Skip to content

fix: ignore loopback URLs in data leakage findings#306

Open
Yurii201811 wants to merge 1 commit into
MCP-Audit:developfrom
Yurii201811:fix/194-ignore-loopback-internal-urls
Open

fix: ignore loopback URLs in data leakage findings#306
Yurii201811 wants to merge 1 commit into
MCP-Audit:developfrom
Yurii201811:fix/194-ignore-loopback-internal-urls

Conversation

@Yurii201811

Copy link
Copy Markdown
Contributor

Summary

  • Stop reporting localhost and 127.0.0.1 development URLs as internal URL leakage.
  • Preserve detection for non-loopback internal hosts, including internal-* names.
  • Add regression coverage for loopback and production-style internal URLs.

Closes #194

Type of change

  • Bug fix
  • New feature / analyzer
  • Breaking change
  • Documentation

Test plan

Checklist

  • CHANGELOG.md updated
  • Tests added or updated
  • No secrets or credentials in code
  • No CLI or report schema documentation change required

@Yurii201811 Yurii201811 marked this pull request as ready for review July 13, 2026 08:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[TASK] Whitelist localhost and dev URLs in data-leakage analyzer

1 participant