py +++ b/aikido_zen/sinks/tests/socket_test.py @@ -44,7 +44,7 @@ def test_socket_getaddrinfo_block_specific_domain(): # Reset cache and set up blocking for specific domain cache = get_cache() cache.reset() - cache.config.update_domains( + cache.config.update_outbound_domains( [ {"hostname": "blocked.com", "mode": "block"}, {"hostname": "allowed.com", "mode": "allow"}, @@ -77,7 +77,7 @@ def test_socket_getaddrinfo_block_all_new_requests(): cache = get_cache() cache.reset() cache.config.set_block_new_outgoing_requests(True) - cache.config.update_domains([{"hostname": "allowed.com", "mode": "allow"}]) + cache.config.update_outbound_domains([{"hostname": "allowed.com", "mode": "allow"}]) # Test that unknown domain raises exception with pytest.raises(Exception) as exc_info: @@ -131,7 +131,7 @@ def test_service_config_should_block_outgoing_request(): assert not config.should_block_outgoing_request("example.com") # Test with specific domain blocked - config.update_domains([{"hostname": "blocked.com", "mode": "block"}]) + config.update_outbound_domains([{"hostname": "blocked.com", "mode": "block"}]) assert config.should_block_outgoing_request("blocked.com") assert not config.should_block_outgoing_request("allowed.com") @@ -141,13 +141,13 @@ def test_service_config_should_block_outgoing_request(): assert config.should_block_outgoing_request("blocked.com") # Still blocked # Test with explicitly allowed domain when block_new_outgoing_requests is True - config.update_domains([{"hostname": "allowed.com", "mode": "allow"}]) + config.update_outbound_domains([{"hostname": "allowed.com", "mode": "allow"}]) assert not config.should_block_outgoing_request("allowed.com") # Explicitly allowed assert config.should_block_outgoing_request("unknown.com") # Unknown still blocked def test_service_config_update_domains(): - """Test the update_domains method""" + """Test the update_outbound_domains method""" config = ServiceConfig( endpoints=[], last_updated_at=0, @@ -160,7 +160,7 @@ def test_service_config_update_domains(): assert config.domains == {} # Test updating domains - config.update_domains( + config.update_outbound_domains( [ {"hostname": "example.com", "mode": "block"}, {"hostname": "allowed.com", "mode": "allow"}, @@ -169,7 +169,7 @@ def test_service_config_update_domains(): assert config.domains == {"example.com": "block", "allowed.com": "allow"} # Test updating with empty list - config.update_domains([]) + config.update_outbound_domains([]) assert config.domains == {} @@ -202,7 +202,7 @@ def test_socket_getaddrinfo_bypassed_ip(): cache.reset() cache.config.set_bypassed_ips(["192.168.1.0/24"]) cache.config.set_block_new_outgoing_requests(True) - cache.config.update_domains([{"hostname": "allowed.com", "mode": "allow"}]) + cache.config.update_outbound_domains([{"hostname": "allowed.com", "mode": "allow"}]) # Bypassed IP not enforced : no context with pytest.raises(Exception) as exc_info: @@ -261,7 +261,7 @@ def test_punycode_normalization(): # Reset cache and set up blocking cache = get_cache() cache.reset() - cache.config.update_domains( + cache.config.update_outbound_domains( [ {"hostname": "ssrf-rédirects.testssandbox.com", "mode": "block"}, ] From af72a382deb9c077fef5e2c521008723423c114b Mon Sep 17 00:00:00 2001 From: BitterPanda Date: Wed, 24 Dec 2025 12:41:37 +0100 Subject: [PATCH 2/8] rename to should_block_outbound_domain and rm bypassed ip check --- aikido_zen/sinks/socket/__init__.py | 13 +++++++++--- .../sinks/socket/report_and_check_hostname.py | 20 ------------------- .../socket/should_block_outbound_domain.py | 13 ++++++++++++ 3 files changed, 23 insertions(+), 23 deletions(-) delete mode 100644 aikido_zen/sinks/socket/report_and_check_hostname.py create mode 100644 aikido_zen/sinks/socket/should_block_outbound_domain.py diff --git a/aikido_zen/sinks/socket/__init__.py b/aikido_zen/sinks/socket/__init__.py index 20c1f83a..bee709fe 100644 --- a/aikido_zen/sinks/socket/__init__.py +++ b/aikido_zen/sinks/socket/__init__.py @@ -1,10 +1,11 @@ """ Sink module for `socket` """ - +from aikido_zen.errors import AikidoSSRF from aikido_zen.helpers.get_argument import