SID-TRANS-04 — SSRF-Protected HTTP Client
| Property | Value |
|---|---|
| Status | verified |
| Owner | platform |
| Category | technical |
| CSF Function | protect |
| Group | Transport Security Controls |
Description
SafeHTTPClient blocks: private IP ranges, cloud metadata endpoints (169.254.169.254), DNS rebinding, non-HTTPS connections. Host allowlisting supported. Response body size limits: 10MB general, 1MB JWKS/discovery, 64KB errors.
Components
- Trust Service (AuthZEN)
- Wallet Backend (Go)
Source References
Audit Findings
| Finding | Severity | Status |
|---|---|---|
| EN-P-7 — Partial hardening and error handling | medium | resolved |
| ISO-T-8 — Partial network security | medium | open |