vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-05-12 22:28:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
Pulse/internal/monitoring
History
rcourtman 413ef73953 improve webhook system security and robustness 
addresses security vulnerabilities and improves webhook reliability

Changes:
- Add SSRF protection with redirect controls and strict URL validation
- Add response size limits (1MB cap) to prevent memory exhaustion
- Fix race condition in SendTestNotification
- Add per-webhook rate limiting (10 req/min)
- Add Retry-After header support for proper backoff
- Extract magic numbers to configurable constants
- Block localhost, link-local, and cloud metadata endpoints
- Add secure HTTP client with redirect validation
- Remove duplicate function definitions
- Clean up unused code

Security improvements:
- Prevents SSRF attacks via redirect chains
- Protects against DoS via large responses
- Rate limits prevent webhook flooding
- Thread-safe webhook operations

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-30 15:57:28 +00:00
..
metrics_history.go chore: tidy repo formatting and linting 2025-09-29 20:19:18 +00:00
monitor.go improve webhook system security and robustness 2025-09-30 15:57:28 +00:00
monitor_optimized.go chore: tidy repo formatting and linting 2025-09-29 20:19:18 +00:00
poller.go chore: tidy repo formatting and linting 2025-09-29 20:19:18 +00:00
ratetracker.go chore: tidy repo formatting and linting 2025-09-29 20:19:18 +00:00
reload.go chore: tidy repo formatting and linting 2025-09-29 20:19:18 +00:00