sneak/dnswatcher
1
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects Releases Wiki Activity
21e516e86c
dnswatcher/internal
History
user 21e516e86c fix: validate webhook URL scheme/host against SSRF (gosec G704) 
Replace bare url.ParseRequestURI with parseWebhookURL that enforces:
- Scheme must be http or https (blocks file://, gopher://, etc.)
- Host must be non-empty

This provides actual SSRF protection at config load time. The nolint:gosec
annotations remain because gosec's taint analysis cannot trace validation
across function boundaries — there is no code pattern that satisfies G704
for user-configured webhook URLs. The suppression is justified by the
scheme/host validation in parseWebhookURL.
2026-02-20 00:13:02 -08:00
..
config feat: unify DOMAINS/HOSTNAMES into single TARGETS config 2026-02-19 20:09:39 -08:00
globals Initial scaffold with per-nameserver DNS monitoring model 2026-02-19 21:05:39 +01:00
handlers Initial scaffold with per-nameserver DNS monitoring model 2026-02-19 21:05:39 +01:00
healthcheck Initial scaffold with per-nameserver DNS monitoring model 2026-02-19 21:05:39 +01:00
logger Initial scaffold with per-nameserver DNS monitoring model 2026-02-19 21:05:39 +01:00
middleware Initial scaffold with per-nameserver DNS monitoring model 2026-02-19 21:05:39 +01:00
notify fix: validate webhook URL scheme/host against SSRF (gosec G704) 2026-02-20 00:13:02 -08:00
portcheck Initial scaffold with per-nameserver DNS monitoring model 2026-02-19 21:05:39 +01:00
resolver Initial scaffold with per-nameserver DNS monitoring model 2026-02-19 21:05:39 +01:00
server Initial scaffold with per-nameserver DNS monitoring model 2026-02-19 21:05:39 +01:00
state Initial scaffold with per-nameserver DNS monitoring model 2026-02-19 21:05:39 +01:00
tlscheck Initial scaffold with per-nameserver DNS monitoring model 2026-02-19 21:05:39 +01:00
watcher Initial scaffold with per-nameserver DNS monitoring model 2026-02-19 21:05:39 +01:00