diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index 2ee7a85..da43cde 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -1,6 +1,5 @@ name: 🔨 Build Test on: - push: pull_request: workflow_dispatch: @@ -21,6 +20,6 @@ jobs: - name: Test run: go test ./... - # Todo: create example folder - # - name: Build - # run: go build . \ No newline at end of file + - name: Build + run: go run main.go + working-directory: examples/ \ No newline at end of file diff --git a/.github/workflows/lint-test.yml b/.github/workflows/lint-test.yml index 9d45d98..fd17be2 100644 --- a/.github/workflows/lint-test.yml +++ b/.github/workflows/lint-test.yml @@ -1,6 +1,5 @@ name: 🙏🏻 Lint Test on: - push: pull_request: workflow_dispatch: diff --git a/README.md b/README.md index 597ed92..1c44b64 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,13 @@ # networkpolicy + +[![License](https://img.shields.io/github/license/projectdiscovery/networkpolicy)](LICENSE.md) +![Go version](https://img.shields.io/github/go-mod/go-version/projectdiscovery/networkpolicy?filename=go.mod) +[![Release](https://img.shields.io/github/release/projectdiscovery/networkpolicy)](https://github.com/projectdiscovery/networkpolicy/releases/) +[![Checks](https://github.com/projectdiscovery/networkpolicy/actions/workflows/build-test.yml/badge.svg)](https://github.com/projectdiscovery/networkpolicy/actions/workflows/build-test.yml) +[![GoDoc](https://pkg.go.dev/badge/projectdiscovery/networkpolicy)](https://pkg.go.dev/github.com/projectdiscovery/networkpolicy) + + + The package acts as an embeddable configurable container handling allow/deny verdicts over a series of conditions including - IPs - CIDRs diff --git a/examples/main.go b/examples/main.go new file mode 100644 index 0000000..21016c8 --- /dev/null +++ b/examples/main.go @@ -0,0 +1,55 @@ +package main + +import ( + "crypto/tls" + "errors" + "log" + "net/http" + "net/http/httputil" + + "github.com/projectdiscovery/networkpolicy" +) + +func main() { + var npOptions networkpolicy.Options + // deny connections to localhost + npOptions.DenyList = append(npOptions.DenyList, "127.0.0.0/8") + + np, err := networkpolicy.New(npOptions) + if err != nil { + log.Fatal(err) + } + + customRedirectHandler := func(req *http.Request, via []*http.Request) error { + // if at least one address is valid we follow the redirect + if _, ok := np.ValidateHost(req.Host); ok { + return nil + } + return errors.New("redirected to a forbidden target") + } + + client := &http.Client{ + CheckRedirect: customRedirectHandler, + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: true, + }, + }, + } + req, err := http.NewRequest(http.MethodGet, "https://scanme.sh", nil) + if err != nil { + log.Fatal(err) + } + resp, err := client.Do(req) + if err != nil { + log.Fatal(err) + } + + bin, err := httputil.DumpResponse(resp, true) + + if err != nil { + log.Fatal(err) + } + + log.Println(string(bin)) +}