xenOs76 · xenOs76 · Dec 4, 2025 · Nov 29, 2025 · Nov 29, 2025 · Nov 29, 2025
diff --git a/.github/workflows/codeChecks.yml b/.github/workflows/codeChecks.yml
@@ -0,0 +1,42 @@
+---
+name: code checks
+on:
+  push:
+    paths:
+      - "cmd/**"
+      - "internal/**"
+      - "pkg/**"
+      - "*.go"
+      - "go.*"
+jobs:
+  code_check_job:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go-version: ['1.24', '1.25']
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Setup Go
+        uses: actions/setup-go@v6
+        with:
+          go-version: ${{ matrix.go-version }}
+
+      - name: Install dependencies
+        run: go get .
+
+      - name: Build
+        run: go build -v ./...
+
+      - name: Test with the Go CLI
+        run: go test -v ./...
+
+      - name: Check for vulnerabilities
+        uses: golang/govulncheck-action@v1
+        with:
+          go-version-input: ${{ matrix.go-version }}
+          go-package: ./...
+          work-dir: .
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -13,7 +13,7 @@ jobs:
       DOCKER_CLI_EXPERIMENTAL: "enabled"
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
       - uses: cachix/install-nix-action@v31
@@ -28,9 +28,9 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GH_GORELEASER_TOKEN }}
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
-          go-version: 1.24
+          go-version: '1.24.9'
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v6
         with:

diff --git a/.github/workflows/vulncheck.yml b/.github/workflows/vulncheck.yml
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/xenos76/https-wrench
 
-go 1.24.4
+go 1.24.9
 
 require (
 	github.com/alecthomas/assert/v2 v2.11.0

diff --git a/internal/requests/requests.go b/internal/requests/requests.go
@@ -7,9 +7,11 @@ import (
 	"crypto/x509"
 	"errors"
 	"fmt"
+	"io"
 	"net"
 	"net/http"
 	"net/http/httputil"
+	"os"
 	"strings"
 	"time"
 
@@ -181,11 +183,13 @@ func (r *RequestsMetaConfig) SetRequests(requests []RequestConfig) *RequestsMeta
 	return r
 }
 
-func (r *RequestsMetaConfig) PrintCmd() {
+func (r *RequestsMetaConfig) PrintCmd(w io.Writer) {
 	if r.RequestVerbose {
-		fmt.Println()
-		fmt.Println(style.LgSprintf(style.Cmd, "Requests"))
-		fmt.Println()
+		fmt.Fprintf(
+			w,
+			"\n%s\n",
+			style.LgSprintf(style.Cmd, "Requests"),
+		)
 	}
 }
 
@@ -201,50 +205,62 @@ func (r *RequestConfig) PrintTitle(isVerbose bool) {
 	}
 }
 
-func (r *RequestConfig) PrintRequestDebug(req *http.Request) {
+func (r *RequestConfig) PrintRequestDebug(w io.Writer, req *http.Request) error {
+	if req == nil {
+		return errors.New("nil pointer to http.Request")
+	}
+
 	if r.RequestDebug {
 		reqDump, err := httputil.DumpRequestOut(req, true)
 		if err != nil {
-			fmt.Printf("Warning: failed to dump request: %v\n", err)
-			return
+			fmt.Fprintf(w, "Warning: failed to dump request: %v\n", err)
+			return err
 		}
 
-		fmt.Printf("Requesting url: %s\n", req.URL)
-		fmt.Printf("Request dump:\n%s\n", string(reqDump))
+		_, err = fmt.Fprintf(w, "Requesting url: %s\nRequest dump:\n%s\n", req.URL, string(reqDump))
+
+		return err
 	}
+
+	return nil
 }
 
-func (r *RequestConfig) PrintResponseDebug(resp *http.Response) {
+func (r *RequestConfig) PrintResponseDebug(w io.Writer, resp *http.Response) {
+	// TODO: return an error
+	if resp == nil {
+		return
+	}
+
 	if r.ResponseDebug {
 		respDump, err := httputil.DumpResponse(resp, true)
 		if err != nil {
-			fmt.Printf("Warning: failed to dump response: %v\n", err)
+			fmt.Fprintf(w, "Warning: failed to dump response: %v\n", err)
 			return
 		}
 
-		fmt.Printf("Requested url: %s\n", resp.Request.URL)
-		fmt.Printf("Response dump:\n%s\n", string(respDump))
+		fmt.Fprintf(w, "Requested url: %s\n", resp.Request.URL)
+		fmt.Fprintf(w, "Response dump:\n%s\n", string(respDump))
 
 		if resp.TLS != nil {
-			fmt.Println("TLS:")
-			fmt.Printf("Version: %v\n", TLSVersionName(resp.TLS.Version))
-			fmt.Printf("CipherSuite: %v\n", cipherSuiteName(resp.TLS.CipherSuite))
+			fmt.Fprintln(w, "TLS:")
+			fmt.Fprintf(w, "Version: %v\n", TLSVersionName(resp.TLS.Version))
+			fmt.Fprintf(w, "CipherSuite: %v\n", cipherSuiteName(resp.TLS.CipherSuite))
 
 			for i, cert := range resp.TLS.PeerCertificates {
-				fmt.Printf("Certificate %d:\n", i)
+				fmt.Fprintf(w, "Certificate %d:\n", i)
 				certinfo.PrintCertInfo(cert, 1)
 			}
 
 			for i, chain := range resp.TLS.VerifiedChains {
-				fmt.Printf("Verified Chain %d:\n", i)
+				fmt.Fprintf(w, "Verified Chain %d:\n", i)
 
 				for j, cert := range chain {
-					fmt.Printf(" Cert %d:\n", j)
+					fmt.Fprintf(w, " Cert %d:\n", j)
 					certinfo.PrintCertInfo(cert, 2)
 				}
 			}
 		} else {
-			fmt.Println("TLS: Not available (non-TLS connection)")
+			fmt.Fprintln(w, "TLS: Not available (non-TLS connection)")
 		}
 	}
 }
@@ -275,6 +291,14 @@ func (rc *RequestHTTPClient) SetServerName(serverName string) (*RequestHTTPClien
 			"*RequestHTTPClient.client is nil. Use NewRequestHTTPClient to initialize")
 	}
 
+	if serverName == emptyString {
+		return nil, errors.New("serverName cannot be empty")
+	}
+
+	if strings.Contains(serverName, "://") {
+		return nil, fmt.Errorf("serverName should be a hostname, not a URL: %s", serverName)
+	}
+
 	transport, ok := rc.client.Transport.(*http.Transport)
 	if !ok {
 		return nil, fmt.Errorf("expected *http.Transport, got %T", rc.client.Transport)
@@ -406,9 +430,15 @@ func (rc *RequestHTTPClient) SetTransportOverride(transportURL string) (*Request
 	return rc, nil
 }
 
-func (rc *RequestHTTPClient) SetProxyProtocolV2(header proxyproto.Header) (*RequestHTTPClient, error) {
+func (rc *RequestHTTPClient) SetProxyProtocolV2(enable bool) *RequestHTTPClient {
+	rc.enableProxyProtoV2 = enable
+
+	return rc
+}
+
+func (rc *RequestHTTPClient) SetProxyProtocolHeader(header proxyproto.Header) (*RequestHTTPClient, error) {
 	if rc.transportAddress == emptyString {
-		return nil, errors.New("SetProxyProtocolV2 failed: transportOverrideURL not set")
+		return nil, errors.New("SetProxyProtocolHeader failed: transportOverrideURL not set")
 	}
 
 	if rc.client == nil {
@@ -457,18 +487,17 @@ func (rc *RequestHTTPClient) SetClientTimeout(timeout int) (*RequestHTTPClient,
 			"*RequestHTTPClient.client is nil. Use NewRequestHTTPClient to initialize")
 	}
 
+	if timeout < 0 {
+		return nil, fmt.Errorf("timeout value must be positive: %v provided", timeout)
+	}
+
 	t := time.Duration(timeout) * time.Second
 	rc.client.Timeout = t
 
 	return rc, nil
 }
 
 func NewHTTPClientFromRequestConfig(r RequestConfig, serverName string, caPool *x509.CertPool) (*RequestHTTPClient, error) {
-	if r.EnableProxyProtocolV2 && r.TransportOverrideURL == emptyString {
-		return nil, errors.New(
-			"if EnableProxyProtocolV2 is true, a TransportOverrideURL must be set")
-	}
-
 	reqClient := NewRequestHTTPClient()
 
 	_, err := reqClient.SetCACertsPool(caPool)
@@ -501,15 +530,22 @@ func NewHTTPClientFromRequestConfig(r RequestConfig, serverName string, caPool *
 		return nil, fmt.Errorf("SetTransportOverride error: %w", err)
 	}
 
+	reqClient.SetProxyProtocolV2(r.EnableProxyProtocolV2)
+
+	if r.EnableProxyProtocolV2 && r.TransportOverrideURL == emptyString {
+		return nil, errors.New(
+			"if EnableProxyProtocolV2 is true, a TransportOverrideURL must be set")
+	}
+
 	if r.EnableProxyProtocolV2 && reqClient.transportAddress != emptyString {
 		header, err := proxyProtoHeaderFromRequest(r, serverName)
 		if err != nil {
 			return nil, fmt.Errorf("error creating proxyproto Header: %w", err)
 		}
 
-		_, err = reqClient.SetProxyProtocolV2(header)
+		_, err = reqClient.SetProxyProtocolHeader(header)
 		if err != nil {
-			return nil, fmt.Errorf("SetProxyProtocolV2 error: %w", err)
+			return nil, fmt.Errorf("SetProxyProtocolHeader error: %w", err)
 		}
 	}
 
@@ -563,7 +599,9 @@ func processHTTPRequestsByHost(r RequestConfig, caPool *x509.CertPool, isVerbose
 				req.Header.Add(header.Key, header.Value)
 			}
 
-			r.PrintRequestDebug(req)
+			if err := r.PrintRequestDebug(os.Stdout, req); err != nil {
+				fmt.Fprintf(os.Stderr, "Warning: PrintRequestDebug failed: %v\n", err)
+			}
 
 			resp, err := reqClient.client.Do(req)
 			if err != nil {
@@ -580,7 +618,7 @@ func processHTTPRequestsByHost(r RequestConfig, caPool *x509.CertPool, isVerbose
 				continue
 			}
 
-			r.PrintResponseDebug(resp)
+			r.PrintResponseDebug(os.Stdout, resp)
 
 			responseData.Response = resp
 

diff --git a/internal/requests/requests_handlers.go b/internal/requests/requests_handlers.go
@@ -10,6 +10,7 @@ import (
 	"net"
 	"net/http"
 	"net/url"
+	"os"
 	"regexp"
 	"slices"
 	"strconv"
@@ -205,7 +206,7 @@ func proxyProtoHeaderFromRequest(r RequestConfig, serverName string) (proxyproto
 func HandleRequests(cfg *RequestsMetaConfig) (map[string][]ResponseData, error) {
 	responseDataMap := make(map[string][]ResponseData)
 
-	cfg.PrintCmd()
+	cfg.PrintCmd(os.Stdout)
 
 	for _, r := range cfg.Requests {
 		responseDataList, err := processHTTPRequestsByHost(