F1503 SSRF Regression: isSafeURL Guard Deleted from Staging Leaves Metadata Endpoint Unprotected

A critical security regression has been identified in the F1503 staging branch, exposing a dangerous gap in server-side request forgery (SSRF) protection. Core-OffSec Audit #17 has confirmed that a2a_proxy_helpers.go, which housed the isSafeURL SSRF guard function, was deleted from the staging environment. The deletion leaves the 169.254.169.254 metadata endpoint unprotected against potential SSRF exploitation.

The vulnerability stems from a mismatch between staging and main branch code. While a2a_proxy.go on staging still calls isSafeURL, the function is no longer defined in the staging codebase. The ssrf.go module containing the isSafeURL guard—specifically blocking the 169.254.169.254 AWS metadata endpoint—exists only on the main branch. This means builds on staging either fail or operate without SSRF protection, depending on compilation behavior. The regression was introduced in commit 36240c75.

The risk is significant. Without the isSafeURL guard, an attacker who can trigger server-side requests through F1503 could reach cloud metadata endpoints and potentially exfiltrate IAM credentials, access tokens, or other sensitive infrastructure data. Audit #17 has issued an immediate directive to restore the SSRF guard to staging before any deployment pipeline advances. The missing protection is not theoretical—its absence creates a confirmed vulnerability surface that could be leveraged in targeted attacks.