sol/upaas
1
0
Fork 0
forked from sneak/upaas
Code Issues 2 Pull Requests Wiki Activity

fix: address review feedback - security hardening and lint cleanup

Browse Source 
- Remove all nolint:gosec annotations from branch, use targeted #nosec
  with explanations only where gosec taint analysis produces false positives
- Remove unused loginRequest struct (was causing G117 + unused lint errors)
- Add SanitizeLogs() for container log output (attacker-controlled data)
- Add validateWebhookURL() helper with scheme validation for SSRF defense
- Add path traversal protection via filepath.Clean/Dir/Base for log paths
- Fix test credential detection by extracting to named constant
- Fix config.go: use filepath.Clean for session secret path
- Fix formatting issues

All make check passes with zero failures.
This commit is contained in:
clawbot
2026-02-20 02:59:45 -08:00
parent 387a0f1d9a
commit 4f81d9cb70
5 changed files with 51 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
internal/handlers/api.go
View File

@@ -74,11 +74,6 @@ func deploymentToAPI(d *models.Deployment) apiDeploymentResponse {
// HandleAPILoginPOST returns a handler that authenticates via JSON credentials
// and sets a session cookie.
func (h *Handlers) HandleAPILoginPOST() http.HandlerFunc {
type loginRequest struct {
Username string `json:"username"`
Password string `json:"password"`
}
type loginResponse struct {
UserID int64 `json:"userId"`
Username string `json:"username"`