Skip to content

fix: resolve CodeQL high-severity security findings in backend services#144

Merged
zaccesss merged 1 commit into
mainfrom
fix/codeql-security
Jun 15, 2026
Merged

fix: resolve CodeQL high-severity security findings in backend services#144
zaccesss merged 1 commit into
mainfrom
fix/codeql-security

Conversation

@zaccesss

Copy link
Copy Markdown
Owner

Summary

Closes #2, #3 (CodeQL - Incomplete URL substring sanitization)
Closes #1 (CodeQL - Clear-text logging of sensitive information)

Test plan

  • CI passes (ruff, pytest, build)
  • Confirm CodeQL re-scan marks all 3 findings as resolved

- webhook_service: replace substring URL checks with urlparse netloc
  comparison so platform detection cannot be bypassed by embedding
  target domains in the path or query string of a malicious URL
- sms_service: remove phone number from warning log to prevent
  clear-text PII exposure in log streams
@zaccesss
zaccesss enabled auto-merge June 15, 2026 12:34
@zaccesss
zaccesss merged commit f03cfd6 into main Jun 15, 2026
8 checks passed
@zaccesss
zaccesss deleted the fix/codeql-security branch June 15, 2026 12:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

docs: update README

1 participant