Skip to content

Commit

Permalink
Merge pull request #71 from fruechel-canva/main
Browse files Browse the repository at this point in the history 
Add exclusion patterns for curl-unecrypted-url
  • Loading branch information
@mschwager
mschwager authored Jan 6, 2025
2 parents 6b4738c + 072ce07 commit 1e3cf08
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 1 deletion.
11 changes: 10 additions & 1 deletion generic/curl-unencrypted-url.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,13 @@ curl https://google.com > /dev/null
curl http://localhost > /dev/null

# ok: curl-unencrypted-url
curl http://127.0.0.1 > /dev/null
curl http://127.0.0.1 > /dev/null

# ok: curl-unencrypted-url
curl http://169.254.169.254 > /dev/null
#
# ok: curl-unencrypted-url
curl http://[fd00:ec2::254] > /dev/null

# ok: curl-unencrypted-url
curl http://metadata.google.internal > /dev/null
3 changes: 3 additions & 0 deletions generic/curl-unencrypted-url.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,6 @@ rules:
- pattern: curl ... ftp://
- pattern-not-inside: curl ... http://127.0.0.1
- pattern-not-inside: curl ... http://localhost
- pattern-not-inside: curl ... http://169.254.169.254
- pattern-not-inside: curl ... http://[fd00:ec2::254]
- pattern-not-inside: curl ... http://metadata.google.internal

0 comments on commit 1e3cf08

Please sign in to comment.