sneak/dnswatcher
1
0
Fork 0
Code Issues 6 Pull Requests 4 Actions Packages Projects Releases Wiki Activity

Compare commits

base: sneak:21e516e86ce7bcad2fb79454ecf1cba503af252b
Branches Tags
sneak:main
sneak:fix/iterative-resolution-timeout
sneak:fix/mock-resolver-tests
sneak:fix/query-timeout-and-recursive-resolution
sneak:fix/make-check-resolver-tests
sneak:fix/remove-unimplemented-stubs
sneak:fix/tls-expiry-dedup
sneak:fix/domain-port-tls-state-lookup
sneak:fix/state-save-data-race
sneak:fix/gosec-g704-ssrf
sneak:feature/watcher-implementation
sneak:feature/unified-targets
...
compare: sneak:9b97d41f18589b12c354294cd761951918451352
Branches Tags
sneak:fix/iterative-resolution-timeout
sneak:fix/mock-resolver-tests
sneak:fix/query-timeout-and-recursive-resolution
sneak:fix/make-check-resolver-tests
sneak:main
sneak:fix/remove-unimplemented-stubs
sneak:fix/tls-expiry-dedup
sneak:fix/domain-port-tls-state-lookup
sneak:fix/state-save-data-race
sneak:fix/gosec-g704-ssrf
sneak:feature/watcher-implementation
sneak:feature/unified-targets

1 Commits
21e516e86c ... 9b97d41f18

Author SHA1 Message Date
clawbot
9b97d41f18 fix: suppress gosec G704 SSRF false positive on webhook URLs from config 
The webhook/ntfy URLs come from validated application configuration,
not user input. gosec G704 (new in gosec 2.23.0) taint analysis
cannot distinguish config-provided URLs from user-controlled input.
 2026-02-20 00:04:09 -08:00
1 changed files with 2 additions and 2 deletions
Show Stats Expand all files Collapse all files

4
internal/notify/notify.go
View File

@ -147,7 +147,7 @@ func (svc *Service) sendNtfy(
request.Header.Set("Title", title)
request.Header.Set("Priority", ntfyPriority(priority))
resp, err := svc.client.Do(request)
resp, err := svc.client.Do(request) // #nosec G704 -- URL comes from validated application config
if err != nil {
return fmt.Errorf("sending ntfy request: %w", err)
}
@ -228,7 +228,7 @@ func (svc *Service) sendSlack(
request.Header.Set("Content-Type", "application/json")
resp, err := svc.client.Do(request)
resp, err := svc.client.Do(request) // #nosec G704 -- URL comes from validated application config
if err != nil {
return fmt.Errorf("sending webhook request: %w", err)
}