Skip to content

runtime/secrets: validate proxy URL scheme and length #1054

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
matheuscscp merged 2 commits into from
Dec 8, 2025
Merged

runtime/secrets: validate proxy URL scheme and length #1054

matheuscscp merged 2 commits into from
Dec 8, 2025

Conversation

@cappyzawa
Copy link
Member

@cappyzawa cappyzawa commented Dec 3, 2025

@cappyzawa
runtime/secrets: validate proxy URL scheme and length
8a1b950 
Add validation to ProxyURLFromSecret to ensure proxy URLs use
supported schemes (http, https, socks5) and do not exceed the
maximum length of 2048 characters.

This addresses the regression introduced in PR fluxcd#1041 which removed
all validation after users reported SOCKS5 proxy breakage. The new
implementation properly supports SOCKS5 while maintaining security
through scheme and length validation.

Signed-off-by: cappyzawa <cappyzawa@gmail.com>
@cappyzawa
Prepare for release
e4755ca 
Signed-off-by: cappyzawa <cappyzawa@gmail.com>
@cappyzawa cappyzawa requested review from a team, hiddeco and stefanprodan as code owners December 3, 2025 02:25
stefanprodan
stefanprodan approved these changes Dec 8, 2025
View reviewed changes
Copy link
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks @cappyzawa 🏅

@stefanprodan stefanprodan added the area/security Security related issues and pull requests label Dec 8, 2025
matheuscscp
matheuscscp approved these changes Dec 8, 2025
View reviewed changes
Copy link
Member

@matheuscscp matheuscscp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 🚀

@matheuscscp matheuscscp merged commit cac5502 into fluxcd:main Dec 8, 2025
11 checks passed
@matheuscscp
Copy link
Member

matheuscscp commented Dec 8, 2025

runtime/v0.92.0 is tagged 🤗

@cappyzawa cappyzawa deleted the proxy-url-validation branch December 9, 2025 00:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matheuscscp matheuscscp matheuscscp approved these changes

@stefanprodan stefanprodan stefanprodan approved these changes

@hiddeco hiddeco Awaiting requested review from hiddeco hiddeco is a code owner

Assignees

No one assigned

Labels

area/security Security related issues and pull requests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cappyzawa @matheuscscp @stefanprodan