laoxong/nofx - nofx - Gitea: Git with a cup of tea

laoxong/nofx

Fork 0

mirror of https://github.com/laoxong/nofx.git synced 2026-06-04 09:58:22 +08:00

Commit Graph

Author	SHA1	Message	Date
tinkle-community	abaffaddb9	fix: add SSRF protection for user-controlled URLs - Add security/url_validator.go with ValidateURL, SafeHTTPClient, SafeGet - Block private IP ranges (127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16) - Block cloud metadata endpoints (169.254.169.254, metadata.google.internal) - Validate DNS resolution to prevent DNS rebinding attacks - Check redirect destinations for SSRF - Fix FetchQuantData, FetchOIRanking, fetchAI500, fetchOITop, fetchSingleExternalSource	2025-12-14 12:01:23 +08:00
tinkle-community	4aa612f397	refactor: rename pool to provider (Data Provider)	2025-12-13 21:43:43 +08:00

Author

SHA1

Message

Date

tinkle-community

abaffaddb9

fix: add SSRF protection for user-controlled URLs

- Add security/url_validator.go with ValidateURL, SafeHTTPClient, SafeGet
- Block private IP ranges (127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16)
- Block cloud metadata endpoints (169.254.169.254, metadata.google.internal)
- Validate DNS resolution to prevent DNS rebinding attacks
- Check redirect destinations for SSRF
- Fix FetchQuantData, FetchOIRanking, fetchAI500, fetchOITop, fetchSingleExternalSource

2025-12-14 12:01:23 +08:00

tinkle-community

4aa612f397

refactor: rename pool to provider (Data Provider)

2025-12-13 21:43:43 +08:00

2 Commits