Affected by GO-2022-0540 and 17 other vulnerabilities

GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server

GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server

GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server

GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server

GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server

GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server

GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost

GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server

GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server

GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server

GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server

GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server

GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server

GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server

GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server

GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server

GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server

GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server

The highest tagged major version is v6.

httpservice

package

v5.6.0-rc1+incompatible Latest Latest Go to latest Published: Dec 4, 2018 License: AGPL-3.0, Apache-2.0 Imports: 9 Imported by: 84

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/mattermost/mattermost-server

Documentation ¶

Index ¶

Variables
func IsReservedIP(ip net.IP) bool
type Client
- func NewHTTPClient(enableInsecureConnections bool, allowHost func(host string) bool, ...) *Client
- func (c *Client) Do(req *http.Request) (*http.Response, error)
type DialContextFunction
type HTTPService
- func MakeHTTPService(configService configservice.ConfigService) HTTPService
type HTTPServiceImpl
- func (h *HTTPServiceImpl) Close()
- func (h *HTTPServiceImpl) MakeClient(trustURLs bool) *Client

Constants ¶

This section is empty.

Variables ¶

View Source

var AddressForbidden error = errors.New("address forbidden, you may need to set AllowedUntrustedInternalConnections to allow an integration access to your internal network")

Functions ¶

func IsReservedIP ¶

func IsReservedIP(ip net.IP) bool

Types ¶

type Client ¶

type Client struct {
	*http.Client
}

func NewHTTPClient ¶

func NewHTTPClient(enableInsecureConnections bool, allowHost func(host string) bool, allowIP func(ip net.IP) bool) *Client

NewHTTPClient returns a variation the default implementation of Client. It uses a Transport with the same settings as the default Transport but with the following modifications:

shorter timeout for dial and TLS handshake (defined as constant "connectTimeout")
timeout for the end-to-end request (defined as constant "requestTimeout")

func (*Client) Do ¶

func (c *Client) Do(req *http.Request) (*http.Response, error)

type DialContextFunction ¶

type DialContextFunction func(ctx context.Context, network, addr string) (net.Conn, error)

type HTTPService ¶

type HTTPService interface {
	MakeClient(trustURLs bool) *Client
	Close()
}

Wraps the functionality for creating a new http.Client to encapsulate that and allow it to be mocked when testing

func MakeHTTPService ¶

func MakeHTTPService(configService configservice.ConfigService) HTTPService

type HTTPServiceImpl ¶

type HTTPServiceImpl struct {
	// contains filtered or unexported fields
}

func (*HTTPServiceImpl) Close ¶

func (h *HTTPServiceImpl) Close()

func (*HTTPServiceImpl) MakeClient ¶

func (h *HTTPServiceImpl) MakeClient(trustURLs bool) *Client

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL