akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity
Files
5164ea82d182a6b8517ae88950e291502a488184
Charon/docs/reports
History
GitHub Actions 5164ea82d1 fix(security): eliminate SSRF vulnerability in URL connectivity testing (CWE-918) 
Resolves Critical severity CodeQL finding in url_testing.go by implementing
connection-time IP validation via custom DialContext. This eliminates TOCTOU
vulnerabilities and prevents DNS rebinding attacks.

Technical changes:
- Created ssrfSafeDialer() with atomic DNS resolution and IP validation
- Refactored TestURLConnectivity() to use secure http.Transport
- Added scheme validation (http/https only)
- Prevents access to 13+ blocked CIDR ranges (RFC 1918, cloud metadata, etc.)

Security impact:
- Prevents SSRF attacks (CWE-918)
- Blocks DNS rebinding
- Protects cloud metadata endpoints
- Validates redirect targets

Testing:
- All unit tests pass (88.0% coverage in utils package)
- Pre-commit hooks: passed
- Security scans: zero vulnerabilities
- CodeQL: Critical finding resolved

Refs: #450
2025-12-23 17:10:12 +00:00
..
cerberus_live_logs_qa_report.md
Fix Rate Limiting Issues
2025-12-12 19:21:44 +00:00
ci_failure_diagnosis.md
fix: enhance LAPI readiness checks and update related UI feedback
2025-12-15 07:30:35 +00:00
compliance_qa_report.md
chore: implement instruction compliance remediation
2025-12-21 04:08:42 +00:00
coverage_gap_analysis.md
test: add comprehensive frontend tests for Public URL and invite preview features
2025-12-23 16:32:19 +00:00
coverage_verification.md
test: add comprehensive frontend tests for Public URL and invite preview features
2025-12-23 16:32:19 +00:00
crowdsec_app_level_config.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
crowdsec_bouncer_field_investigation.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
crowdsec_final_validation_20251215.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
crowdsec_final_validation.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
crowdsec_fix_deployment.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
crowdsec_integration_summary.md
Fix Rate Limiting Issues
2025-12-12 19:21:44 +00:00
crowdsec_migration_qa_report.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
crowdsec_production_ready_20251215_205500.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
crowdsec_trusted_proxies_fix.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
crowdsec_validation_final.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
crowdsec-preset-fix-summary.md
Fix Rate Limiting Issues
2025-12-12 19:21:44 +00:00
crowdsec-preset-pull-apply-debug.md
Fix Rate Limiting Issues
2025-12-12 19:21:44 +00:00
definition_of_done_report.md
Fix Rate Limiting Issues
2025-12-12 19:21:44 +00:00
HOTFIX_CROWDSEC_INTEGRATION_ISSUES.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
HTTP_HEADER_SCAN.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
implementation_notes.md
Add ImportSuccessModal tests, enhance AuthContext for token management, and improve useImport hook
2025-12-12 00:05:15 +00:00
precommit_fix_verification.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
precommit_performance_diagnosis.md
fix: remove invalid trusted_proxies structure causing 500 error on proxy host save
2025-12-20 05:46:03 +00:00
qa_agent_skills_migration.md
feat: migrate scripts to Agent Skills following agentskills.io specification
2025-12-20 20:37:16 +00:00
qa_crowdsec_frontend_coverage_report.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
qa_crowdsec_implementation.md
Enhance documentation and testing plans
2025-12-14 02:45:24 +00:00
qa_crowdsec_lapi_availability_fix.md
fix: enhance LAPI readiness checks and update related UI feedback
2025-12-15 07:30:35 +00:00
qa_crowdsec_startup_test_failure.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
qa_crowdsec_toggle_fix_summary.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
qa_final_crowdsec_validation.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
qa_i18n_report.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
qa_race_and_test_failures_2025-12-12.md
Fix Rate Limiting Issues
2025-12-12 19:21:44 +00:00
qa_report_bulk_apply_headers.md
feat: add security header profiles to bulk apply
2025-12-20 15:19:06 +00:00
qa_report_capi_fix.md
Fix Rate Limiting Issues
2025-12-12 19:21:44 +00:00
qa_report_crowdsec_architecture.md
fix: enhance LAPI readiness checks and update related UI feedback
2025-12-15 07:30:35 +00:00
qa_report_crowdsec_markdownlint_20251212.md
Fix Rate Limiting Issues
2025-12-12 19:21:44 +00:00
qa_report_crowdsec_startup_fix.md
fix(security): resolve CrowdSec startup and permission issues
2025-12-23 01:59:21 +00:00
qa_report_crowdsec_verification.md
fix(crowdsec): resolve non-root container migration issues
2025-12-22 04:03:04 +00:00
qa_report_docker_tag_fix_pr421.md
fix: use PR number instead of ref_name for Docker image tags
2025-12-17 20:00:44 +00:00
qa_report_final.md
test: increase test coverage to 86.1% and fix SSRF test failures
2025-12-23 05:46:44 +00:00
qa_report_geoip_v2.md
fix: enhance LAPI readiness checks and update related UI feedback
2025-12-15 07:30:35 +00:00
qa_report_i18n.md
fix: remove invalid trusted_proxies structure causing 500 error on proxy host save
2025-12-20 05:46:03 +00:00
qa_report_issue20_security_headers.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
qa_report_issue365.md
feat(docs): add comprehensive container hardening configuration and validation steps
2025-12-23 06:52:19 +00:00
qa_report_proxy_host_update_fix.md
fix: remove invalid trusted_proxies structure causing 500 error on proxy host save
2025-12-20 05:46:03 +00:00
qa_report_rate_limiting_20251212.md
Fix Rate Limiting Issues
2025-12-12 19:21:44 +00:00
qa_report_sidebar_ui.md
feat: improve sidebar and header UX with scrollable navigation and fixed header
2025-12-21 21:04:13 +00:00
qa_report_ssrf_fix.md
fix(security): eliminate SSRF vulnerability in URL connectivity testing (CWE-918)
2025-12-23 17:10:12 +00:00
qa_report_standard_proxy_headers.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
qa_report.md
test: increase test coverage to 86.1% and fix SSRF test failures
2025-12-23 05:46:44 +00:00
qa_security_headers_fix_2025-12-18.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
qa_security_weekly_workflow.md
feat: add weekly security workflow implementation and documentation
2025-12-14 02:03:38 +00:00
qa_ssrf_remediation_report.md
feat(security): comprehensive SSRF protection implementation
2025-12-23 15:09:22 +00:00
qa_summary_sidebar_ui.md
feat: improve sidebar and header UX with scrollable navigation and fixed header
2025-12-21 21:04:13 +00:00
qa_test_coverage_audit.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
qa_uiux_testing_report.md
Enhance documentation and testing plans
2025-12-14 02:45:24 +00:00
rate_limit_fix_summary.md
Enhance documentation and testing plans
2025-12-14 02:45:24 +00:00
rate_limit_test_status.md
fix: enhance LAPI readiness checks and update related UI feedback
2025-12-15 07:30:35 +00:00
security_headers_bug_fix_summary.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
security_headers_trace.md
fix: add missing field handlers in proxy host Update endpoint
2025-12-20 01:55:52 +00:00
SSRF_DOCUMENTATION_UPDATE_SUMMARY.md
fix(security): eliminate SSRF vulnerability in URL connectivity testing (CWE-918)
2025-12-23 17:10:12 +00:00