Kolega.dev 780877d1d0 security: validate URLs to prevent SSRF in content fetching endpoints (#8476) ...

User-supplied URLs passed to GetContentURIAsBase64() and downloadFile()
were fetched without validation, allowing SSRF attacks against internal
services. Added URL validation that blocks private IPs, loopback,
link-local, and cloud metadata endpoints before fetching.

Co-authored-by: kolega.dev <faizan@kolega.ai>

2026-02-10 15:14:14 +01:00

..

base64_test.go

fix: adapt test to error changes

2025-05-30 17:43:59 +02:00

base64.go

security: validate URLs to prevent SSRF in content fetching endpoints (#8476)

2026-02-10 15:14:14 +01:00

ffmpeg.go

fix: do not pass by environ to ffmpeg (#5871)

2025-07-21 14:35:33 +02:00

hash.go

feat: embedded model configurations, add popular model examples, refactoring (#1532)

2024-01-05 23:16:33 +01:00

json.go

fix: do not break on newlines on function returns (#864)

2023-08-04 21:46:36 +02:00

logging.go

chore(refactor): move logging to common package based on slog (#7668)

2025-12-21 19:33:13 +01:00

path.go

feat: elevenlabs sound-generation api (#3355)

2024-08-24 00:20:28 +00:00

strings.go

fix(gallery): do not attempt to delete duplicate files (#3031)

2024-07-28 10:27:56 +02:00

untar.go

refactor: gallery inconsistencies (#2647)

2024-06-24 17:32:12 +02:00

urlfetch_test.go

security: validate URLs to prevent SSRF in content fetching endpoints (#8476)

2026-02-10 15:14:14 +01:00

urlfetch.go

security: validate URLs to prevent SSRF in content fetching endpoints (#8476)

2026-02-10 15:14:14 +01:00

utils_suite_test.go

refactor: consolidate usage of GetURI (#674)

2023-06-26 12:25:38 +02:00