Skip to content

[-]:fix/code scanning issues #1728

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jaaaaavier wants to merge 3 commits into
base: main
Choose a base branch
from
Open

[-]:fix/code scanning issues #1728

jaaaaavier wants to merge 3 commits into from

Conversation

@jaaaaavier
Copy link
Contributor

@jaaaaavier jaaaaavier commented Jan 16, 2026
edited
Loading

This PR tries to fix some warnings detected on code scanning alerts, key changes:

Security: Prevent SSRF in Inbox API

Added input validation and URL encoding to prevent Server-Side Request Forgery attacks. Validates email/token formats, blocks path traversal attempts (.., /), and encodes parameters with encodeURIComponent() before URL construction. Resolves CodeQL alert js/request-forgery.

Security: Prevent SSRF in Get Message API

Added input validation and URL encoding to prevent Server-Side Request Forgery attacks. Validates email/token/messageId formats, blocks path traversal attempts (.., /), and encodes parameters with encodeURIComponent() before URL construction. Resolves CodeQL alert js/request-forgery.

@vercel
Copy link

vercel bot commented Jan 16, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
website Ready Ready Preview, Comment Jan 21, 2026 8:35am

@jaaaaavier jaaaaavier self-assigned this Jan 16, 2026
@jaaaaavier jaaaaavier added the enhancement New feature or request label Jan 16, 2026
Base automatically changed from fix/dependency-warnings to main January 20, 2026 07:33
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 21, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@jaaaaavier jaaaaavier

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jaaaaavier @xabg2