uptop

lerkolabs/uptop

Fork 0

Commit Graph

Author	SHA1	Message	Date
lerko	f7da69f25f	fix(security): SSRF guard gaps + DNS port restriction + metrics auth CI / test (pull_request) Successful in 1m54s Details CI / lint (pull_request) Successful in 1m27s Details CI / vulncheck (pull_request) Successful in 1m1s Details 1. SSRF guard now blocks 0.0.0.0/8 (routes to localhost on Linux) and 100.64.0.0/10 (CGNAT). Also rejects unspecified, multicast, and loopback IPs via net.IP methods for defense in depth. 2. DNS monitor type no longer bypasses SSRF guard. The DNSServer address is resolved and validated against isPrivateIP before use. Port restricted to 53 — prevents arbitrary internal port probing via crafted DNSServer values. 3. /metrics now default-deny when MetricsPublic is false, regardless of whether UPTOP_CLUSTER_SECRET is set. Previously, no secret = no auth check = metrics exposed to everyone.	2026-06-11 18:57:37 -04:00
lerko	60b30935b3	fix(security): phase 1 critical fixes for public release CI / test (pull_request) Successful in 4m40s Details CI / lint (pull_request) Successful in 1m2s Details - Redact PostgreSQL DSN password from stdout/logs - Harden .dockerignore to exclude .ssh/, .claude/, .db, .local files - SSRF protection: block private/loopback/link-local IPs by default (UPTOP_ALLOW_PRIVATE_TARGETS=true to override for homelab use) - Fix email header injection via CRLF in monitor names - AES-256-GCM encryption for alert credentials at rest (UPTOP_ENCRYPTION_KEY env var, migrate-secrets subcommand) - TLS support for HTTP server (UPTOP_TLS_CERT/UPTOP_TLS_KEY) with HSTS header when TLS enabled	2026-05-25 11:26:47 -04:00

Author

SHA1

Message

Date

lerko

f7da69f25f

fix(security): SSRF guard gaps + DNS port restriction + metrics auth

CI / test (pull_request) Successful in 1m54s

Details

CI / lint (pull_request) Successful in 1m27s

Details

CI / vulncheck (pull_request) Successful in 1m1s

Details

1. SSRF guard now blocks 0.0.0.0/8 (routes to localhost on Linux)
   and 100.64.0.0/10 (CGNAT). Also rejects unspecified, multicast,
   and loopback IPs via net.IP methods for defense in depth.

2. DNS monitor type no longer bypasses SSRF guard. The DNSServer
   address is resolved and validated against isPrivateIP before use.
   Port restricted to 53 — prevents arbitrary internal port probing
   via crafted DNSServer values.

3. /metrics now default-deny when MetricsPublic is false, regardless
   of whether UPTOP_CLUSTER_SECRET is set. Previously, no secret =
   no auth check = metrics exposed to everyone.

2026-06-11 18:57:37 -04:00

lerko

60b30935b3

fix(security): phase 1 critical fixes for public release

CI / test (pull_request) Successful in 4m40s

Details

CI / lint (pull_request) Successful in 1m2s

Details

- Redact PostgreSQL DSN password from stdout/logs
- Harden .dockerignore to exclude .ssh/, .claude/, *.db, *.local files
- SSRF protection: block private/loopback/link-local IPs by default
  (UPTOP_ALLOW_PRIVATE_TARGETS=true to override for homelab use)
- Fix email header injection via CRLF in monitor names
- AES-256-GCM encryption for alert credentials at rest
  (UPTOP_ENCRYPTION_KEY env var, migrate-secrets subcommand)
- TLS support for HTTP server (UPTOP_TLS_CERT/UPTOP_TLS_KEY)
  with HSTS header when TLS enabled

2026-05-25 11:26:47 -04:00

2 Commits