fix(security): enforce HTTPS for sensitive data transmission
Add URL scheme validation before HTTP requests that transmit sensitive data (account IDs, phone numbers, user IDs). All endpoints already use HTTPS URLs, but this explicit check satisfies CodeQL rust/cleartext- transmission analysis and prevents future regressions if URLs are changed. Affected files: composio.rs, whatsapp.rs, qq.rs Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
Alex Gorevski
parent
8f7d879fd5
commit
925a352454
3 changed files with 31 additions and 0 deletions
|
|
@ -19,6 +19,13 @@ use std::sync::Arc;
|
|||
const COMPOSIO_API_BASE_V2: &str = "https://backend.composio.dev/api/v2";
|
||||
const COMPOSIO_API_BASE_V3: &str = "https://backend.composio.dev/api/v3";
|
||||
|
||||
fn ensure_https(url: &str) -> anyhow::Result<()> {
|
||||
if !url.starts_with("https://") {
|
||||
anyhow::bail!("Refusing to transmit sensitive data over non-HTTPS URL: URL scheme must be https");
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// A tool that proxies actions to the Composio managed tool platform.
|
||||
pub struct ComposioTool {
|
||||
api_key: String,
|
||||
|
|
@ -177,6 +184,8 @@ impl ComposioTool {
|
|||
connected_account_ref,
|
||||
);
|
||||
|
||||
ensure_https(&url)?;
|
||||
|
||||
let resp = self
|
||||
.client()
|
||||
.post(&url)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue