Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var DefaultConfig = Config{ Exec: Exec{ Allow: MustNewWhitelist( "^(dart-)?sass(-embedded)?$", "^go$", "^git$", "^npx$", "^postcss$", "^tailwindcss$", ), OsEnv: MustNewWhitelist(`(?i)^((HTTPS?|NO)_PROXY|PATH(EXT)?|APPDATA|TE?MP|TERM|GO\w+|(XDG_CONFIG_)?HOME|USERPROFILE|SSH_AUTH_SOCK|DISPLAY|LANG|SYSTEMDRIVE)$`), }, Funcs: Funcs{ Getenv: MustNewWhitelist("^HUGO_", "^CI$"), }, HTTP: HTTP{ URLs: MustNewWhitelist(".*"), Methods: MustNewWhitelist("(?i)GET|POST"), }, }
DefaultConfig holds the default security policy.
Functions ¶
func IsAccessDenied ¶
IsAccessDenied reports whether err is an AccessDeniedError
Types ¶
type AccessDeniedError ¶
type AccessDeniedError struct {
// contains filtered or unexported fields
}
AccessDeniedError represents a security policy conflict.
func (*AccessDeniedError) Error ¶
func (e *AccessDeniedError) Error() string
type Config ¶
type Config struct {
// Restricts access to os.Exec....
// <docsmeta>{ "newIn": "0.91.0" }</docsmeta>
Exec Exec `json:"exec"`
// Restricts access to certain template funcs.
Funcs Funcs `json:"funcs"`
// Restricts access to resources.GetRemote, getJSON, getCSV.
HTTP HTTP `json:"http"`
// Allow inline shortcodes
EnableInlineShortcodes bool `json:"enableInlineShortcodes"`
}
Config is the top level security config. <docsmeta>{"name": "security", "description": "This section holds the top level security config.", "newIn": "0.91.0" }</docsmeta>
func DecodeConfig ¶
DecodeConfig creates a privacy Config from a given Hugo configuration.
func (Config) CheckAllowedExec ¶
func (Config) CheckAllowedGetEnv ¶
func (Config) CheckAllowedHTTPMethod ¶
func (Config) CheckAllowedHTTPURL ¶
func (Config) ToSecurityMap ¶
ToSecurityMap converts c to a map with 'security' as the root key.
type Funcs ¶
type Funcs struct {
// OS env keys allowed to query in os.Getenv.
Getenv Whitelist `json:"getenv"`
}
Funcs holds template funcs policies.
type HTTP ¶
type HTTP struct {
// URLs to allow in remote HTTP (resources.Get, getJSON, getCSV).
URLs Whitelist `json:"urls"`
// HTTP methods to allow.
Methods Whitelist `json:"methods"`
// Media types where the Content-Type in the response is used instead of resolving from the file content.
MediaTypes Whitelist `json:"mediaTypes"`
}
type Whitelist ¶
type Whitelist struct {
// contains filtered or unexported fields
}
Whitelist holds a whitelist.
func MustNewWhitelist ¶ added in v0.115.0
MustNewWhitelist creates a new Whitelist from zero or more patterns and panics on error.
func NewWhitelist ¶
NewWhitelist creates a new Whitelist from zero or more patterns. An empty patterns list or a pattern with the value 'none' will create a whitelist that will Accept none.
func (Whitelist) MarshalJSON ¶
MarshalJSON is for internal use only.
Source Files