root 99ab1ffb70 fix(ingest): pin resolved IP into safe_fetch to defeat DNS-rebinding ...

Replaces the validate-then-call-fetch pattern (which left a TOCTOU
window where the OS resolver could return a different IP at connect
time) with an undici Agent dispatcher whose lookup() returns the IP we
already validated. Same hardening on every redirect hop.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-06-01 03:48:52 +10:00

3.6 KiB

Raw Blame History

View Raw