security

package
v0.111.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 5, 2023 License: Apache-2.0 Imports: 14 Imported by: 10

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var DefaultConfig = Config{
	Exec: Exec{
		Allow: NewWhitelist(
			"^dart-sass-embedded$",
			"^go$",
			"^npx$",
			"^postcss$",
		),

		OsEnv: NewWhitelist(`(?i)^((HTTPS?|NO)_PROXY|PATH(EXT)?|APPDATA|TE?MP|TERM|GO\w+)$`),
	},
	Funcs: Funcs{
		Getenv: NewWhitelist("^HUGO_", "^CI$"),
	},
	HTTP: HTTP{
		URLs:    NewWhitelist(".*"),
		Methods: NewWhitelist("(?i)GET|POST"),
	},
}

DefaultConfig holds the default security policy.

Functions

func IsAccessDenied 

func IsAccessDenied(err error) bool

IsAccessDenied reports whether err is an AccessDeniedError

Types

type AccessDeniedError 

type AccessDeniedError struct {
	// contains filtered or unexported fields
}

AccessDeniedError represents a security policy conflict.

func (*AccessDeniedError) Error 

func (e *AccessDeniedError) Error() string

type Config 

type Config struct {
	// Restricts access to os.Exec.
	Exec Exec `json:"exec"`

	// Restricts access to certain template funcs.
	Funcs Funcs `json:"funcs"`

	// Restricts access to resources.Get, getJSON, getCSV.
	HTTP HTTP `json:"http"`

	// Allow inline shortcodes
	EnableInlineShortcodes bool `json:"enableInlineShortcodes"`
}

Config is the top level security config.

func DecodeConfig 

func DecodeConfig(cfg config.Provider) (Config, error)

DecodeConfig creates a privacy Config from a given Hugo configuration.

func (Config) CheckAllowedExec 

func (c Config) CheckAllowedExec(name string) error

func (Config) CheckAllowedGetEnv 

func (c Config) CheckAllowedGetEnv(name string) error

func (Config) CheckAllowedHTTPMethod 

func (c Config) CheckAllowedHTTPMethod(method string) error

func (Config) CheckAllowedHTTPURL 

func (c Config) CheckAllowedHTTPURL(url string) error

func (Config) ToSecurityMap 

func (c Config) ToSecurityMap() map[string]any

ToSecurityMap converts c to a map with 'security' as the root key.

func (Config) ToTOML 

func (c Config) ToTOML() string

ToTOML converts c to TOML with security as the root.

type Exec 

type Exec struct {
	Allow Whitelist `json:"allow"`
	OsEnv Whitelist `json:"osEnv"`
}

Exec holds os/exec policies.

type Funcs 

type Funcs struct {
	// OS env keys allowed to query in os.Getenv.
	Getenv Whitelist `json:"getenv"`
}

Funcs holds template funcs policies.

type HTTP 

type HTTP struct {
	// URLs to allow in remote HTTP (resources.Get, getJSON, getCSV).
	URLs Whitelist `json:"urls"`

	// HTTP methods to allow.
	Methods Whitelist `json:"methods"`
}

type Whitelist 

type Whitelist struct {
	// contains filtered or unexported fields
}

Whitelist holds a whitelist.

func NewWhitelist 

func NewWhitelist(patterns ...string) Whitelist

NewWhitelist creates a new Whitelist from zero or more patterns. An empty patterns list or a pattern with the value 'none' will create a whitelist that will Accept none.

func (Whitelist) Accept 

func (w Whitelist) Accept(name string) bool

Accepted reports whether name is whitelisted.

func (Whitelist) MarshalJSON 

func (w Whitelist) MarshalJSON() ([]byte, error)

MarshalJSON is for internal use only.

func (Whitelist) String 

func (w Whitelist) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.