fix: prevent SSRF via OpenID Connect avatar download (GHSA-g9xj-752q-xh63)
This commit is contained in:
parent
0266fffad2
commit
363aa66423
|
|
@ -101,7 +101,7 @@ func DownloadImage(url string) ([]byte, error) {
|
|||
return nil, fmt.Errorf("failed to create HTTP request: %w", err)
|
||||
}
|
||||
|
||||
resp, err := (&http.Client{}).Do(req) // #nosec G704 -- URL comes from OIDC provider picture claim
|
||||
resp, err := NewSSRFSafeHTTPClient().Do(req)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to download image: %w", err)
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue