fix(webhooks): validate and pin EmailBison apiBaseUrl before outbound requests#5415
Conversation
… requests Route Email Bison webhook create/delete requests through the shared DNS-validated, IP-pinned fetch used by the Teams and Slack webhook providers instead of a raw fetch to the user-configured instance URL.
|
The latest updates on your projects. Learn more about Vercel for GitHub. |
PR SummaryMedium Risk Overview Invalid or blocked addresses fail before any outbound call; create throws a clear validation error. Delete respects New Reviewed by Cursor Bugbot for commit 742ae70. Configure here. |
…e strict-delete warning log Test env var mutation was never restored, risking cross-file leakage in single-threaded vitest runs. Strict-mode deleteSubscription failures were logged twice (once at the throw site with context, once generically by the outer catch); the outer catch now skips its own log for errors already logged at the throw site.
|
@greptile review |
1 similar comment
|
@greptile review |
|
@cursor review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 742ae70. Configure here.
Summary
validateUrlWithDNS+secureFetchWithPinnedIPfor the user-configured instance URL, matching the pattern already used by the Microsoft Teams and Slack webhook providers.normalizeEmailBisonBaseUrlis unchanged; this adds the DNS/IP validation step before the request is dispatched.Test plan
bun test(vitest) forapps/sim/lib/webhooks/providers/emailbison.test.ts— new tests cover create/delete rejecting a blocked-address instance URL before any request is sent, and succeeding for a normal public HTTPS instance URLbun run type-check(apps/sim) — cleanbunx biome checkon touched files — cleanbun run check:api-validation— passed