security: fix build errors, add honest Google UA, sanitize error msgs
- Fix config validation: upstream URLs allow private IPs (self-hosted) - Fix util.SafeURLScheme to return parsed URL - Replace spoofed GSA User-Agent with honest Kafka UA - Sanitize all engine error messages (strip response bodies) - Replace unused body reads with io.Copy(io.Discard, ...) for reuse - Fix pre-existing braveapi_test using wrong struct type - Fix ratelimit test reference to limiter variable - Update ratelimit tests for new trusted proxy behavior
This commit is contained in:
parent
da367a1bfd
commit
b3e3123612
17 changed files with 32 additions and 38 deletions
|
|
@ -18,7 +18,6 @@ package config
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"log"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
|
|
@ -144,10 +143,11 @@ func validateConfig(cfg *Config) error {
|
|||
}
|
||||
}
|
||||
if cfg.Upstream.URL != "" {
|
||||
if err := util.ValidatePublicURL(cfg.Upstream.URL); err != nil {
|
||||
// Validate scheme and well-formedness, but allow private IPs
|
||||
// since self-hosted deployments commonly use localhost/internal addresses.
|
||||
if _, err := util.SafeURLScheme(cfg.Upstream.URL); err != nil {
|
||||
return fmt.Errorf("upstream.url: %w", err)
|
||||
}
|
||||
log.Printf("WARNING: upstream.url SSRF protection is enabled; ensure the upstream host is not on a private network")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue