Add opt-in SSRF validation to Apps-Engine HTTP accessor#38730
Add opt-in SSRF validation to Apps-Engine HTTP accessor#38730Copilot wants to merge 5 commits intochange-checkforssrffrom
Conversation
|
|
Looks like this PR is not ready to merge, because of the following issues:
Please fix the issues and try again If you have any trouble, please check the PR guidelines |
Co-authored-by: d-gubert <1810309+d-gubert@users.noreply.github.com>
Co-authored-by: d-gubert <1810309+d-gubert@users.noreply.github.com>
Co-authored-by: d-gubert <1810309+d-gubert@users.noreply.github.com>
Fixed the test failure in commit 2530b93. The test was using an incorrect pattern to access spy call arguments. I've updated it to properly capture the bridge call parameters using a simpler pattern that overrides the doCall method. The failing tests were:
CI should pass on the next run. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## change-checkforssrf #38730 +/- ##
=======================================================
- Coverage 70.50% 70.50% -0.01%
=======================================================
Files 3178 3176 -2
Lines 111281 111226 -55
Branches 20059 20099 +40
=======================================================
- Hits 78464 78415 -49
+ Misses 30771 30765 -6
Partials 2046 2046
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
ssrfValidationoption toIHttpRequestinterface in definitionHttpaccessor to pass the option through to the bridgeHttpBridgeto include the option inIHttpBridgeRequestInfoAppHttpBridgein meteor app to use the option forignoreSsrfValidationtrue(no SSRF validation by default for backward compatibility)💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.