3aaa059a15
- Updated UsersPage tests to check for specific URL formats instead of regex patterns. - Increased timeout for Go coverage report generation to handle larger repositories. - Cleaned up generated artifacts before running CodeQL analysis to reduce false positives. - Removed outdated QA testing report for authentication fixes on the certificates page. - Added final report confirming successful resolution of authentication issues with certificate endpoints. - Deleted previous test output files to maintain a clean test results directory.
1.8 KiB
1.8 KiB
SSRF Remediation Plan (Index)
This file is intentionally SSRF-focused only.
The authoritative, Supervisor-updated SSRF plan is:
Merge policy (Supervisor requirement)
- The global CodeQL exclusion for
go/request-forgeryin .github/codeql/codeql-config.yml must be removed in the same PR/merge as the underlying SSRF fixes. - Phase 0 can include local-only recon (e.g., temporary local edit of CodeQL config to surface findings), but must not be a mergeable intermediate state.
SSRF call sites (current known)
- Uptime monitor HTTP checks:
(*UptimeService).checkMonitorin backend/internal/services/uptime_service.go - CrowdSec LAPI:
(*CrowdsecHandler).GetLAPIDecisionsand(*CrowdsecHandler).CheckLAPIHealthin backend/internal/api/handlers/crowdsec_handler.go - Caddy Admin API:
caddy.NewClientand(*Client).Load/GetConfig/Pingin backend/internal/caddy/client.go - URL connectivity test (SSRF-sensitive client):
utils.TestURLConnectivityin backend/internal/utils/url_testing.go
Relocated content (no deletions)
- Patch coverage (Codecov) plan (previous Appendix A): docs/plans/patch-coverage-codecov.md
- CodeQL/Trivy local scan hygiene notes (generated artifacts, skip dirs, etc.): docs/plans/codeql-local-hygiene.md
- DNS provider feature spec (implementation-level): docs/implementation/dns_providers_IMPLEMENTATION.md