Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var DefaultConfig = Config{ Exec: Exec{ Allow: NewWhitelist( "^dart-sass-embedded$", "^go$", "^npx$", "^postcss$", ), OsEnv: NewWhitelist(`(?i)^((HTTPS?|NO)_PROXY|PATH(EXT)?|APPDATA|TE?MP|TERM|GO\w+)$`), }, Funcs: Funcs{ Getenv: NewWhitelist("^HUGO_", "^CI$"), }, HTTP: HTTP{ URLs: NewWhitelist(".*"), Methods: NewWhitelist("(?i)GET|POST"), }, }
DefaultConfig holds the default security policy.
Functions ¶
func IsAccessDenied ¶
IsAccessDenied reports whether err is an AccessDeniedError
Types ¶
type AccessDeniedError ¶
type AccessDeniedError struct {
// contains filtered or unexported fields
}
AccessDeniedError represents a security policy conflict.
func (*AccessDeniedError) Error ¶
func (e *AccessDeniedError) Error() string
type Config ¶
type Config struct { // Restricts access to os.Exec.... // <docsmeta>{ "newIn": "0.91.0" }</docsmeta> Exec Exec `json:"exec"` // Restricts access to certain template funcs. Funcs Funcs `json:"funcs"` // Restricts access to resources.GetRemote, getJSON, getCSV. HTTP HTTP `json:"http"` // Allow inline shortcodes EnableInlineShortcodes bool `json:"enableInlineShortcodes"` }
Config is the top level security config. <docsmeta>{"name": "security", "description": "This section holds the top level security config.", "newIn": "0.91.0" }</docsmeta>
func DecodeConfig ¶
DecodeConfig creates a privacy Config from a given Hugo configuration.
func (Config) CheckAllowedExec ¶
func (Config) CheckAllowedGetEnv ¶
func (Config) CheckAllowedHTTPMethod ¶
func (Config) CheckAllowedHTTPURL ¶
func (Config) ToSecurityMap ¶
ToSecurityMap converts c to a map with 'security' as the root key.
type Funcs ¶
type Funcs struct { // OS env keys allowed to query in os.Getenv. Getenv Whitelist `json:"getenv"` }
Funcs holds template funcs policies.
type HTTP ¶
type HTTP struct { // URLs to allow in remote HTTP (resources.Get, getJSON, getCSV). URLs Whitelist `json:"urls"` // HTTP methods to allow. Methods Whitelist `json:"methods"` // Media types where the Content-Type in the response is used instead of resolving from the file content. MediaTypes Whitelist `json:"mediaTypes"` }
type Whitelist ¶
type Whitelist struct {
// contains filtered or unexported fields
}
Whitelist holds a whitelist.
func NewWhitelist ¶
NewWhitelist creates a new Whitelist from zero or more patterns. An empty patterns list or a pattern with the value 'none' will create a whitelist that will Accept none.
func (Whitelist) MarshalJSON ¶
MarshalJSON is for internal use only.