get_argument from aikido_zen.sinks import on_import, patch_function, after -from aikido_zen.sinks.socket.report_and_check_hostname import report_and_check_hostname +from aikido_zen.sinks.socket.normalize_hostname import normalize_hostname +from aikido_zen.sinks.socket.should_block_outbound_domain import should_block_outbound_domain from aikido_zen.vulnerabilities import run_vulnerability_scan @@ -14,7 +15,13 @@ def _getaddrinfo_after(func, instance, args, kwargs, return_value): host = get_argument(args, kwargs, 0, "host") port = get_argument(args, kwargs, 1, "port") - report_and_check_hostname(host, port) + # We want a normalized hostname for reporting & blocking outbound domains + # This function decodes the hostname if its written in punycode + hostname = normalize_hostname(host) + + # Store hostname and check if we should stop this request from happening + if should_block_outbound_domain(host, port): + raise AikidoSSRF(f"Zen has blocked an outbound connection to {hostname}") # Run vulnerability scan with the return value (DNS results) op = "socket.getaddrinfo" diff --git a/aikido_zen/sinks/socket/report_and_check_hostname.py b/aikido_zen/sinks/socket/report_and_check_hostname.py deleted file mode 100644 index 74099e91..00000000 --- a/aikido_zen/sinks/socket/report_and_check_hostname.py +++ /dev/null @@ -1,20 +0,0 @@ -from aikido_zen.context import get_current_context -from aikido_zen.errors import AikidoSSRF -from aikido_zen.sinks.socket.normalize_hostname import normalize_hostname -from aikido_zen.thread.thread_cache import get_cache - - -def report_and_check_hostname(hostname, port): - cache = get_cache() - if not cache: - return - - hostname = normalize_hostname(hostname) - cache.hostnames.add(hostname, port) - - context = get_current_context() - is_bypassed = context and cache.is_bypassed_ip(context.remote_address) - - if cache.config and not is_bypassed: - if cache.config.should_block_outgoing_request(hostname): - raise AikidoSSRF(f"Zen has blocked an outbound connection to {hostname}") diff --git a/aikido_zen/sinks/socket/should_block_outbound_domain.py b/aikido_zen/sinks/socket/should_block_outbound_domain.py new file mode 100644 index 00000000..d82cc034 --- /dev/null +++ b/aikido_zen/sinks/socket/should_block_outbound_domain.py @@ -0,0 +1,13 @@ +from aikido_zen.context import get_current_context +from aikido_zen.errors import AikidoSSRF +from aikido_zen.sinks.socket.normalize_hostname import normalize_hostname +from aikido_zen.thread.thread_cache import get_cache + + +def should_block_outbound_domain(hostname, port): + process_cache = get_cache() + if not process_cache: + return False + process_cache.hostnames.add(hostname, port) + + return process_cache.config.should_block_outgoing_request(hostname) From 25d48ad138df5464ed88932a24b2a79e3f7ce711 Mon Sep 17 00:00:00 2001 From: BitterPanda Date: Wed, 24 Dec 2025 12:42:13 +0100 Subject: [PATCH 3/8] use "hostname" to check for blocking --- aikido_zen/sinks/socket/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aikido_zen/sinks/socket/__init__.py b/aikido_zen/sinks/socket/__init__.py index bee709fe..40efcbbb 100644 --- a/aikido_zen/sinks/socket/__init__.py +++ b/aikido_zen/sinks/socket/__init__.py @@ -20,7 +20,7 @@ def _getaddrinfo_after(func, instance, args, kwargs, return_value): hostname = normalize_hostname(host) # Store hostname and check if we should stop this request from happening - if should_block_outbound_domain(host, port): + if should_block_outbound_domain(hostname, port): raise AikidoSSRF(f"Zen has blocked an outbound connection to {hostname}") # Run vulnerability scan with the return value (DNS results) From 1252057d33e2823c74fe93375e6809f2b0a53aea Mon Sep 17 00:00:00 2001 From: BitterPanda Date: Wed, 24 Dec 2025 12:43:00 +0100 Subject: [PATCH 4/8] Rename: domains => outbound_domains --- aikido_zen/sinks/tests/socket_test.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/aikido_zen/sinks/tests/socket_test.py b/aikido_zen/sinks/tests/socket_test.py index cfeb0f96..b6f6d1d5 100644 --- a/aikido_zen/sinks/tests/socket_test.py +++ b/aikido_zen/sinks/tests/socket_test.py @@ -157,7 +157,7 @@ def test_service_config_update_domains(): ) # Test initial state - assert config.domains == {} + assert config.outbound_domains == {} # Test updating domains config.update_outbound_domains( @@ -166,11 +166,11 @@ def test_service_config_update_domains(): {"hostname": "allowed.com", "mode": "allow"}, ] ) - assert config.domains == {"example.com": "block", "allowed.com": "allow"} + assert config.outbound_domains == {"example.com": "block", "allowed.com": "allow"} # Test updating with empty list config.update_outbound_domains([]) - assert config.domains == {} + assert config.outbound_domains == {} def test_service_config_set_block_new_outgoing_requests(): From c60502e38c57269c4aadbaa5ddb08c7041e982b9 Mon Sep 17 00:00:00 2001 From: BitterPanda Date: Wed, 24 Dec 2025 12:43:09 +0100 Subject: [PATCH 5/8] remove unused test case now with bypassed ips --- aikido_zen/sinks/tests/socket_test.py | 41 --------------------------- 1 file changed, 41 deletions(-) diff --git a/aikido_zen/sinks/tests/socket_test.py b/aikido_zen/sinks/tests/socket_test.py index b6f6d1d5..6e8bfa45 100644 --- a/aikido_zen/sinks/tests/socket_test.py +++ b/aikido_zen/sinks/tests/socket_test.py @@ -195,47 +195,6 @@ def test_service_config_set_block_new_outgoing_requests(): assert not config.block_new_outgoing_requests -def test_socket_getaddrinfo_bypassed_ip(): - """Test that getaddrinfo works when IP is in bypassed_ips list""" - # Reset cache and set up bypassed IPs - cache = get_cache() - cache.reset() - cache.config.set_bypassed_ips(["192.168.1.0/24"]) - cache.config.set_block_new_outgoing_requests(True) - cache.config.update_outbound_domains([{"hostname": "allowed.com", "mode": "allow"}]) - - # Bypassed IP not enforced : no context - with pytest.raises(Exception) as exc_info: - socket.getaddrinfo("unknown.com", 80) - assert "Zen has blocked an outbound connection to unknown.com" in str( - exc_info.value - ) - - generate_context(ip="1.1.1.1").set_as_current_context() - with pytest.raises(Exception) as exc_info: - socket.getaddrinfo("unknown.com", 80) - assert "Zen has blocked an outbound connection to unknown.com" in str( - exc_info.value - ) - - generate_context(ip="192.168.1.80").set_as_current_context() - try: - socket.getaddrinfo("unknown.com", 80) - except Exception: - pytest.fail("getaddrinfo should not throw an error if IP is bypassed") - - # Verify hostname was tracked even when bypassed - hostnames = get_cache().hostnames.as_array() - assert ( - len(hostnames) == 1 - ) # All attempts to same hostname:port are tracked together - assert hostnames[0]["hostname"] == "unknown.com" - assert hostnames[0]["port"] == 80 - assert ( - hostnames[0]["hits"] == 3 - ) # All 3 attempts were tracked (2 blocked, 1 bypassed) - - def test_socket_getaddrinfo_ip_address_as_hostname(): """Test that getaddrinfo works when hostname is an IP address""" # Reset cache to ensure clean state From 7490e5af639848e1c300d56f78512595fbcb1098 Mon Sep 17 00:00:00 2001 From: BitterPanda Date: Wed, 24 Dec 2025 12:44:49 +0100 Subject: [PATCH 6/8] Linting & clarification --- .../cloud_connection_manager/update_service_config_test.py | 4 +++- aikido_zen/background_process/service_config.py | 4 +++- aikido_zen/sinks/socket/__init__.py | 5 ++++- aikido_zen/sinks/socket/should_block_outbound_domain.py | 7 ++++--- 4 files changed, 14 insertions(+), 6 deletions(-) diff --git a/aikido_zen/background_process/cloud_connection_manager/update_service_config_test.py b/aikido_zen/background_process/cloud_connection_manager/update_service_config_test.py index 83216530..9b216654 100644 --- a/aikido_zen/background_process/cloud_connection_manager/update_service_config_test.py +++ b/aikido_zen/background_process/cloud_connection_manager/update_service_config_test.py @@ -108,7 +108,9 @@ def test_update_service_config_failure(): # Set initial values connection_manager.conf.set_block_new_outgoing_requests(True) - connection_manager.conf.update_outbound_domains([{"hostname": "test.com", "mode": "block"}]) + connection_manager.conf.update_outbound_domains( + [{"hostname": "test.com", "mode": "block"}] + ) # Test failed response res = {"success": False, "blockNewOutgoingRequests": False, "domains": []} diff --git a/aikido_zen/background_process/service_config.py b/aikido_zen/background_process/service_config.py index 8dfb39a2..283369d7 100644 --- a/aikido_zen/background_process/service_config.py +++ b/aikido_zen/background_process/service_config.py @@ -78,7 +78,9 @@ def is_bypassed_ip(self, ip): return self.bypassed_ips.has(ip) def update_outbound_domains(self, domains): - self.outbound_domains = {domain["hostname"]: domain["mode"] for domain in domains} + self.outbound_domains = { + domain["hostname"]: domain["mode"] for domain in domains + } def set_block_new_outgoing_requests(self, value: bool): """Set whether to block new outgoing requests""" diff --git a/aikido_zen/sinks/socket/__init__.py b/aikido_zen/sinks/socket/__init__.py index 40efcbbb..574f2483 100644 --- a/aikido_zen/sinks/socket/__init__.py +++ b/aikido_zen/sinks/socket/__init__.py @@ -1,11 +1,14 @@ """ Sink module for `socket` """ + from aikido_zen.errors import AikidoSSRF from aikido_zen.helpers.get_argument import get_argument from aikido_zen.sinks import on_import, patch_function, after from aikido_zen.sinks.socket.normalize_hostname import normalize_hostname -from aikido_zen.sinks.socket.should_block_outbound_domain import should_block_outbound_domain +from aikido_zen.sinks.socket.should_block_outbound_domain import ( + should_block_outbound_domain, +) from aikido_zen.vulnerabilities import run_vulnerability_scan diff --git a/aikido_zen/sinks/socket/should_block_outbound_domain.py b/aikido_zen/sinks/socket/should_block_outbound_domain.py index d82cc034..aefdd14b 100644 --- a/aikido_zen/sinks/socket/should_block_outbound_domain.py +++ b/aikido_zen/sinks/socket/should_block_outbound_domain.py @@ -1,6 +1,3 @@ -from aikido_zen.context import get_current_context -from aikido_zen.errors import AikidoSSRF -from aikido_zen.sinks.socket.normalize_hostname import normalize_hostname from aikido_zen.thread.thread_cache import get_cache @@ -8,6 +5,10 @@ def should_block_outbound_domain(hostname, port): process_cache = get_cache() if not process_cache: return False + + # We store the hostname before checking the blocking status + # This is because if we are in lockdown mode and blocking all new hostnames, it should still + # show up in the dashboard. This allows the user to allow traffic to newly detected hostnames. process_cache.hostnames.add(hostname, port) return process_cache.config.should_block_outgoing_request(hostname) From 746570186bccabfb10d201c000f0a2a6261f13f4 Mon Sep 17 00:00:00 2001 From: BitterPanda Date: Wed, 24 Dec 2025 12:46:23 +0100 Subject: [PATCH 7/8] domains => outbound_domains rename --- .../update_service_config_test.py | 16 +++++++++------- .../background_process/service_config_test.py | 10 +++++----- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/aikido_zen/background_process/cloud_connection_manager/update_service_config_test.py b/aikido_zen/background_process/cloud_connection_manager/update_service_config_test.py index 9b216654..be6ddfed 100644 --- a/aikido_zen/background_process/cloud_connection_manager/update_service_config_test.py +++ b/aikido_zen/background_process/cloud_connection_manager/update_service_config_test.py @@ -34,7 +34,7 @@ def test_update_service_config_outbound_blocking(): # Verify that the outbound blocking configuration was set assert connection_manager.conf.block_new_outgoing_requests is True - assert connection_manager.conf.domains == { + assert connection_manager.conf.outbound_domains == { "example.com": "block", "allowed.com": "allow", } @@ -61,7 +61,7 @@ def test_update_service_config_outbound_blocking_false(): # Verify that the outbound blocking configuration was set assert connection_manager.conf.block_new_outgoing_requests is False - assert connection_manager.conf.domains == {} + assert connection_manager.conf.outbound_domains == {} def test_update_service_config_outbound_blocking_missing(): @@ -89,7 +89,7 @@ def test_update_service_config_outbound_blocking_missing(): # Verify that the outbound blocking configuration was not changed assert connection_manager.conf.block_new_outgoing_requests