akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 14 Packages Projects Releases Wiki Activity
1,531 Commits 11 Branches 107 Tags
d25712aad1e58d2dc369dddb5ad3fdb773a2d8e6
Commit Graph

5 Commits

Author SHA1 Message Date
GitHub Actions
f8667bcc66 fix: enhance CodeQL custom model for SSRF protection clarity and update URL validation comments 2026-01-01 03:29:38 +00:00
GitHub Actions
beb230c0d6 fix: sanitize user input for log injection protection in ProxyHostHandler 2026-01-01 03:06:36 +00:00
GitHub Actions
5a3f0fed62 fix: update CodeQL custom model and comments in TestURLConnectivity for improved SSRF protection clarity 2026-01-01 03:02:23 +00:00
GitHub Actions
d2447da604 fix: enhance SSRF protection documentation and improve function return clarity in TestURLConnectivity 2025-12-31 23:30:56 +00:00
GitHub Actions
f46d19b3c0 fix(security): enhance SSRF defense-in-depth with monitoring (CWE-918) 
- Add CodeQL custom model recognizing ValidateExternalURL as sanitizer
- Enhance validation: hostname length (RFC 1035), IPv6-mapped IPv4 blocking
- Integrate Prometheus metrics (charon_ssrf_blocks_total, charon_url_validation_total)
- Add security audit logging with sanitized error messages
- Fix test race conditions with atomic types
- Update SECURITY.md with 5-layer defense documentation

Related to: #450
Coverage: Backend 86.3%, Frontend 87.27%
Security scans: CodeQL, Trivy, govulncheck all clean
 2025-12-31 21:17:08 +00:00