Merged
Conversation
NOTE - Still under developent with almost no testing done if this method work with all required features same as mac and windows - Moved Local Git to public dev branch - Added Windows arch in Linux - Moved from EBPF based development to NFQUEUE - Added test CLI
…ction track, fixed pid lookup, added falback, improved lookup speed moved windows core to Linux code
moved windows filter validation for broadcast ip and pid reserved to linux
…eanup. improved compilation
added build scrippt, Copied Windows CLI into Linux C CLI
…, fixed linux and windows any ip udp associate
added cache for process name, exit check
…n) to o(1) in logging
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+12
to
+104
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Install build dependencies | ||
| run: | | ||
| sudo apt-get update | ||
| sudo apt-get install -y \ | ||
| build-essential \ | ||
| gcc \ | ||
| make \ | ||
| libnetfilter-queue-dev \ | ||
| libnfnetlink-dev \ | ||
| libgtk-3-dev \ | ||
| pkg-config | ||
| shell: bash | ||
|
|
||
| - name: Verify dependencies | ||
| run: | | ||
| echo "=== Checking GCC ===" | ||
| gcc --version | ||
| echo "" | ||
| echo "=== Checking Make ===" | ||
| make --version | ||
| echo "" | ||
| echo "=== Checking pkg-config ===" | ||
| pkg-config --version | ||
| echo "" | ||
| echo "=== Checking GTK3 ===" | ||
| pkg-config --modversion gtk+-3.0 | ||
| echo "" | ||
| echo "=== Checking libnetfilter_queue ===" | ||
| pkg-config --modversion libnetfilter_queue || echo "Package info not available, but headers should be present" | ||
| shell: bash | ||
|
|
||
| - name: Build project | ||
| run: | | ||
| cd Linux | ||
| chmod +x build.sh | ||
| ./build.sh | ||
| shell: bash | ||
|
|
||
| - name: Verify build output | ||
| run: | | ||
| echo "=== Build Output ===" | ||
| ls -lh Linux/output/ | ||
| echo "" | ||
| if [ -f "Linux/output/libproxybridge.so" ]; then | ||
| echo "✓ Library built successfully" | ||
| file Linux/output/libproxybridge.so | ||
| else | ||
| echo "✗ Library build failed" | ||
| exit 1 | ||
| fi | ||
| echo "" | ||
| if [ -f "Linux/output/ProxyBridge" ]; then | ||
| echo "✓ CLI built successfully" | ||
| file Linux/output/ProxyBridge | ||
| else | ||
| echo "✗ CLI build failed" | ||
| exit 1 | ||
| fi | ||
| echo "" | ||
| if [ -f "Linux/output/ProxyBridgeGUI" ]; then | ||
| echo "✓ GUI built successfully" | ||
| file Linux/output/ProxyBridgeGUI | ||
| else | ||
| echo "⚠ GUI build skipped (GTK3 not available or build failed)" | ||
| fi | ||
| shell: bash | ||
|
|
||
| - name: Upload artifacts | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: ProxyBridge-Linux-Build-${{ github.sha }} | ||
| path: Linux/output/ | ||
| retention-days: 30 | ||
|
|
||
| - name: Display build summary | ||
| run: | | ||
| echo "" | ||
| echo "=========================================" | ||
| echo "Build Complete!" | ||
| echo "=========================================" | ||
| cd Linux/output | ||
| for file in *; do | ||
| size=$(du -h "$file" | cut -f1) | ||
| echo " $file - $size" | ||
| done | ||
| echo "=========================================" | ||
| shell: bash |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 29 days ago
To fix the problem, explicitly declare minimal GITHUB_TOKEN permissions in the workflow. Since this job only needs to read repository contents (for actions/checkout) and upload artifacts (which does not require repository write access), we can safely restrict permissions to contents: read at the workflow or job level.
The best fix without changing functionality is to add a root‑level permissions block right under the name: line in .github/workflows/build-linux.yml, applying to all jobs that don’t override it. For example:
name: Build Linux
permissions:
contents: readNo other permissions appear necessary for the shown steps. No additional imports, methods, or definitions are required; this is a pure YAML configuration change.
Suggested changeset
1
.github/workflows/build-linux.yml
| @@ -1,4 +1,6 @@ | ||
| name: Build Linux | ||
| permissions: | ||
| contents: read | ||
|
|
||
| on: | ||
| push: |
Copilot is powered by AI and may make mistakes. Always verify output.
Comment on lines
+10
to
+129
| runs-on: ubuntu-latest | ||
| if: github.event_name == 'release' || (github.event_name == 'workflow_dispatch' && github.actor == github.repository_owner) | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Install build dependencies | ||
| run: | | ||
| sudo apt-get update | ||
| sudo apt-get install -y \ | ||
| build-essential \ | ||
| gcc \ | ||
| make \ | ||
| libnetfilter-queue-dev \ | ||
| libnfnetlink-dev \ | ||
| libgtk-3-dev \ | ||
| pkg-config | ||
| shell: bash | ||
|
|
||
| - name: Build project | ||
| run: | | ||
| cd Linux | ||
| chmod +x build.sh | ||
| ./build.sh | ||
| shell: bash | ||
|
|
||
| - name: Copy setup script to output | ||
| run: | | ||
| echo "Copying setup.sh to output directory..." | ||
| cp Linux/setup.sh Linux/output/ | ||
| chmod +x Linux/output/setup.sh | ||
| echo "✓ Setup script copied" | ||
| shell: bash | ||
|
|
||
| - name: Verify build output | ||
| run: | | ||
| echo "=== Build Output ===" | ||
| ls -lh Linux/output/ | ||
| echo "" | ||
| if [ -f "Linux/output/libproxybridge.so" ]; then | ||
| echo "✓ Library built successfully" | ||
| file Linux/output/libproxybridge.so | ||
| else | ||
| echo "✗ Library build failed" | ||
| exit 1 | ||
| fi | ||
| echo "" | ||
| if [ -f "Linux/output/ProxyBridge" ]; then | ||
| echo "✓ CLI built successfully" | ||
| file Linux/output/ProxyBridge | ||
| else | ||
| echo "✗ CLI build failed" | ||
| exit 1 | ||
| fi | ||
| echo "" | ||
| if [ -f "Linux/output/setup.sh" ]; then | ||
| echo "✓ Setup script copied" | ||
| else | ||
| echo "✗ Setup script missing" | ||
| exit 1 | ||
| fi | ||
| shell: bash | ||
|
|
||
| - name: Extract version from tag | ||
| id: version | ||
| run: | | ||
| if [ "${{ github.event_name }}" == "release" ]; then | ||
| VERSION="${{ github.event.release.tag_name }}" | ||
| else | ||
| VERSION="dev-$(date +%Y%m%d-%H%M%S)" | ||
| fi | ||
| # Remove 'v' prefix if present | ||
| VERSION="${VERSION#v}" | ||
| echo "version=$VERSION" >> $GITHUB_OUTPUT | ||
| echo "Version: $VERSION" | ||
| shell: bash | ||
|
|
||
| - name: Create release archive | ||
| run: | | ||
| VERSION="${{ steps.version.outputs.version }}" | ||
| ARCHIVE_NAME="ProxyBridge-Linux-v${VERSION}.tar.gz" | ||
|
|
||
| echo "Creating archive: $ARCHIVE_NAME" | ||
| cd Linux/output | ||
| tar -czf "../$ARCHIVE_NAME" ./* | ||
|
|
||
| echo "" | ||
| echo "Archive created successfully:" | ||
| ls -lh "../$ARCHIVE_NAME" | ||
|
|
||
| # Move archive to root for upload | ||
| mv "../$ARCHIVE_NAME" "../../$ARCHIVE_NAME" | ||
| shell: bash | ||
|
|
||
| - name: List release files | ||
| run: | | ||
| echo "" | ||
| echo "===================================" | ||
| echo "Release Files:" | ||
| echo "===================================" | ||
| ls -lh ProxyBridge-Linux-*.tar.gz | ||
|
|
||
| echo "" | ||
| echo "Archive contents:" | ||
| tar -tzf ProxyBridge-Linux-*.tar.gz | ||
| shell: bash | ||
|
|
||
| - name: Upload archive to release | ||
| if: github.event_name == 'release' | ||
| uses: softprops/action-gh-release@v1 | ||
| with: | ||
| files: ProxyBridge-Linux-v*.tar.gz | ||
|
|
||
| - name: Upload build artifacts | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: ProxyBridge-Linux-Release-${{ steps.version.outputs.version }} | ||
| path: ProxyBridge-Linux-*.tar.gz | ||
| retention-days: 90 |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 29 days ago
In general, the fix is to add an explicit permissions: block that grants the minimal required scopes to the GITHUB_TOKEN. This can be done at the workflow root (applies to all jobs) or at the job level. Since only this single job exists in the snippet, adding it at the workflow root is simple and future-proof.
The best minimal fix without changing functionality is:
- At the top level of
.github/workflows/release-linux.yml, add apermissions:block after theon:block (or beforejobs:) that setscontents: write. This is sufficient because the job usessoftprops/action-gh-release, which needs to create or update release assets (requiringcontents: write), and the other steps only read the repo contents viaactions/checkoutand upload artifacts to Actions storage (which does not need additional scopes). - No other imports or code changes are needed; this is purely a workflow YAML configuration change.
Concretely, edit .github/workflows/release-linux.yml to insert:
permissions:
contents: writebetween the on: section (line 3–6) and jobs: (line 8).
Suggested changeset
1
.github/workflows/release-linux.yml
| @@ -5,6 +5,9 @@ | ||
| types: [published, created] | ||
| workflow_dispatch: | ||
|
|
||
| permissions: | ||
| contents: write | ||
|
|
||
| jobs: | ||
| build-and-release: | ||
| runs-on: ubuntu-latest |
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request
Required Pre-Submission Checklist
devbranch (NOTmaster)masterbranch is ONLY updated when a new release is createdmasterwill be REJECTED⛔ Critical Information
DO NOT submit a pull request directly to the
masterbranch. The master branch is only updated when a new release is created. No direct commits or merges are accepted to master - neither from the InterceptSuite team nor from contributors.All changes MUST be submitted to the
devbranch, which contains the latest code and commits.You MUST create a GitHub issue first before submitting a pull request. This allows the InterceptSuite team to:
Pull requests without an associated issue will be rejected.
Pull Request Details
Type of Change
Related GitHub Issue
Issue Link:
Platform(s) Affected
macOS Application Changes
Does this pull request include changes to the macOS application?
If YES, you MUST answer the following:
macOS Code Signing & Verification
Description of Changes
What does this pull request do?
How has this been tested?
Compilation & Dependencies
New dependencies (if any):
Screenshots/Logs (if applicable)
Additional Context
Final Checklist
devbranch