Pulse

vrr/Pulse

Fork 0

mirror of https://github.com/rcourtman/Pulse.git synced 2026-04-28 19:41:17 +00:00

Commit graph

Author	SHA1	Message	Date
rcourtman	7c1ebbecd5	fix(security): enhance webhook validation, enforce API scopes, and improve test coverage	2026-02-03 22:41:44 +00:00
rcourtman	0c9c99a700	test: Add secure webhook client tests for redirect handling Tests SSRF protection in webhook client: - Redirect limit enforcement (max 3) - Blocking redirects to private networks (10.x, 192.168.x, 172.16.x) - Blocking redirects to link-local addresses (169.254.x) - Allowing valid redirects to allowlisted servers Coverage: createSecureWebhookClient 18.2% -> 100%	2025-12-02 10:26:34 +00:00

Author

SHA1

Message

Date

rcourtman

7c1ebbecd5

fix(security): enhance webhook validation, enforce API scopes, and improve test coverage

2026-02-03 22:41:44 +00:00

rcourtman

0c9c99a700

test: Add secure webhook client tests for redirect handling

Tests SSRF protection in webhook client:
- Redirect limit enforcement (max 3)
- Blocking redirects to private networks (10.x, 192.168.x, 172.16.x)
- Blocking redirects to link-local addresses (169.254.x)
- Allowing valid redirects to allowlisted servers

Coverage: createSecureWebhookClient 18.2% -> 100%

2025-12-02 10:26:34 +00:00

2 commits