Clean up before publishing publicly#17
Merged
Merged
Conversation
![github-code-quality[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull request overview
Introduces the initial AntiSSRF codebase, publishing both the .NET and Node.js implementations plus documentation, generation scripts for shared allowlists/denylists, and CI workflows to validate, test, and deploy docs.
Changes:
- Add AntiSSRF libraries for .NET (HttpMessageHandler) and Node.js (http/https Agents) with policies, CIDR parsing, and URI/domain validation.
- Add shared configuration + generators for IP ranges and Azure service domains, with workflows that verify generated outputs are in sync.
- Add extensive documentation site (Jekyll) and CI workflows for tests, CodeQL, license header checks, and GitHub Pages deployment.
Reviewed changes
Copilot reviewed 139 out of 142 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| SUPPORT.md | Adds repository support guidance and Microsoft support policy. |
| SECURITY.md | Adds Microsoft-standard security reporting guidance. |
| LICENSE | Adds MIT license. |
| README.md | Adds top-level project overview and links to packages/docs. |
| CODE_OF_CONDUCT.md | Adds Microsoft OSS code of conduct reference. |
| CONTRIBUTING.md | Adds contribution and local dev instructions for .NET/Node/docs. |
| .gitignore | Updates ignore rules (incl. macOS + package artifacts). |
| .gitattributes | Normalizes line endings across platforms. |
| config/Domains.json | Defines Azure Key Vault/Storage domain suffixes (source of truth). |
| config/IPAddressRanges.json | Defines special-purpose IP ranges (source of truth). |
| scripts/build-domains-nodejs.sh | Generates Node.js domain constants from config/Domains.json. |
| scripts/build-domains-dotnet.sh | Generates .NET domain constants from config/Domains.json. |
| scripts/build-ip-ranges-nodejs.sh | Generates Node.js IP range constants from config/IPAddressRanges.json. |
| scripts/build-ip-ranges-dotnet.sh | Generates .NET IP range constants from config/IPAddressRanges.json. |
| .github/workflows/update-domains.yml | CI check to ensure generated domain files match config. |
| .github/workflows/update-ip-ranges.yml | CI check to ensure generated IP range files match config. |
| .github/workflows/test-nodejs.yml | Runs Node.js unit/functional/prepublish tests across Node versions. |
| .github/workflows/test-dotnet.yml | Runs .NET unit/functional tests for net8.0 and net48. |
| .github/workflows/jekyll-gh-pages.yml | Builds (PR) and deploys (push) documentation site. |
| .github/workflows/codeql.yml | Adds CodeQL scanning configuration. |
| .github/workflows/check-license-headers.yml | Enforces presence of license headers. |
| .github/ISSUE_TEMPLATE/feature_request.yml | Adds feature request issue template. |
| .github/ISSUE_TEMPLATE/bug_report_nodejs.yml | Adds Node.js bug report issue template. |
| .github/ISSUE_TEMPLATE/bug_report_dotnet.yml | Adds .NET bug report issue template. |
| docs/_config.yml | Configures Jekyll/Just-the-Docs site and navigation. |
| docs/Gemfile | Adds Ruby dependencies for local docs build. |
| docs/.gitignore | Ignores local Jekyll build artifacts. |
| docs/404.html | Adds custom 404 page for docs site. |
| docs/index.md | Adds documentation home page content. |
| docs/getting-started.md | Adds install + quick-start + best practices. |
| docs/ipaddressranges.md | Documents IPAddressRanges and recommended ranges. |
| docs/support.md | Adds docs site support page. |
| docs/faq.md | Adds FAQ content on SSRF, redirects, DNS rebinding, XFF, etc. |
| docs/nodejs-api/index.md | Node.js API landing page and class index. |
| docs/nodejs-api/changelog.md | Initializes Node.js changelog page. |
| docs/nodejs-api/antissrfpolicy/index.md | Node.js AntiSSRFPolicy overview. |
| docs/nodejs-api/antissrfpolicy/constructor.md | Documents Node.js policy constructor and presets. |
| docs/nodejs-api/antissrfpolicy/properties/index.md | Index of Node.js AntiSSRFPolicy properties. |
| docs/nodejs-api/antissrfpolicy/properties/addxffheader.md | Documents addXFFHeader property. |
| docs/nodejs-api/antissrfpolicy/properties/allowedaddresses.md | Documents allowedAddresses property. |
| docs/nodejs-api/antissrfpolicy/properties/allowplaintexthttp.md | Documents allowPlainTextHttp property. |
| docs/nodejs-api/antissrfpolicy/properties/deniedaddresses.md | Documents deniedAddresses property. |
| docs/nodejs-api/antissrfpolicy/properties/deniedheaders.md | Documents deniedHeaders property. |
| docs/nodejs-api/antissrfpolicy/properties/denyallunspecifiedips.md | Documents denyAllUnspecifiedIPs property. |
| docs/nodejs-api/antissrfpolicy/properties/requiredheaders.md | Documents requiredHeaders property. |
| docs/nodejs-api/antissrfpolicy/methods/index.md | Index of Node.js AntiSSRFPolicy methods. |
| docs/nodejs-api/antissrfpolicy/methods/gethttpagent.md | Documents getHttpAgent usage and caveats. |
| docs/nodejs-api/antissrfpolicy/methods/gethttpsagent.md | Documents getHttpsAgent usage and caveats. |
| docs/nodejs-api/antissrfpolicy/methods/addallowedaddresses.md | Documents addAllowedAddresses method. |
| docs/nodejs-api/antissrfpolicy/methods/adddeniedaddresses.md | Documents addDeniedAddresses method. |
| docs/nodejs-api/antissrfpolicy/methods/adddeniedheaders.md | Documents addDeniedHeaders method. |
| docs/nodejs-api/antissrfpolicy/methods/addrequiredheaders.md | Documents addRequiredHeaders method. |
| docs/nodejs-api/urivalidator/index.md | Node.js URIValidator overview and method index. |
| docs/nodejs-api/urivalidator/indomain.md | Documents URIValidator.inDomain overloads and examples. |
| docs/nodejs-api/urivalidator/inazurekeyvaultdomain.md | Documents URIValidator.inAzureKeyVaultDomain. |
| docs/nodejs-api/urivalidator/inazurestoragedomain.md | Documents URIValidator.inAzureStorageDomain. |
| docs/nodejs-api/samples/index.md | Index of Node.js integration samples. |
| docs/nodejs-api/samples/axios.md | Sample for Axios integration. |
| docs/nodejs-api/samples/follow-redirects.md | Sample for follow-redirects integration. |
| docs/nodejs-api/samples/node-fetch.md | Sample for node-fetch integration. |
| docs/dotnet-api/index.md | .NET API landing page and class index. |
| docs/dotnet-api/changelog.md | Initializes .NET changelog page. |
| docs/dotnet-api/antissrfhandler.md | Documents AntiSSRFHandler and exposed properties. |
| docs/dotnet-api/antissrfpolicy/index.md | .NET AntiSSRFPolicy overview. |
| docs/dotnet-api/antissrfpolicy/constructor.md | Documents .NET policy constructor and presets. |
| docs/dotnet-api/antissrfpolicy/properties/index.md | Index of .NET AntiSSRFPolicy properties. |
| docs/dotnet-api/antissrfpolicy/properties/addxffheader.md | Documents AddXFFHeader property. |
| docs/dotnet-api/antissrfpolicy/properties/allowedaddresses.md | Documents AllowedAddresses property. |
| docs/dotnet-api/antissrfpolicy/properties/allowplaintexthttp.md | Documents AllowPlainTextHttp property. |
| docs/dotnet-api/antissrfpolicy/properties/deniedaddresses.md | Documents DeniedAddresses property. |
| docs/dotnet-api/antissrfpolicy/properties/deniedheaders.md | Documents DeniedHeaders property. |
| docs/dotnet-api/antissrfpolicy/properties/denyallunspecifiedips.md | Documents DenyAllUnspecifiedIPs property. |
| docs/dotnet-api/antissrfpolicy/properties/requiredheaders.md | Documents RequiredHeaders property. |
| docs/dotnet-api/antissrfpolicy/methods/index.md | Index of .NET AntiSSRFPolicy methods. |
| docs/dotnet-api/antissrfpolicy/methods/gethandler.md | Documents GetHandler usage and immutability. |
| docs/dotnet-api/antissrfpolicy/methods/addallowedaddresses.md | Documents AddAllowedAddresses method. |
| docs/dotnet-api/antissrfpolicy/methods/adddeniedaddresses.md | Documents AddDeniedAddresses method. |
| docs/dotnet-api/antissrfpolicy/methods/adddeniedheaders.md | Documents AddDeniedHeaders method. |
| docs/dotnet-api/antissrfpolicy/methods/addrequiredheaders.md | Documents AddRequiredHeaders method. |
| docs/dotnet-api/urivalidator/index.md | .NET URIValidator overview and method index. |
| docs/dotnet-api/urivalidator/indomain.md | Documents URIValidator.InDomain overloads and examples. |
| docs/dotnet-api/urivalidator/inazurekeyvaultdomain.md | Documents URIValidator.InAzureKeyVaultDomain. |
| docs/dotnet-api/urivalidator/inazurestoragedomain.md | Documents URIValidator.InAzureStorageDomain. |
| nodejs/package.json | Defines Node.js package metadata, scripts, and dev dependencies. |
| nodejs/tsconfig.json | Configures TypeScript compilation for NodeNext + tests. |
| nodejs/eslint.config.mjs | Adds ESLint flat config (TS + security rules). |
| nodejs/.prettierrc | Adds Prettier formatting configuration. |
| nodejs/.prettierignore | Excludes build artifacts and generated files from formatting. |
| nodejs/README.md | Adds Node.js package README and doc links. |
| nodejs/src/index.ts | Barrel exports for Node.js public API. |
| nodejs/src/AntiSSRFError.ts | Defines Node.js AntiSSRFError type. |
| nodejs/src/AntiSSRFPolicy.ts | Implements Node.js policy configuration and agent creation. |
| nodejs/src/Helpers/AntiSSRFHttpAgent.ts | Implements HTTP agent wrapper enforcing policy. |
| nodejs/src/Helpers/AntiSSRFHttpsAgent.ts | Implements HTTPS agent wrapper enforcing policy. |
| nodejs/src/Helpers/AntiSSRFDnsLookup.ts | DNS lookup wrapper enforcing policy on resolved IPs. |
| nodejs/src/Helpers/CIDRBlock.ts | CIDR parsing + IPv4-mapped IPv6 normalization helper. |
| nodejs/src/Helpers/Domains.ts | Generated Node.js Azure service domain suffix lists. |
| nodejs/src/IPAddressRanges.ts | Generated Node.js special-purpose IP range constants. |
| nodejs/src/URIValidator.ts | Implements Node.js URI domain/protocol validation helpers. |
| nodejs/tests/UnitTests/AntiSSRFPolicy.Scheme.test.ts | Unit tests for scheme enforcement behaviors. |
| nodejs/tests/UnitTests/AntiSSRFPolicy.AddXFFHeader.test.ts | Unit tests for XFF header behavior. |
| nodejs/tests/FunctionalTests/FollowRedirects.test.ts | Functional tests for follow-redirects integration and redirects behavior. |
| nodejs/tests/PrePublishTests/PrePublish.test.js | Prepublish tests against packed npm artifact. |
| dotnet/Microsoft.Security.AntiSSRF.sln | Adds .NET solution scaffolding. |
| dotnet/Directory.Packages.props | Central package version management for .NET projects. |
| dotnet/src/Microsoft.Security.AntiSSRF.csproj | .NET library project file and packaging metadata. |
| dotnet/src/microsoft.png | Package icon asset. |
| dotnet/src/README.md | Adds .NET package README and doc links. |
| dotnet/src/AntiSSRFException.cs | Defines .NET AntiSSRFException type. |
| dotnet/src/AntiSSRFPolicy.cs | Implements .NET policy configuration and validation helpers. |
| dotnet/src/AntiSSRFHandler.cs | Implements handler that enforces policy (incl. redirect wrapper). |
| dotnet/src/Helpers/RedirectHandler.cs | Redirect-following handler enforcing policy per hop. |
| dotnet/src/Helpers/InnerHandler.NetCore.cs | Net5+ connect callback handler enforcing DNS/IP policy. |
| dotnet/src/Helpers/InnerHandler.NetStandard.cs | NetStandard/.NET Framework handler enforcing DNS/IP policy. |
| dotnet/src/Helpers/CIDRBlock.cs | CIDR parsing + containment checks. |
| dotnet/src/Helpers/Domains.cs | Generated .NET Azure service domain suffix lists. |
| dotnet/src/IPAddressRanges.cs | Generated .NET special-purpose IP range constants. |
| dotnet/src/URIValidator.cs | Implements .NET URI domain/protocol validation helpers. |
| dotnet/UnitTests/Microsoft.Security.AntiSSRF.UnitTests.csproj | .NET unit test project definition. |
| dotnet/FunctionalTests/Microsoft.Security.AntiSSRF.FunctionalTests.csproj | .NET functional test project definition. |
| dotnet/FunctionalTests/AntiSSRFPolicy.SchemeTests.cs | Functional tests for scheme enforcement behaviors. |
| dotnet/FunctionalTests/AntiSSRFPolicy.AddXFFHeaderTests.cs | Functional tests for XFF header behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 10 out of 10 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
EmmieBunnie
approved these changes
May 5, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.