feat: SSRF protection via NEXUS_ALLOWED_HOSTS, _env_int validation warnings

2026-05-11 19:38:15 +03:00
parent 04abe44ab4
commit 6743321463
4 changed files with 33 additions and 2 deletions
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -94,6 +94,7 @@ All via environment variables, defined in `config.py`. Key ones:
 | Variable | Default | Notes |
 |----------|---------|-------|
 | `NEXUS_URL` | `http://localhost:8081` | |
+| `NEXUS_ALLOWED_HOSTS` | host from `NEXUS_URL` | comma-separated, SSRF protection |
 | `WEBHOOK_SECRET` | `""` | HMAC-SHA256 validation |
 | `MAX_CONCURRENT_SCANS` | `4` | asyncio.Semaphore for guarddog processes |
 | `LLM_ENABLED` | `0` | `1` to enable analysis |