akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 10 Packages Projects Releases Wiki Activity

fix(security): resolve CWE-918 SSRF vulnerability in notification service

Browse Source 
- Apply URL validation using security.ValidateWebhookURL() to all webhook
  HTTP request paths in notification_service.go
- Block private IPs (RFC 1918), cloud metadata endpoints, and loopback
- Add comprehensive SSRF test coverage
- Add CodeQL VS Code tasks for local security scanning
- Update Definition of Done to include CodeQL scans
- Clean up stale SARIF files from repo root

Resolves CI security gate failure for CWE-918.
This commit is contained in:
GitHub Actions
2025-12-24 03:53:35 +00:00
parent a9faf882f4
commit 323b2aa637
14 changed files with 1472 additions and 586 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Chiron.code-workspace
+5 -1
View File
@@ -2,9 +2,13 @@
"folders": [
{
"path": "."
},
{
"path": "../codeql"
}
],
"settings": {
"codeQL.createQuery.qlPackLocation": "/projects/Charon"
"codeQL.createQuery.qlPackLocation": "/projects/Charon",
"sarif-viewer.connectToGithubCodeScanning": "on"
}
}