Validation rules for webhook URL security checks including malformation, scheme, and content scanning requirements
Security
WebhookMustPassUrlScan
| Definition | Severity | API | Sample | Mode |
|---|---|---|---|---|
Validate that url passes security checks |  |  |  |
{{reason}} |
|---|
malformed |
not parsable |
includes unsupported fragment |
only http or https schemes accepted |
port not within expected range |
hostname is neither FQDN, IP v4 nor IP v6 |
does not resolve to accepted IP address version (v4 or v6) |
does not resolve to accepted IP address |
file size exceeds maximum |
failed to download |
unrecognizable MIME type |
unexpected content for MIME type |
failed virus scan |
Example Validation Report
{
"code": "VALIDATION__WebhookMustPassUrlScan",
"message": "Webhook rejected for reason: '{{reason}}'",
"severity": "VIOLATION",
"context": {
"reason": "only http or https schemes accepted"
}
}