Conversation
…nk optimization for C #35
- Added check for active rules (only process packet if at least 1 active rule) - Removed PID check duplication code on rules and logging - Added no proessing with no logging - CLI APP - Log Only TCP SYN Connections - Added PID Caching - Added multi Threads - Improved Packet Processing - Optimized packet lookup from O(n) to O(1)
- GUI no longer handle the windivert drivers - GUI pass C Stop method to stop all drivers and network threads - ProxyBridge now validate the application already running - Fixed Driver load unload issues from GUI - GUI save local config real time instead of on exit - GUI now handle close and clean up on force stop from windows - GUI operate more smoothly
added EBPF added demo CLI code
Fixed buffer and free use vuln
…o remove all garbage from memory, updated C connection track to remove all connection more efficiently
improved run time memory usage reduced logging, removed unwanted logs, added more UI optimization
…sue in C connection
- added code optimization - removed unwanted code - added compression in nsis installer
… to tunnel - reoved unwanted rule match log
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: self-hosted | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup .NET | ||
| uses: actions/setup-dotnet@v4 | ||
| with: | ||
| dotnet-version: '9.0.x' | ||
|
|
||
| - name: Verify WinDivert installation | ||
| run: | | ||
| if (Test-Path "C:\WinDivert-2.2.2-A") { | ||
| Write-Host "WinDivert found at C:\WinDivert-2.2.2-A" | ||
| } else { | ||
| Write-Error "WinDivert not found. Please install WinDivert 2.2.2-A at C:\WinDivert-2.2.2-A" | ||
| exit 1 | ||
| } | ||
| shell: pwsh | ||
|
|
||
| - name: Build and sign project | ||
| run: .\Windows\compile.ps1 | ||
| shell: pwsh | ||
|
|
||
| - name: List built files | ||
| run: | | ||
| Write-Host "`nBuild artifacts:" | ||
| Get-ChildItem Windows/output -Recurse | ForEach-Object { | ||
| $size = [math]::Round($_.Length/1MB, 2) | ||
| Write-Host " $($_.Name) - $size MB" | ||
| } | ||
| shell: pwsh | ||
|
|
||
| - name: Upload installer to release | ||
| uses: softprops/action-gh-release@v1 | ||
| with: | ||
| files: Windows/output/ProxyBridge-Setup-*.exe | ||
|
|
||
| - name: Upload build artifacts | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: ProxyBridge-Release-${{ github.event.release.tag_name }} | ||
| path: Windows/output/ | ||
| retention-days: 90 |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 2 months ago
To fix the problem, explicitly set a permissions: block so the GITHUB_TOKEN has only the scopes this workflow needs. The steps are: (1) add a top‑level permissions: block (or a job‑level one) and (2) restrict it to the least privileges required. In this workflow, actions/checkout and the build steps require read access to repository contents, and softprops/action-gh-release needs to write to the release assets; no other special scopes are evident.
The single best minimal change without altering functionality is to define permissions at the workflow root, applying to all jobs. Add, near the top of .github/workflows/release-windows.yml, a block:
permissions:
contents: writeThis ensures the job can upload assets to the release while avoiding overly broad default permissions. Concretely, insert this block after the on: section (after line 5 and before jobs: at line 7). No additional methods, imports, or definitions are needed because this is purely a workflow‑configuration change.
| @@ -4,6 +4,9 @@ | ||
| release: | ||
| types: [created] | ||
|
|
||
| permissions: | ||
| contents: write | ||
|
|
||
| jobs: | ||
| build-and-release: | ||
| runs-on: self-hosted |
|
1 participant
Pull Request
Required Pre-Submission Checklist
devbranch (NOTmaster)masterbranch is ONLY updated when a new release is createdmasterwill be REJECTED⛔ Critical Information
DO NOT submit a pull request directly to the
masterbranch. The master branch is only updated when a new release is created. No direct commits or merges are accepted to master - neither from the InterceptSuite team nor from contributors.All changes MUST be submitted to the
devbranch, which contains the latest code and commits.You MUST create a GitHub issue first before submitting a pull request. This allows the InterceptSuite team to:
Pull requests without an associated issue will be rejected.
Pull Request Details
Type of Change
Related GitHub Issue
Issue Link:
Platform(s) Affected
macOS Application Changes
Does this pull request include changes to the macOS application?
If YES, you MUST answer the following:
macOS Code Signing & Verification
Description of Changes
What does this pull request do?
How has this been tested?
Compilation & Dependencies
New dependencies (if any):
Screenshots/Logs (if applicable)
Additional Context
Final Checklist
devbranch