Security code review & tests of OpenSSH fork
We have a fork of OpenSSH with support for the PROXY protocol to help fix https://gitlab.com/gitlab-com/gl-infra/infrastructure/-/issues/10954.
This code should be reviewed and changes documented clearly on how they affect behaviour. The library included for PROXY support has a fuzzer entrypoint which we should try to utilize as well.
We should also seek to utilize our SAST (and maybe DAST) features in CI.
Edited by Hendrik Meyer