fix(sec): санитизация Telegram-ошибок, SSRF-guard Webhook, чистка логов test-канала, go mod tidy, histogram-бакеты
This commit is contained in:
@@ -225,7 +225,11 @@ func (a *API) handleTestChannel(w http.ResponseWriter, r *http.Request) {
|
||||
secret = string(dec)
|
||||
}
|
||||
if err := a.Dispatch.SendTest(r.Context(), ch.Type, ch.Config, secret); err != nil {
|
||||
log.Printf("api: test channel %s failed: %v", cid, err)
|
||||
// Defense-in-depth: notify implementations sanitize errors before
|
||||
// returning them (no secret/URL material), but this log deliberately
|
||||
// omits the raw error (%v) anyway so a lower-layer regression can
|
||||
// never leak a bot token or webhook URL into logs.
|
||||
log.Printf("api: test channel %s failed", cid)
|
||||
writeErr(w, http.StatusBadGateway, "channel test failed")
|
||||
return
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user