search

Dargon789 / safe-wallet-web

Safe{Wallet} – multisig EVM wallet
https://app.safe.global
GNU General Public License v3.0
1 stars 1 forks source link

Fix code scanning alert no. 3: Server-side request forgery #17

Closed Dargon789 closed 2 weeks ago

Dargon789 commented 2 weeks ago

Fixes https://github.com/Dargon789/safe-wallet-web/security/code-scanning/3

To fix the SSRF vulnerability, we need to ensure that the URL used in the fetch request is strictly controlled and validated against a predefined list of allowed domains. This involves:

  1. Enhancing the validation logic to ensure that only URLs from a strict allow-list are used.
  2. Ensuring that the appUrl is fully sanitized and validated before being used in any network requests.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

codesandbox[bot] commented 2 weeks ago

Review or Edit in CodeSandbox

Open the branch in Web EditorVS CodeInsiders
Open Preview

github-actions[bot] commented 2 weeks ago

Branch preview

❌ Deploy failed!

github-actions[bot] commented 2 weeks ago

Coverage report

Action wasn't able to generate report within GitHub comment limit. If you're facing this issue, please let me know by commenting under this issue.

Report generated by 🧪jest coverage report action from 9ce51942b0cc04b98fe4df74d2d78b7c5f453d84