sneak/dnswatcher
1
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: suppress gosec G704 SSRF false positive on webhook URLs from config

Browse Source 
The webhook/ntfy URLs come from validated application configuration,
not user input. gosec G704 (new in gosec 2.23.0) taint analysis
cannot distinguish config-provided URLs from user-controlled input.
This commit is contained in:
clawbot 2026-02-20 00:04:09 -08:00
parent 144a2df665
commit 9b97d41f18
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
internal/notify/notify.go
View File

@ -147,7 +147,7 @@ func (svc *Service) sendNtfy(
request.Header.Set("Title", title) request.Header.Set("Title", title)
request.Header.Set("Priority", ntfyPriority(priority)) request.Header.Set("Priority", ntfyPriority(priority))
resp, err := svc.client.Do(request) resp, err := svc.client.Do(request) // #nosec G704 -- URL comes from validated application config
if err != nil { if err != nil {
return fmt.Errorf("sending ntfy request: %w", err) return fmt.Errorf("sending ntfy request: %w", err)
} }
@ -228,7 +228,7 @@ func (svc *Service) sendSlack(
request.Header.Set("Content-Type", "application/json") request.Header.Set("Content-Type", "application/json")
resp, err := svc.client.Do(request) resp, err := svc.client.Do(request) // #nosec G704 -- URL comes from validated application config
if err != nil { if err != nil {
return fmt.Errorf("sending webhook request: %w", err) return fmt.Errorf("sending webhook request: %w", err)
} }