Affected by GO-2024-2442 and 3 other vulnerabilities

GO-2024-2442: Withdrawn Advisory: Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport

GO-2024-2445: Withdrawn Advisory: SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport

GO-2024-2447: Withdrawn Advisory: Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in github.com/gravitational/teleport

GO-2024-2449: Withdrawn Advisory: User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport

aws

package

v1.2.3-fred.5 Latest Latest Go to latest Published: Oct 19, 2022 License: Apache-2.0 Imports: 51 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gravitational/teleport

Documentation ¶

Index ¶

type SigningService
- func NewSigningService(config SigningServiceConfig) (*SigningService, error)
- func (s *SigningService) RoundTrip(req *http.Request) (*http.Response, error)
type SigningServiceConfig
- func (s *SigningServiceConfig) CheckAndSetDefaults() error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type SigningService ¶

type SigningService struct {
	// SigningServiceConfig is the SigningService configuration.
	SigningServiceConfig

	// Forwarder signs and forwards the request to AWS API.
	*forward.Forwarder
}

SigningService is an AWS CLI proxy service that signs AWS requests based on user identity.

func NewSigningService ¶

func NewSigningService(config SigningServiceConfig) (*SigningService, error)

NewSigningService creates a new instance of SigningService.

func (*SigningService) RoundTrip ¶

func (s *SigningService) RoundTrip(req *http.Request) (*http.Response, error)

RoundTrip handles incoming requests and forwards them to the proper AWS API. Handling steps: 1) Decoded Authorization Header. Authorization Header example:

	Authorization: AWS4-HMAC-SHA256
	Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request,
	SignedHeaders=host;range;x-amz-date,
	Signature=fe5f80f77d5fa3beca038a248ff027d0445342fe2855ddc963176630326f1024

 2. Extract credential section from credential Authorization Header.
 3. Extract aws-region and aws-service from the credential section.
 4. Build AWS API endpoint based on extracted aws-region and aws-service fields.
    Not that for endpoint resolving the https://github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
    package is used and when Amazon releases a new API the dependency update is needed.
 5. Sign HTTP request.
 6. Forward the signed HTTP request to the AWS API.

type SigningServiceConfig ¶

type SigningServiceConfig struct {
	// Client is an HTTP client instance used for HTTP calls.
	Client *http.Client
	// Log is the Logger.
	Log logrus.FieldLogger
	// Session is AWS session.
	Session *awssession.Session
	// Clock is used to override time in tests.
	Clock clockwork.Clock
	// contains filtered or unexported fields
}

SigningServiceConfig is the SigningService configuration.

func (*SigningServiceConfig) CheckAndSetDefaults ¶

func (s *SigningServiceConfig) CheckAndSetDefaults() error

CheckAndSetDefaults validates the SigningServiceConfig config.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL