step-security · varunsh-coder · May 2, 2025 · May 2, 2025 · May 2, 2025 · May 2, 2025
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -18,7 +18,7 @@ builds:
     flags:
       - -trimpath
     ldflags:
-      - -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date=123
+      - -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date=123 -X main.ReleaseTag={{.Tag}}
 
 
     # Optionally override the matrix generation and specify only the final list of targets.

diff --git a/agent_test.go b/agent_test.go
@@ -159,6 +159,9 @@ func TestRun(t *testing.T) {
 	httpmock.RegisterResponder("GET", "https://apiurl/v1/github/owner/repo/actions/subscription",
 		httpmock.NewStringResponder(403, ""))
 
+	httpmock.RegisterResponder("GET", "https://apiurl/v1/global-feature-flags?agent_type=agent-oss&version=",
+		httpmock.NewStringResponder(200, `{"agent_type":"agent-oss","enable_armour":false}`))
+
 	tests := []struct {
 		name    string
 		args    args

diff --git a/apiclient.go b/apiclient.go
@@ -6,6 +6,8 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"net/url"
+	"path"
 	"time"
 )
 
@@ -107,28 +109,43 @@ func (apiclient *ApiClient) getSubscriptionStatus(repo string) bool {
 
 func (apiclient *ApiClient) getGlobalFeatureFlags() GlobalFeatureFlags {
 
-	url := fmt.Sprintf("%s/global-feature-flags?agent_type=%s", apiclient.APIURL, AgentTypeGitHubHosted)
+	u, err := url.Parse(apiclient.APIURL)
+	if err != nil {
+		return GlobalFeatureFlags{}
+	}
+
+	u.Path = path.Join(u.Path, "global-feature-flags")
+
+	// Add query parameters
+	values := url.Values{}
+	values.Add("agent_type", AgentTypeOSS)
+	values.Add("version", ReleaseTag) // v1.3.6
+	u.RawQuery = values.Encode()
 
-	req, err := http.NewRequest(http.MethodGet, url, nil)
+	req, err := http.NewRequest(http.MethodGet, u.String(), nil)
 
 	if err != nil {
+		fmt.Println("Error creating request:", err)
 		return GlobalFeatureFlags{}
 	}
 
 	resp, err := apiclient.Client.Do(req)
 
 	if err != nil {
+		fmt.Println("Error sending request:", err)
 		return GlobalFeatureFlags{}
 	}
 
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
+		fmt.Println("Error reading response body:", err)
 		return GlobalFeatureFlags{}
 	}
 
 	var globalFeatureFlags GlobalFeatureFlags
 	err = json.Unmarshal(body, &globalFeatureFlags)
 	if err != nil {
+		fmt.Println("Error unmarshalling response body:", err)
 		return GlobalFeatureFlags{}
 	}
 

diff --git a/buildinfo.go b/buildinfo.go
@@ -0,0 +1,13 @@
+package main
+
+import "fmt"
+
+// filled through ldflags
+var (
+	ReleaseTag = ""
+	commit     = ""
+)
+
+func LogBuildInfo() {
+	WriteLog(fmt.Sprintf("[buildInfo] tag=%s commit=%s \n", ReleaseTag, commit))
+}
diff --git a/common.go b/common.go
@@ -18,11 +18,6 @@ func getPidsOfInterest() []uint32 {
 	// our process
 	out = append(out, uint32(os.Getpid()))
 
-	// systemd-resolved
-	systemdResolvePid, _ := pidOf("systemd-resolved")
-
-	out = append(out, uint32(systemdResolvePid))
-
 	return out
 }
 
@@ -47,9 +42,6 @@ func getFilesOfInterest() []string {
 func getProcFilesOfInterest() []string {
 	out := []string{}
 
-	// our memory files
-	out = append(out, getProcMemFiles(uint64(os.Getpid()))...)
-
 	// runner worker memory files
 	runnerWorker, _ := pidOf("Runner.Worker")
 	out = append(out, getProcMemFiles(runnerWorker)...)
@@ -94,7 +86,6 @@ func getProcMemFiles(pid uint64) []string {
 	}
 
 	out = []string{
-		fmt.Sprintf("/proc/%d/maps", pid),
 		fmt.Sprintf("/proc/%d/mem", pid),
 	}
 

diff --git a/global_feature_flags.go b/global_feature_flags.go
@@ -7,7 +7,7 @@ import (
 )
 
 const (
-	AgentTypeGitHubHosted = "githubhosted"
+	AgentTypeOSS = "agent-oss"
 )
 
 type GlobalFeatureFlags struct {
@@ -51,7 +51,7 @@ func (manager *GlobalFeatureFlagManager) refresh() error {
 	defer manager.mutex.Unlock()
 
 	flags := manager.apiClient.getGlobalFeatureFlags()
-
+	WriteLog(fmt.Sprintf("Global feature flags: %+v", flags))
 	manager.flags = flags
 	return nil
 }

diff --git a/go.mod b/go.mod
@@ -10,7 +10,7 @@ require (
 	github.com/jarcoal/httpmock v1.3.0
 	github.com/miekg/dns v1.1.53
 	github.com/pkg/errors v0.9.1
-	github.com/step-security/armour v1.0.1
+	github.com/step-security/armour v1.0.4
 )
 
 require (

diff --git a/go.sum b/go.sum
@@ -102,6 +102,8 @@ github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDN
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
 github.com/step-security/armour v1.0.1 h1:+Lae8o/cbSV0HFD4wKhx4mHnQCTEJ8ndRN0gfmu1t3I=
 github.com/step-security/armour v1.0.1/go.mod h1:I6pTEysb5fd3Cc79tvCMVp70RqhvMYbawfoq5Gz0cPI=
+github.com/step-security/armour v1.0.4 h1:bTtvS4A9TTG83sSXW/+nno9cQOgqaueAedGdunE1eaY=
+github.com/step-security/armour v1.0.4/go.mod h1:I6pTEysb5fd3Cc79tvCMVp70RqhvMYbawfoq5Gz0cPI=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=

diff --git a/release-monitor.yml b/release-monitor.yml
@@ -6,7 +6,7 @@ release-process:
   reproducible-build:
     - artifact: agent_{{.Version}}_linux_amd64.tar.gz
       binary: agent
-      build-command: go build -trimpath -ldflags="-s -w -X main.version={{.Version}} -X main.commit={{.FullCommit}} -X main.date=123"
+      build-command: go build -trimpath -ldflags="-s -w -X main.version={{.Version}} -X main.commit={{.FullCommit}} -X main.date=123 -X main.ReleaseTag={{.Tag}}"
       go-version: 1.19.8      
   pipeline:
     github-action:

diff --git a/sudo.go b/sudo.go
@@ -25,7 +25,7 @@ func (s *Sudo) disableSudo(tempDir string) error {
 	if err != nil {
 		return fmt.Errorf("error backing up sudoers file: %v", err)
 	}
-	err = os.Remove(sudoersFile)
+	err = os.Truncate(sudoersFile, 0)
 	if err != nil {
 		return fmt.Errorf("unable to delete sudoers file at %s: %v", sudoersFile, err)
 	}