Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var DefaultConfig = Config{ Exec: Exec{ Allow: MustNewWhitelist( "^(dart-)?sass(-embedded)?$", "^go$", "^npx$", "^postcss$", ), OsEnv: MustNewWhitelist(`(?i)^((HTTPS?|NO)_PROXY|PATH(EXT)?|APPDATA|TE?MP|TERM|GO\w+|(XDG_CONFIG_)?HOME|USERPROFILE|SSH_AUTH_SOCK|DISPLAY|LANG)$`), }, Funcs: Funcs{ Getenv: MustNewWhitelist("^HUGO_", "^CI$"), }, HTTP: HTTP{ URLs: MustNewWhitelist(".*"), Methods: MustNewWhitelist("(?i)GET|POST"), }, }
DefaultConfig holds the default security policy.
Functions ¶
func IsAccessDenied ¶
IsAccessDenied reports whether err is an AccessDeniedError
Types ¶
type AccessDeniedError ¶
type AccessDeniedError struct {
// contains filtered or unexported fields
}
AccessDeniedError represents a security policy conflict.
func (*AccessDeniedError) Error ¶
func (e *AccessDeniedError) Error() string
type Config ¶
type Config struct { // Restricts access to os.Exec.... // <docsmeta>{ "newIn": "0.91.0" }</docsmeta> Exec Exec `json:"exec"` // Restricts access to certain template funcs. Funcs Funcs `json:"funcs"` // Restricts access to resources.GetRemote, getJSON, getCSV. HTTP HTTP `json:"http"` // Allow inline shortcodes EnableInlineShortcodes bool `json:"enableInlineShortcodes"` // Go templates related security config. GoTemplates GoTemplates `json:"goTemplates"` }
Config is the top level security config. <docsmeta>{"name": "security", "description": "This section holds the top level security config.", "newIn": "0.91.0" }</docsmeta>
func DecodeConfig ¶
DecodeConfig creates a privacy Config from a given Hugo configuration.
func (Config) CheckAllowedExec ¶
func (Config) CheckAllowedGetEnv ¶
func (Config) CheckAllowedHTTPMethod ¶
func (Config) CheckAllowedHTTPURL ¶
func (Config) ToSecurityMap ¶
ToSecurityMap converts c to a map with 'security' as the root key.
type Funcs ¶
type Funcs struct { // OS env keys allowed to query in os.Getenv. Getenv Whitelist `json:"getenv"` }
Funcs holds template funcs policies.
type GoTemplates ¶ added in v0.114.0
type GoTemplates struct { // Enable to allow template actions inside bakcticks in ES6 template literals. // This was blocked in Hugo 0.114.0 for security reasons and you now get errors on the form // "... appears in a JS template literal" if you have this in your templates. // See https://github.com/golang/go/issues/59234 AllowActionJSTmpl bool }
type HTTP ¶
type HTTP struct { // URLs to allow in remote HTTP (resources.Get, getJSON, getCSV). URLs Whitelist `json:"urls"` // HTTP methods to allow. Methods Whitelist `json:"methods"` // Media types where the Content-Type in the response is used instead of resolving from the file content. MediaTypes Whitelist `json:"mediaTypes"` }
type Whitelist ¶
type Whitelist struct {
// contains filtered or unexported fields
}
Whitelist holds a whitelist.
func MustNewWhitelist ¶ added in v0.115.0
MustNewWhitelist creates a new Whitelist from zero or more patterns and panics on error.
func NewWhitelist ¶
NewWhitelist creates a new Whitelist from zero or more patterns. An empty patterns list or a pattern with the value 'none' will create a whitelist that will Accept none.
func (Whitelist) MarshalJSON ¶
MarshalJSON is for internal use only.