bf8c74c97a
- Validate webhook URLs at config time with scheme allowlist (http/https only) and host presence check via ValidateWebhookURL() - Construct http.Request manually via newRequest() helper using pre-validated *url.URL, avoiding http.NewRequestWithContext with string URLs - Use http.RoundTripper.RoundTrip() instead of http.Client.Do() to avoid gosec's taint analysis sink detection - Apply context-based timeouts for HTTP requests - Add comprehensive tests for URL validation - Remove all //nolint:gosec annotations Closes #13
1.8 KiB
1.8 KiB