fix: remove DNS lookup from ValidateDownloadSourceURL to eliminate network-dependent test failures

[CharliePuth0]

The DNS-based IP check in ValidateDownloadSourceURL caused 11 tests in
shortcuts/minutes to fail when example.com resolved to an RFC 2544
benchmarking address (198.18.0.56), which was incorrectly flagged as
"local/internal host is not allowed".

IP-level SSRF protection is already enforced at the transport layer via
validateConnRemoteIP + cloneDownloadTransport, which checks the actual
remote IP after connection — providing stronger defense-in-depth against
DNS rebinding than a pre-connect DNS lookup.

Changes:

• Removed net.DefaultResolver.LookupIP call from ValidateDownloadSourceURL
• Kept structural URL validation (scheme, host, localhost, raw IP check)
• All 70+ test packages pass, go vet clean, golangci-lint 0 issues

Summary by CodeRabbit

• Improvements
  • Streamlined URL validation for download sources with enhanced processing efficiency. The system now validates literal IP addresses in URLs during the initial check, while maintaining comprehensive security protections against restricted network targets through connection-time verification mechanisms.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

---

CharliePuth0 seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0a8c8879-3302-4629-b02b-4699d097044d

📥 Commits

Reviewing files that changed from the base of the PR and between 3bab9a0 and 440f359.

📒 Files selected for processing (1)

• internal/validate/url.go

---

📝 Walkthrough

Walkthrough

ValidateDownloadSourceURL in internal/validate/url.go shifts IP-based access control from URL validation to the transport layer. DNS hostname resolution is removed; the function now only validates literal IP addresses during validation, deferring hostname-to-IP resolution checks to connection-time enforcement.

Changes

URL Validation Transport-Layer Defense-in-Depth

Layer / File(s)	Summary
DNS Resolution Removal and Transport-Layer Enforcement internal/validate/url.go	Documentation added explaining IP restrictions are enforced at transport layer; DNS lookup logic that blocked hostnames resolving to restricted IPs is removed; context parameter marked as unused since it is no longer consumed for DNS operations.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 DNS lookups, once checked, now shift to the gate—
Where transport-layer guards defend at connection date.
A simpler path through validation's domain,
Defense stacked deeper, security maintained.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main change: removing DNS lookup from ValidateDownloadSourceURL to fix network-dependent test failures.
Description check	✅ Passed	The description covers the motivation, changes made, and validation results, aligning well with the template structure despite minor formatting differences.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}