Charon

akanealw/Charon

Fork 0

Commit Graph

Author	SHA1	Message	Date
GitHub Actions	323b2aa637	fix(security): resolve CWE-918 SSRF vulnerability in notification service - Apply URL validation using security.ValidateWebhookURL() to all webhook HTTP request paths in notification_service.go - Block private IPs (RFC 1918), cloud metadata endpoints, and loopback - Add comprehensive SSRF test coverage - Add CodeQL VS Code tasks for local security scanning - Update Definition of Done to include CodeQL scans - Clean up stale SARIF files from repo root Resolves CI security gate failure for CWE-918.	2025-12-24 03:53:35 +00:00

Author

SHA1

Message

Date

GitHub Actions

323b2aa637

fix(security): resolve CWE-918 SSRF vulnerability in notification service

- Apply URL validation using security.ValidateWebhookURL() to all webhook
  HTTP request paths in notification_service.go
- Block private IPs (RFC 1918), cloud metadata endpoints, and loopback
- Add comprehensive SSRF test coverage
- Add CodeQL VS Code tasks for local security scanning
- Update Definition of Done to include CodeQL scans
- Clean up stale SARIF files from repo root

Resolves CI security gate failure for CWE-918.

2025-12-24 03:53:35 +00:00

1 Commits