Affected by GO-2022-0704 and 12 other vulnerabilities

GO-2022-0704: Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030) in github.com/goharbor/harbor

GO-2022-0781: Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) in github.com/goharbor/harbor

GO-2022-0785: "catalog's registry v2 api exposed on unauthenticated path in Harbor" in github.com/goharbor/harbor

GO-2022-0818: Missing Authorization in Harbor in github.com/goharbor/harbor

GO-2022-0853: SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor

GO-2022-0863: Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor

GO-2022-0865: Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor

GO-2022-0876: Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor

GO-2022-0883: SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor

GO-2023-2109: Harbor timing attack risk in github.com/goharbor/harbor

GO-2024-2915: Open Redirect URL in Harbor in github.com/goharbor/harbor

GO-2024-2916: SQL Injection in Harbor scan log API in github.com/goharbor/harbor

GO-2024-3013: Harbor fails to validate the user permissions when updating project configurations in github.com/goharbor/harbor

proxy

package

v1.8.1 Latest Latest Go to latest Published: Jun 17, 2019 License: Apache-2.0 Imports: 18 Imported by: 60

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/goharbor/harbor

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func Handle(rw http.ResponseWriter, req *http.Request)
func Init(urls ...string) error
func MatchListRepos(req *http.Request) bool
func MatchPullManifest(req *http.Request) (bool, string, string)
func MatchPushManifest(req *http.Request) (bool, string, string)
type JSONError

Constants ¶

This section is empty.

Variables ¶

View Source

var NotaryEndpoint = ""

NotaryEndpoint , exported for testing.

View Source

var Proxy *httputil.ReverseProxy

Proxy is the instance of the reverse proxy in this package.

Functions ¶

func Handle ¶

func Handle(rw http.ResponseWriter, req *http.Request)

Handle handles the request.

func Init ¶

func Init(urls ...string) error

Init initialize the Proxy instance and handler chain.

func MatchListRepos ¶

func MatchListRepos(req *http.Request) bool

MatchListRepos checks if the request looks like a request to list repositories.

func MatchPullManifest ¶

func MatchPullManifest(req *http.Request) (bool, string, string)

MatchPullManifest checks if the request looks like a request to pull manifest. If it is returns the image and tag/sha256 digest as 2nd and 3rd return values

func MatchPushManifest ¶ added in v1.8.0

func MatchPushManifest(req *http.Request) (bool, string, string)

MatchPushManifest checks if the request looks like a request to push manifest. If it is returns the image and tag/sha256 digest as 2nd and 3rd return values

Types ¶

type JSONError ¶

type JSONError struct {
	Code    string `json:"code,omitempty"`
	Message string `json:"message,omitempty"`
	Detail  string `json:"detail,omitempty"`
}

JSONError wraps a concrete Code and Message, it's readable for docker deamon.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL