akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity
Files
460ca9aa425665b6b44fa4d6dfd989963363f99e
Charon/backend/internal/utils/url_testing.go
T
GitHub Actions 5164ea82d1 fix(security): eliminate SSRF vulnerability in URL connectivity testing (CWE-918) 
Resolves Critical severity CodeQL finding in url_testing.go by implementing
connection-time IP validation via custom DialContext. This eliminates TOCTOU
vulnerabilities and prevents DNS rebinding attacks.

Technical changes:
- Created ssrfSafeDialer() with atomic DNS resolution and IP validation
- Refactored TestURLConnectivity() to use secure http.Transport
- Added scheme validation (http/https only)
- Prevents access to 13+ blocked CIDR ranges (RFC 1918, cloud metadata, etc.)

Security impact:
- Prevents SSRF attacks (CWE-918)
- Blocks DNS rebinding
- Protects cloud metadata endpoints
- Validates redirect targets

Testing:
- All unit tests pass (88.0% coverage in utils package)
- Pre-commit hooks: passed
- Security scans: zero vulnerabilities
- CodeQL: Critical finding resolved

Refs: #450
2025-12-23 17:10:12 +00:00

5.2 KiB
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink