Documentation
¶
Overview ¶
Package security provides shared security validation functions.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func SetTestBypassSSRF ¶
func SetTestBypassSSRF(enabled bool)
SetTestBypassSSRF enables or disables the SSRF validation bypass for testing. It is safe for concurrent use.
func ValidateHTTPURL ¶
ValidateHTTPURL checks for SSRF vulnerabilities by blocking requests to internal networks. It rejects localhost, private IP ranges, link-local addresses, and cloud metadata endpoints. Hostnames are resolved to detect DNS rebinding attacks targeting internal addresses.
Blocked results are cached for up to 30 seconds. If a hostname transiently resolves to an internal address (e.g. during DNS propagation), it will remain blocked until the cache entry expires, even if the DNS record is corrected sooner.
Types ¶
This section is empty.