Code monitors: restrict slack webhooks to only https and slack host (!32976) · Merge requests · Administrator / sourcegraph

Administrator requested to merge cc/secure-webhooks into main Mar 23, 2022

Created by: camdencheek

Previously, there was no backend validation that slack webhooks for code monitors actually pointed to Slack's API. This adds a check on code monitor creation.

cc @andreeleuterio @deflncha @limitedmage

Test plan

Added test that creation fails with invalid URL as well as unit test for valid/invalid urls.

Code monitors: restrict slack webhooks to only https and slack host

Test plan

Merge request reports