is False - assert connection_manager.conf.domains == {} + assert connection_manager.conf.outbound_domains == {} def test_update_service_config_failure(): @@ -119,7 +119,7 @@ def test_update_service_config_failure(): # Verify that nothing was changed due to failure assert connection_manager.conf.block_new_outgoing_requests is True - assert connection_manager.conf.domains == {"test.com": "block"} + assert connection_manager.conf.outbound_domains == {"test.com": "block"} def test_update_service_config_complete(): @@ -162,7 +162,7 @@ def test_update_service_config_complete(): assert connection_manager.conf.blocked_uids == {"user1", "user2"} assert connection_manager.conf.received_any_stats is True assert connection_manager.conf.block_new_outgoing_requests is True - assert connection_manager.conf.domains == { + assert connection_manager.conf.outbound_domains == { "blocked.com": "block", "allowed.com": "allow", "test.com": "block", @@ -196,7 +196,7 @@ def test_update_service_config_domains_only(): # Verify that only domains were updated assert connection_manager.conf.block_new_outgoing_requests is False # Not changed - assert connection_manager.conf.domains == { + assert connection_manager.conf.outbound_domains == { "api.example.com": "block", "cdn.example.com": "allow", } @@ -231,4 +231,6 @@ def test_update_service_config_block_new_outgoing_requests_only(): # Verify that only blockNewOutgoingRequests was updated assert connection_manager.conf.block_new_outgoing_requests is True - assert connection_manager.conf.domains == {"existing.com": "allow"} # Not changed + assert connection_manager.conf.outbound_domains == { + "existing.com": "allow" + } # Not changed diff --git a/aikido_zen/background_process/service_config_test.py b/aikido_zen/background_process/service_config_test.py index d706d89f..4a9fa6f1 100644 --- a/aikido_zen/background_process/service_config_test.py +++ b/aikido_zen/background_process/service_config_test.py @@ -17,7 +17,7 @@ def test_service_config_outbound_blocking_initialization(): assert hasattr(config, "block_new_outgoing_requests") assert hasattr(config, "domains") assert config.block_new_outgoing_requests is False - assert config.domains == {} + assert config.outbound_domains == {} def test_service_config_set_block_new_outgoing_requests(): @@ -63,7 +63,7 @@ def test_service_config_update_domains(): ) # Test initial state - assert config.domains == {} + assert config.outbound_domains == {} # Test updating with domains domains_data = [ @@ -72,7 +72,7 @@ def test_service_config_update_domains(): {"hostname": "test.com", "mode": "block"}, ] config.update_outbound_domains(domains_data) - assert config.domains == { + assert config.outbound_domains == { "example.com": "block", "allowed.com": "allow", "test.com": "block", @@ -80,11 +80,11 @@ def test_service_config_update_domains(): # Test updating with empty list config.update_outbound_domains([]) - assert config.domains == {} + assert config.outbound_domains == {} # Test updating with single domain config.update_outbound_domains([{"hostname": "single.com", "mode": "allow"}]) - assert config.domains == {"single.com": "allow"} + assert config.outbound_domains == {"single.com": "allow"} def test_service_config_should_block_outgoing_request(): From d53154697ce077e190f9c9aca8d9e8ac265e9c9e Mon Sep 17 00:00:00 2001 From: BitterPanda Date: Wed, 24 Dec 2025 12:52:27 +0100 Subject: [PATCH 8/8] update final broken test case --- aikido_zen/background_process/service_config_test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aikido_zen/background_process/service_config_test.py b/aikido_zen/background_process/service_config_test.py index 4a9fa6f1..d3461169 100644 --- a/aikido_zen/background_process/service_config_test.py +++ b/aikido_zen/background_process/service_config_test.py @@ -15,7 +15,7 @@ def test_service_config_outbound_blocking_initialization(): # Test initial values assert hasattr(config, "block_new_outgoing_requests") - assert hasattr(config, "domains") + assert hasattr(config, "outbound_domains") assert config.block_new_outgoing_requests is False assert config.outbound_domains == {}