Remediations
Server-side request forgery in webhook fetch
highProposed patch
claude-sonnet-4-6--- a/services/connector/fetch.go
+++ b/services/connector/fetch.go
@@ -18,7 +18,11 @@ func fetch(userProvidedURL string) (*http.Response, error) {
- resp, _ := http.Get(userProvidedURL)
+ if err := guardSSRF(userProvidedURL); err != nil {
+ return nil, err
+ }
+ resp, err := safeClient.Get(userProvidedURL)
+ if err != nil {
+ return nil, fmt.Errorf("fetch: %w", err)
+ }
Generated test
func TestFetch_BlocksMetadataEndpoint(t *testing.T) {
_, err := fetch("http://169.254.169.254/latest/meta-data/")
require.ErrorIs(t, err, ErrBlockedHost)
}
Vulnerability
- Identifier
- CWE-918
- File
- services/connector/fetch.go
resp, _ := http.Get(userProvidedURL)
AI analysis
Root cause. A user-supplied URL is fetched without validation, letting an attacker reach internal services (e.g. cloud metadata at 169.254.169.254).
Fix. Validate the URL against an allowlist and block private/link-local ranges before fetching, preventing SSRF to internal endpoints.
confidence 89%
Human approval gate
Approved · PR opened
A pull request was opened on the connected repository. This approval was recorded as a positive training signal for raven-1-code.