akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity
Files
c9d9c52657eb2a0597121d6d76f69e838c51b63b
Charon/backend
T
History
GitHub Actions c9d9c52657 fix(security): eliminate SSRF vulnerability with comprehensive test coverage (CWE-918) 
Resolves Critical severity CodeQL finding in url_testing.go by implementing
connection-time IP validation via custom DialContext. Added comprehensive
test coverage for all SSRF protection mechanisms across the codebase.

Technical changes:
- Created ssrfSafeDialer() with atomic DNS resolution and IP validation
- Refactored TestURLConnectivity() to use secure http.Transport
- Added scheme validation (http/https only)
- Prevents access to 13+ blocked CIDR ranges

Test coverage improvements:
- Backend: 85.1% → 86.5% (+1.4%)
- Patch coverage: 70% → 86.5% (+16.5%)
- Added 38 new test cases across 7 functions
- docker_service.go: 0% → 85.2%
- update_service.go: 26% → 95.2%
- crowdsec/registration.go: 18% → 92.3%

Security impact:
- Prevents SSRF attacks (CWE-918)
- Blocks DNS rebinding
- Protects cloud metadata endpoints
- Validates all URL inputs with comprehensive tests

Testing:
- All 1172+ tests passing
- govulncheck: zero vulnerabilities
- Trivy: zero issues
- Pre-commit: passing

Refs: #450
2025-12-23 17:42:21 +00:00
..
cmd
fix(security): resolve CrowdSec startup and permission issues
2025-12-23 01:59:21 +00:00
integration
feat: Add full integration testing for Cerberus security stack
2025-12-12 23:29:30 +00:00
internal
fix(security): eliminate SSRF vulnerability with comprehensive test coverage (CWE-918)
2025-12-23 17:42:21 +00:00
tools
Add QA test outputs, build scripts, and Dockerfile validation
2025-12-11 18:26:24 +00:00
.env.example
Add QA test outputs, build scripts, and Dockerfile validation
2025-12-11 18:26:24 +00:00
.golangci.yml
Add QA test outputs, build scripts, and Dockerfile validation
2025-12-11 18:26:24 +00:00
detailed_coverage.txt
test: increase test coverage to 86.1% and fix SSRF test failures
2025-12-23 05:46:44 +00:00
final_coverage.txt
test: increase test coverage to 86.1% and fix SSRF test failures
2025-12-23 05:46:44 +00:00
go.mod
fix(deps): update module github.com/oschwald/geoip2-golang/v2 to v2.1.0
2025-12-23 05:56:41 +00:00
go.sum
fix(deps): update module github.com/oschwald/geoip2-golang/v2 to v2.1.0
2025-12-23 05:56:41 +00:00
package-lock.json
chore(deps): update npm minor/patch
2025-12-16 15:53:48 +00:00
package.json
chore(deps): update npm minor/patch
2025-12-16 15:53:48 +00:00
README.md
Fix Rate Limiting Issues
2025-12-12 19:21:44 +00:00
test-output-final.txt
Fix Rate Limiting Issues
2025-12-12 19:21:44 +00:00
user_handler_coverage.txt
test: increase test coverage to 86.1% and fix SSRF test failures
2025-12-23 05:46:44 +00:00

README.md

Backend Service

This folder contains the Go API for CaddyProxyManager+.

Prerequisites

  • Go 1.24+

Getting started

cp .env.example .env # optional
cd backend
go run ./cmd/api

Tests

cd backend
go test ./...
Reference in New Issue View Git Blame Copy Permalink