Skip to content

Suppress SSRF as URL comes from controlled server side config#5482

Merged
feordin merged 1 commit intomainfrom
user/jaerwin/ssrf-supress
Apr 3, 2026
Merged

Suppress SSRF as URL comes from controlled server side config#5482
feordin merged 1 commit intomainfrom
user/jaerwin/ssrf-supress

Conversation

@feordin
Copy link
Copy Markdown
Contributor

@feordin feordin commented Apr 3, 2026
edited by azure-boards bot
Loading

Description

Add a suppression statement for a CodeQL warning, as we have verified in the input going into the http client.

Related issues

Addresses [issue AB#188282].

Testing

Describe how this change was tested.

FHIR Team Checklist

  • Update the title of the PR to be succinct and less than 65 characters
  • Add a milestone to the PR for the sprint that it is merged (i.e. add S47)
  • Tag the PR with the type of update: Bug, Build, Dependencies, Enhancement, New-Feature or Documentation
  • Tag the PR with Open source, Azure API for FHIR (CosmosDB or common code) or Azure Healthcare APIs (SQL or common code) to specify where this change is intended to be released.
  • Tag the PR with Schema Version backward compatible or Schema Version backward incompatible or Schema Version unchanged if this adds or updates Sql script which is/is not backward compatible with the code.
  • When changing or adding behavior, if your code modifies the system design or changes design assumptions, please create and include an ADR.
  • CI is green before merge Build Status
  • Review squash-merge requirements

Semver Change (docs)

Patch|Skip|Feature|Breaking (reason)

@feordin feordin requested a review from a team as a code owner April 3, 2026 19:07
@feordin feordin added OSS-specific This is category of issues that are specific to OSS. This category does not impact managed service. Schema Version unchanged No-ADR ADR not needed Bug Bug bug bug. Open source This change is only relevant to the OSS code or release. No-PaaS-breaking-change labels Apr 3, 2026
@feordin feordin enabled auto-merge (squash) April 3, 2026 19:11
@feordin feordin added this to the FY26\Q3\2Wk\2Wk20 milestone Apr 3, 2026
@feordin feordin removed the Open source This change is only relevant to the OSS code or release. label Apr 3, 2026
@feordin feordin merged commit 869af6d into main Apr 3, 2026
60 of 71 checks passed
@feordin feordin deleted the user/jaerwin/ssrf-supress branch April 3, 2026 20:21
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Apr 3, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (main@7b910d0). Learn more about missing BASE report.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #5482   +/-   ##
=======================================
  Coverage        ?   76.94%           
=======================================
  Files           ?      978           
  Lines           ?    35680           
  Branches        ?     5356           
=======================================
  Hits            ?    27453           
  Misses          ?     6892           
  Partials        ?     1335
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mikaelweave mikaelweave mikaelweave approved these changes

Assignees

No one assigned

Labels

Bug Bug bug bug. No-ADR ADR not needed No-PaaS-breaking-change OSS-specific This is category of issues that are specific to OSS. This category does not impact managed service. Schema Version unchanged

Projects

None yet

Milestone

FY26\Q3\2Wk\2Wk20

Development

Successfully merging this pull request may close these issues.

3 participants

@feordin @codecov-commenter @mikaelweave