Go modules · proxy.golang.org
github.com/azure/agentbaker/e2e
DNS / OAST exfiltration: matched "dig %s +timeout=1 +tries=1\", testdomain)\n\texecResult := execScriptOnVMForScenarioValidateExitCode(ctx, s, command, 0, \"dns resolution failed\")\n\tassert.Contains(s.T, execResult.stdout, \"status: NOERROR\")\n\tassert.Contains(s.T, execResult.stdout, fmt.Sprintf(\"SERVER: %s\", server))\n}\n\n// ValidateLocalDNSHostsFile checks that /etc/localdns/hosts contains at least one IPv4 entry for each critical FQDN.\n// This validation approach avoids flakiness with CDN/frontdoor-backed FQDNs (like mcr.microsoft.com) whose A records\n// can rotate between queries. We verify presence, not exact IP matching.\n// The hosts file is populated asynchronously by the aks-localdns-hosts-setup timer/service, so we poll with a timeout.\nfunc ValidateLocalDNSHostsFile(ctx context.Context, s *Scenario, fqdns []string) {\n\ts.T.Helper()\n\n\t// Build script that polls until all FQDNs have at least one IPv4 entry in hosts file\n\tscript := fmt.Sprintf(`set -euo pipefail\nhosts_file=\"/etc/localdns/hosts\"\nfqdns=(%s)\ntimeout_secs=60\npoll_interval_secs=5\ndeadline=$("
Why PkgRadar flagged v0.0.0-20260611162412-8c2eba584c3e
| Severity | Signal | Evidence |
|---|---|---|
| high | DNS / OAST exfiltration | matched "dig %s +timeout=1 +tries=1\", testdomain)\n\texecResult := execScriptOnVMForScenarioValidateExitCode(ctx, s, command, 0, \"dns resolution failed\")\n\tassert.Contains(s.T, execResult.stdout, \"status: NOERROR\")\n\tassert.Contains(s.T, execResult.stdout, fmt.Sprintf(\"SERVER: %s\", server))\n}\n\n// ValidateLocalDNSHostsFile checks that /etc/localdns/hosts contains at least one IPv4 entry for each critical FQDN.\n// This validation approach avoids flakiness with CDN/frontdoor-backed FQDNs (like mcr.microsoft.com) whose A records\n// can rotate between queries. We verify presence, not exact IP matching.\n// The hosts file is populated asynchronously by the aks-localdns-hosts-setup timer/service, so we poll with a timeout.\nfunc ValidateLocalDNSHostsFile(ctx context.Context, s *Scenario, fqdns []string) {\n\ts.T.Helper()\n\n\t// Build script that polls until all FQDNs have at least one IPv4 entry in hosts file\n\tscript := fmt.Sprintf(`set -euo pipefail\nhosts_file=\"/etc/localdns/hosts\"\nfqdns=(%s)\ntimeout_secs=60\npoll_interval_secs=5\ndeadline=$(" · github.com/azure/agentbaker/[email protected]/validators.go |
| medium | Remote Payload | matched "curl " · github.com/azure/agentbaker/[email protected]/validation.go |
| medium | Remote Payload | matched "curl " · github.com/azure/agentbaker/[email protected]/vmss.go |
| medium | Go Mod Replace Local | go.mod replace directive redirects to a local filesystem path — non-portable / dev-time only. · github.com/azure/agentbaker/[email protected]/go.mod |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.0.0-20260611162412-8c2eba584c3e | High risk | 69 | 2026-06-12 |
v0.0.0-20260611025422-daafbe188387 | High risk | 69 | 2026-06-12 |
v0.0.0-20260609235615-633b13eaad52 | High risk | 69 | 2026-06-10 |
v0.0.0-20260609200021-45b09243bcab | High risk | 69 | 2026-06-10 |
v0.0.0-20260608233926-7621ec23b9aa | High risk | 69 | 2026-06-10 |
v0.0.0-20260606014231-0af3ae244542 | High risk | 69 | 2026-06-07 |
v0.0.0-20260604022731-d085e99d4700 | High risk | 69 | 2026-06-05 |
v0.0.0-20260603223357-fe79f8172c8a | High risk | 69 | 2026-06-05 |
v0.0.0-20260414002304-ccb3417dfc54 | Review | 39 | 2026-06-05 |
v0.0.0-20260530014150-99aa2a7fbf4c | High risk | 69 | 2026-05-31 |
Block this in CI
pkgradar gate --ecosystem go github.com/azure/agentbaker/[email protected]