[CodeScanning #136] go/request-forgery in pkg/llmproxy/auth/kiro/sso_oidc.go:208

[KooshaPari]

Source alert: https://github.com/KooshaPari/cliproxyapi-plusplus/security/code-scanning/136

Rule:

• ID: go/request-forgery
• Description: Uncontrolled data used in network request
• Severity: critical

Location:

• Ref: refs/heads/main
• File: pkg/llmproxy/auth/kiro/sso_oidc.go
• Line: 208

Message:
The URL of this request depends on a user-provided value.

Scope:

• Reproduce and confirm reachability
• Implement fix with tests
• Close code-scanning alert in GitHub

[KooshaPari]

Closing as resolved by current Code Scanning state. Alert #136 is no longer open in GitHub Code Scanning. If this reappears, a new alert/issue will be tracked.