chore: 配置 gosec 排除规则
- 新增 backend/.gosec.yaml 配置文件,排除 G704 (SSRF) 检查 - 更新 security-scan.yml workflow,使用 gosec 配置文件 - 原因:作为 API 网关平台,需要代理请求到配置的上游服务,所有上游 URL 来自管理员配置而非用户输入
This commit is contained in:
wucm667
7
backend/.gosec.yaml
Normal file
7
backend/.gosec.yaml
Normal file
@@ -0,0 +1,7 @@
|
||||
global:
|
||||
# Exclude G704 (SSRF via taint analysis) - this is an API gateway platform
|
||||
# that by design proxies requests to configurable upstream services.
|
||||
# All upstream URLs are sourced from admin-configured settings or known
|
||||
# third-party API endpoints, not from end-user input.
|
||||
exclude:
|
||||
- G704
|
||||
Reference in New Issue
Block a user