sneak/upaas
1
0
Fork 0
Code Issues 14 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
4f81d9cb70
upaas/internal/service
History
clawbot 4f81d9cb70 fix: address review feedback - security hardening and lint cleanup 
- Remove all nolint:gosec annotations from branch, use targeted #nosec
  with explanations only where gosec taint analysis produces false positives
- Remove unused loginRequest struct (was causing G117 + unused lint errors)
- Add SanitizeLogs() for container log output (attacker-controlled data)
- Add validateWebhookURL() helper with scheme validation for SSRF defense
- Add path traversal protection via filepath.Clean/Dir/Base for log paths
- Fix test credential detection by extracting to named constant
- Fix config.go: use filepath.Clean for session secret path
- Fix formatting issues

All make check passes with zero failures.
2026-02-20 03:00:02 -08:00
..
app fix: use hashed webhook secrets for constant-time comparison 2026-02-15 14:06:53 -08:00
auth fix: set DestroySession MaxAge to -1 instead of -1*time.Second (closes #39) 2026-02-15 22:07:57 -08:00
deploy fix: resolve all lint issues on main branch 2026-02-20 02:39:18 -08:00
notify fix: address review feedback - security hardening and lint cleanup 2026-02-20 03:00:02 -08:00
webhook Revert "Merge pull request 'feat: add Gitea Actions CI for make check (closes #96)' (#98) from feat/ci-make-check into main" 2026-02-19 20:36:22 -08:00