Skip to content

feat[backend](threat_intelligense): added custommer manager connectio…#2339

Merged
AlexSanchez-bit merged 2 commits into
release/v12.0.0from
backlog/v12_threat_intelligense_module
Jul 10, 2026
Merged

feat[backend](threat_intelligense): added custommer manager connectio…#2339
AlexSanchez-bit merged 2 commits into
release/v12.0.0from
backlog/v12_threat_intelligense_module

Conversation

@AlexSanchez-bit

Copy link
Copy Markdown
Contributor

No description provided.

…n module and threat intelligence proxy module
@github-actions

github-actions Bot commented Jul 10, 2026

Copy link
Copy Markdown

🛑 AI review — Sensitive area, extra care recommended

This PR touches critical paths or introduces changes the model cannot judge with sufficient confidence. Review carefully before merging.

⚠️ architecture (gemini-3-flash-lite) — minor findings

Summary: Introduction of a new threatintel module with reverse proxy logic; requires minor structural cleanup regarding global state and configuration loading.

  • medium backend/modules/threatintel/internal/instanceconfig.go:26 — Use of sync.Once with a package-level variable creates a hidden singleton/global state. Consider injecting the configuration into the module or handler instead of relying on internal.Get().
  • medium backend/modules/threatintel/internal/instanceconfig.go:31 — Error handling in LoadInstanceConfig is suppressed inside sync.Once. If the config fails to load, the module remains in an inconsistent state. Move configuration loading logic to the module constructor or a dedicated provider.
  • low backend/modules/threatintel/handler/proxy.go:113 — Hardcoded timeout of 20s for upstream requests. Consider moving this to a configurable constant or environment variable to prevent potential blocking issues.

🛑 bugs (gemini-3-flash-lite) — high/critical — please review

Summary: Critical bug in configuration loading and potential path traversal in ID sanitization

  • high backend/modules/threatintel/internal/instanceconfig.go:30 — The variable 'err' is shadowed inside the sync.Once block. The outer 'err' remains nil even if loading fails, causing LoadInstanceConfig to return (nil, nil) instead of the actual error.
  • medium backend/modules/threatintel/routes.go:47 — The sanitizeId function uses an incomplete blacklist (only '.', '', '/') to prevent path traversal. It should use a whitelist or path validation to ensure the ID does not contain '..' or other malicious sequences.

🛑 security (gemini-3-flash-lite) — high/critical — please review

Summary: Introduced a new threatintel module with a reverse proxy implementation that handles sensitive credentials and external request forwarding.

  • medium backend/modules/threatintel/routes.go:45 — Insecure sanitization logic: The sanitizeId function uses a blocklist approach (removing dots, slashes, backslashes) which is insufficient to prevent path traversal or injection if the target backend interprets other characters. Use an allowlist (e.g., regex for alphanumeric) instead.
  • medium backend/modules/threatintel/handler/proxy.go:121 — Potential SSRF/Information Disclosure: The proxy logic copies all headers from the upstream response to the client. This may include sensitive internal headers or metadata from the threat intelligence provider.

🟢 go-deps — up to date

No pending Go dependency updates.

@AlexSanchez-bit AlexSanchez-bit force-pushed the backlog/v12_threat_intelligense_module branch 2 times, most recently from be9dde2 to 9334f90 Compare July 10, 2026 16:23
@AlexSanchez-bit AlexSanchez-bit force-pushed the backlog/v12_threat_intelligense_module branch from 9334f90 to 13701d0 Compare July 10, 2026 16:27
@AlexSanchez-bit

Copy link
Copy Markdown
Contributor Author

CM is an inner service not public service, so no special headers can damage other components or expose sensitive data , id sanitization is sufficient as the expected values of ids allway are uuids

@AlexSanchez-bit AlexSanchez-bit merged commit 0cb33f5 into release/v12.0.0 Jul 10, 2026
1 check passed
@AlexSanchez-bit AlexSanchez-bit deleted the backlog/v12_threat_intelligense_module branch July 10, 2026 16:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant