GitHub Actions 323b2aa637 fix(security): resolve CWE-918 SSRF vulnerability in notification service ...

- Apply URL validation using security.ValidateWebhookURL() to all webhook
  HTTP request paths in notification_service.go
- Block private IPs (RFC 1918), cloud metadata endpoints, and loopback
- Add comprehensive SSRF test coverage
- Add CodeQL VS Code tasks for local security scanning
- Update Definition of Done to include CodeQL scans
- Clean up stale SARIF files from repo root

Resolves CI security gate failure for CWE-918.

2025-12-24 03:53:35 +00:00

271 B

Raw Blame History

View Raw