akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity

chore: Implement CodeQL CI Alignment and Security Scanning

Browse Source 
- Added comprehensive QA report for CodeQL CI alignment implementation, detailing tests, results, and findings.
- Created CodeQL security scanning guide in documentation, outlining usage and common issues.
- Developed pre-commit hooks for CodeQL scans and findings checks, ensuring security issues are identified before commits.
- Implemented scripts for running CodeQL Go and JavaScript scans, aligned with CI configurations.
- Verified all tests passed, including backend and frontend coverage, TypeScript checks, and SARIF file generation.
This commit is contained in:
GitHub Actions
2025-12-24 14:35:33 +00:00
parent 369182f460
commit 70bd60dbce
23 changed files with 6049 additions and 652 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
backend/internal/utils/url_testing.go
View File

@@ -165,6 +165,12 @@ func TestURLConnectivity(rawURL string, transport ...http.RoundTripper) (bool, f
// Add custom User-Agent header
req.Header.Set("User-Agent", "Charon-Health-Check/1.0")
// codeql[go/request-forgery] Safe: URL validated by security.ValidateExternalURL() which:
// 1. Validates URL format and scheme (HTTPS required in production)
// 2. Resolves DNS and blocks private/reserved IPs (RFC 1918, loopback, link-local)
// 3. Uses ssrfSafeDialer for connection-time IP revalidation (TOCTOU protection)
// 4. No redirect following allowed
// See: internal/security/url_validator.go
resp, err := client.Do(req)
latency := time.Since(start).Seconds() * 1000 // Convert to milliseconds