Affected by GO-2022-0785 and 5 other vulnerabilities

GO-2022-0785: "catalog's registry v2 api exposed on unauthenticated path in Harbor" in github.com/goharbor/harbor

GO-2022-0865: Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor

GO-2023-2109: Harbor timing attack risk in github.com/goharbor/harbor

GO-2024-2915: Open Redirect URL in Harbor in github.com/goharbor/harbor

GO-2024-2916: SQL Injection in Harbor scan log API in github.com/goharbor/harbor

GO-2024-3013: Harbor fails to validate the user permissions when updating project configurations in github.com/goharbor/harbor

token

package

v1.7.0-rc2 Latest Latest Go to latest Published: Dec 12, 2018 License: Apache-2.0 Imports: 18 Imported by: 150

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/goharbor/harbor

Documentation ¶

Index ¶

Constants
func GetResourceActions(scopes []string) []*token.ResourceActions
func InitCreators()
func MakeToken(username, service string, access []*token.ResourceActions) (*models.Token, error)
type Creator
type Handler
- func (h *Handler) Get()

Constants ¶

View Source

const (
	// Notary service
	Notary = "harbor-notary"
	// Registry service
	Registry = "harbor-registry"
)

Variables ¶

This section is empty.

Functions ¶

func InitCreators ¶

func InitCreators()

InitCreators initialize the token creators for different services

func MakeToken ¶

func MakeToken(username, service string, access []*token.ResourceActions) (*models.Token, error)

MakeToken makes a valid jwt token based on parms.

Types ¶

type Creator ¶

type Creator interface {
	Create(r *http.Request) (*models.Token, error)
}

Creator creates a token ready to be served based on the http request.

type Handler ¶

type Handler struct {
	beego.Controller
}

Handler handles request on /service/token, which is the auth provider for registry.

func (*Handler) Get ¶

func (h *Handler) Get()

Get handles GET request, it checks the http header for user credentials and parse service and scope based on docker registry v2 standard, checkes the permission against local DB and generates jwt token.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL