Skip to content

security: harden probe input/output handling#7

Merged
muras3 merged 1 commit into
mainfrom
codex/security-hardening-top4
Feb 27, 2026
Merged

security: harden probe input/output handling#7
muras3 merged 1 commit into
mainfrom
codex/security-hardening-top4

Conversation

@muras3

@muras3 muras3 commented Feb 27, 2026

Copy link
Copy Markdown
Owner

Summary

  • sanitize target output to strip URL userinfo
  • reject control characters in --header and constrain --method format
  • enforce timeout range (1-300s)
  • set HTTP MaxResponseHeaderBytes to 1 MiB
  • expand request header redaction list (x-api-key, x-auth-token, set-cookie)
  • add agent dashboard/tail scripts for multi-role visibility

Testing

  • go test ./...
  • go test ./internal/cli ./internal/core ./internal/layers/http -run 'Test(ParseTargetStripsUserInfoFromOriginal|ParseArgsRejectsHeaderControlCharacters|ParseArgsTimeoutRange|NewDefaultSetsResponseHeaderLimit|HTTPRequestHeadersRedaction)' -count=1
  • go run ./cmd/probe --json --timeout 1 http://alice:secret@localhost:1

@muras3
muras3 merged commit e7ac296 into main Feb 27, 2026
1 check failed
@muras3
muras3 deleted the codex/security-hardening-top4 branch February 27, 2026 07:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant