SID-HARD-02 — Input Validation and Injection Prevention
| Property | Value |
|---|---|
| Owner | platform |
| Category | technical |
| CSF Function | protect |
| Group | System Hardening Controls |
Description
Comprehensive validation: DID syntax per W3C DID Core 1.0 (rejects null/newline/traversal). HTTP body size limits (io.LimitReader): 10MB general, 1MB JWKS, 64KB errors. WebSocket 64KB read limit. SVG sanitization. Policy constraint injection prevention via structured types. URL redirect validation.
Components
Source References
Framework Requirements
EUDI Security Requirements: WUH-8.3.2-Sec-01, WUH-8.3.2-Sec-02, WUH-8.3.2-Sec-03, WIN-8.4.4-01
FitCEM Wallet Instance: FIT-DS-08, FIT-AU-18, FIT-PI-01, FIT-CS-01
ISO 27001 Annex A: A.8.26, A.8.28
OWASP ASVS 4.0.3 Level 3: V1.5, V5.1, V5.2, V5.3, V5.4, V5.5, V8.1, V12.3, V13.1, V13.2, V14.5
STRIDE Threat Model: WF-D-1, WB-D-1, WB-D-2, WB-D-3, VC-D-1, TR-D-1, FT-D-1