NotAShelf/watchdog
1
0
Fork 0
mirror of https://github.com/NotAShelf/watchdog.git synced 2026-04-15 14:54:00 +00:00
Code Issues Projects Releases Packages Wiki Activity
watchdog/internal/api
History
NotAShelf 98611ca452
 api/handler: fix X-Real-IP header validation 
When trusted proxy headers are enabled, the code accepted `X-Real-IP`
without validating it. The attacker could simply set `X-Real-IP` to an
arbitrary and that IP would be recorded as is. We validate the IP format
and ensure it's not from a trusted proxy, and add test cases.


Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Ic1e761ea623a69371a28ad15d465d6c66a6a6964
2026-03-10 10:40:03 +03:00
..
event.go api/event: remove legacy validate function; use domain map 2026-03-10 08:43:52 +03:00
event_test.go api/event: remove legacy validate function; use domain map 2026-03-10 08:43:52 +03:00
handler.go api/handler: fix X-Real-IP header validation 2026-03-10 10:40:03 +03:00
handler_test.go api/handler: fix X-Real-IP header validation 2026-03-10 10:40:03 +03:00