GO-2023-1747: Hop-by-hop abuse to malform header mutator in github.com/ory/oathkeeper

configuration

package

v0.16.0-beta.4 Latest Latest Go to latest Published: May 28, 2019 License: Apache-2.0 Imports: 11 Imported by: 11

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ory/oathkeeper

Documentation ¶

Index ¶

Constants
func MustValidate(l logrus.FieldLogger, p Provider)
type Provider
type ProviderAuthenticators
type ProviderAuthorizers
type ProviderMutators
type ViperProvider
- func NewViperProvider(l logrus.FieldLogger) *ViperProvider

Constants ¶

View Source

const (
	ViperKeyProxyReadTimeout       = "serve.proxy.timeout.read"
	ViperKeyProxyWriteTimeout      = "serve.proxy.timeout.write"
	ViperKeyProxyIdleTimeout       = "serve.proxy.timeout.idle"
	ViperKeyProxyServeAddressHost  = "serve.proxy.host"
	ViperKeyProxyServeAddressPort  = "serve.proxy.port"
	ViperKeyAPIServeAddressHost    = "serve.api.host"
	ViperKeyAPIServeAddressPort    = "serve.api.port"
	ViperKeyAccessRuleRepositories = "access_rules.repositories"
)

View Source

const (
	// anonymous
	ViperKeyAuthenticatorAnonymousIsEnabled  = "authenticators.anonymous.enabled"
	ViperKeyAuthenticatorAnonymousIdentifier = "authenticators.anonymous.subject"

	// noop
	ViperKeyAuthenticatorNoopIsEnabled = "authenticators.noop.enabled"

	// jwt
	ViperKeyAuthenticatorJWTIsEnabled     = "authenticators.jwt.enabled"
	ViperKeyAuthenticatorJWTJWKSURIs      = "authenticators.jwt.jwks_urls"
	ViperKeyAuthenticatorJWTScopeStrategy = "authenticators.jwt.scope_strategy"

	// oauth2_client_credentials
	ViperKeyAuthenticatorOAuth2ClientCredentialsIsEnabled = "authenticators.oauth2_client_credentials.enabled"
	ViperKeyAuthenticatorClientCredentialsTokenURL        = "authenticators.oauth2_client_credentials.token_url"

	// oauth2_token_introspection
	ViperKeyAuthenticatorOAuth2TokenIntrospectionIsEnabled                    = "authenticators.oauth2_introspection.enabled"
	ViperKeyAuthenticatorOAuth2TokenIntrospectionScopeStrategy                = "authenticators.oauth2_introspection.scope_strategy"
	ViperKeyAuthenticatorOAuth2TokenIntrospectionIntrospectionURL             = "authenticators.oauth2_introspection.introspection_url"
	ViperKeyAuthenticatorOAuth2TokenIntrospectionPreAuthorizationEnabled      = "authenticators.oauth2_introspection.pre_authorization.enabled"
	ViperKeyAuthenticatorOAuth2TokenIntrospectionPreAuthorizationClientID     = "authenticators.oauth2_introspection.pre_authorization.client_id"
	ViperKeyAuthenticatorOAuth2TokenIntrospectionPreAuthorizationClientSecret = "authenticators.oauth2_introspection.pre_authorization.client_secret"
	ViperKeyAuthenticatorOAuth2TokenIntrospectionPreAuthorizationScope        = "authenticators.oauth2_introspection.pre_authorization.scope"
	ViperKeyAuthenticatorOAuth2TokenIntrospectionPreAuthorizationTokenURL     = "authenticators.oauth2_introspection.pre_authorization.token_url"

	// unauthorized
	ViperKeyAuthenticatorUnauthorizedIsEnabled = "authenticators.unauthorized.enabled"
)

Authenticators

View Source

const (
	ViperKeyAuthorizerAllowIsEnabled = "authorizers.allow.enabled"

	ViperKeyAuthorizerDenyIsEnabled = "authorizers.deny.enabled"

	ViperKeyAuthorizerKetoEngineACPORYIsEnabled = "authorizers.keto_engine_acp_ory.enabled"
	ViperKeyAuthorizerKetoEngineACPORYBaseURL   = "authorizers.keto_engine_acp_ory.base_url"
)

View Source

const (
	ViperKeyMutatorCookieIsEnabled = "mutators.cookie.enabled"

	ViperKeyMutatorHeaderIsEnabled = "mutators.header.enabled"

	ViperKeyMutatorNoopIsEnabled = "mutators.noop.enabled"

	ViperKeyMutatorIDTokenIsEnabled = "mutators.id_token.enabled"
	ViperKeyMutatorIDTokenIssuerURL = "mutators.id_token.issuer_url"
	ViperKeyMutatorIDTokenJWKSURL   = "mutators.id_token.jwks_url"
	ViperKeyMutatorIDTokenTTL       = "mutators.id_token.ttl"
)

Variables ¶

This section is empty.

Functions ¶

func MustValidate ¶

func MustValidate(l logrus.FieldLogger, p Provider)

Types ¶

type Provider ¶

type Provider interface {
	CORSEnabled(iface string) bool
	CORSOptions(iface string) cors.Options

	ProviderAuthenticators
	ProviderAuthorizers
	ProviderMutators

	ProxyReadTimeout() time.Duration
	ProxyWriteTimeout() time.Duration
	ProxyIdleTimeout() time.Duration

	AccessRuleRepositories() []url.URL

	ProxyServeAddress() string
	APIServeAddress() string
}

type ProviderAuthenticators ¶

type ProviderAuthenticators interface {
	AuthenticatorAnonymousIsEnabled() bool
	AuthenticatorAnonymousIdentifier() string

	AuthenticatorNoopIsEnabled() bool

	AuthenticatorJWTIsEnabled() bool
	AuthenticatorJWTJWKSURIs() []url.URL
	AuthenticatorJWTScopeStrategy() fosite.ScopeStrategy

	AuthenticatorOAuth2ClientCredentialsIsEnabled() bool
	AuthenticatorOAuth2ClientCredentialsTokenURL() *url.URL

	AuthenticatorOAuth2TokenIntrospectionIsEnabled() bool
	AuthenticatorOAuth2TokenIntrospectionScopeStrategy() fosite.ScopeStrategy
	AuthenticatorOAuth2TokenIntrospectionIntrospectionURL() *url.URL
	AuthenticatorOAuth2TokenIntrospectionPreAuthorization() *clientcredentials.Config

	AuthenticatorUnauthorizedIsEnabled() bool
}

type ProviderAuthorizers ¶

type ProviderAuthorizers interface {
	AuthorizerAllowIsEnabled() bool

	AuthorizerDenyIsEnabled() bool

	AuthorizerKetoEngineACPORYIsEnabled() bool
	AuthorizerKetoEngineACPORYBaseURL() *url.URL
}

type ProviderMutators ¶

type ProviderMutators interface {
	MutatorCookieIsEnabled() bool

	MutatorHeaderIsEnabled() bool

	MutatorIDTokenIsEnabled() bool
	MutatorIDTokenIssuerURL() *url.URL
	MutatorIDTokenJWKSURL() *url.URL
	MutatorIDTokenTTL() time.Duration

	MutatorNoopIsEnabled() bool
}

type ViperProvider ¶

type ViperProvider struct {
	// contains filtered or unexported fields
}

func NewViperProvider ¶

func NewViperProvider(l logrus.FieldLogger) *ViperProvider

func (*ViperProvider) APIServeAddress ¶

func (v *ViperProvider) APIServeAddress() string

func (*ViperProvider) AccessRuleRepositories ¶

func (v *ViperProvider) AccessRuleRepositories() []url.URL

func (*ViperProvider) AuthenticatorAnonymousIdentifier ¶

func (v *ViperProvider) AuthenticatorAnonymousIdentifier() string

func (*ViperProvider) AuthenticatorAnonymousIsEnabled ¶

func (v *ViperProvider) AuthenticatorAnonymousIsEnabled() bool

func (*ViperProvider) AuthenticatorJWTIsEnabled ¶

func (v *ViperProvider) AuthenticatorJWTIsEnabled() bool

func (*ViperProvider) AuthenticatorJWTJWKSURIs ¶

func (v *ViperProvider) AuthenticatorJWTJWKSURIs() []url.URL

func (*ViperProvider) AuthenticatorJWTScopeStrategy ¶

func (v *ViperProvider) AuthenticatorJWTScopeStrategy() fosite.ScopeStrategy

func (*ViperProvider) AuthenticatorNoopIsEnabled ¶

func (v *ViperProvider) AuthenticatorNoopIsEnabled() bool

func (*ViperProvider) AuthenticatorOAuth2ClientCredentialsIsEnabled ¶

func (v *ViperProvider) AuthenticatorOAuth2ClientCredentialsIsEnabled() bool

func (*ViperProvider) AuthenticatorOAuth2ClientCredentialsTokenURL ¶

func (v *ViperProvider) AuthenticatorOAuth2ClientCredentialsTokenURL() *url.URL

func (*ViperProvider) AuthenticatorOAuth2TokenIntrospectionIntrospectionURL ¶

func (v *ViperProvider) AuthenticatorOAuth2TokenIntrospectionIntrospectionURL() *url.URL

func (*ViperProvider) AuthenticatorOAuth2TokenIntrospectionIsEnabled ¶

func (v *ViperProvider) AuthenticatorOAuth2TokenIntrospectionIsEnabled() bool

func (*ViperProvider) AuthenticatorOAuth2TokenIntrospectionPreAuthorization ¶

func (v *ViperProvider) AuthenticatorOAuth2TokenIntrospectionPreAuthorization() *clientcredentials.Config

func (*ViperProvider) AuthenticatorOAuth2TokenIntrospectionScopeStrategy ¶

func (v *ViperProvider) AuthenticatorOAuth2TokenIntrospectionScopeStrategy() fosite.ScopeStrategy

func (*ViperProvider) AuthenticatorUnauthorizedIsEnabled ¶

func (v *ViperProvider) AuthenticatorUnauthorizedIsEnabled() bool

func (*ViperProvider) AuthorizerAllowIsEnabled ¶

func (v *ViperProvider) AuthorizerAllowIsEnabled() bool

func (*ViperProvider) AuthorizerDenyIsEnabled ¶

func (v *ViperProvider) AuthorizerDenyIsEnabled() bool

func (*ViperProvider) AuthorizerKetoEngineACPORYBaseURL ¶

func (v *ViperProvider) AuthorizerKetoEngineACPORYBaseURL() *url.URL

func (*ViperProvider) AuthorizerKetoEngineACPORYIsEnabled ¶

func (v *ViperProvider) AuthorizerKetoEngineACPORYIsEnabled() bool

func (*ViperProvider) CORSEnabled ¶

func (v *ViperProvider) CORSEnabled(iface string) bool

func (*ViperProvider) CORSOptions ¶

func (v *ViperProvider) CORSOptions(iface string) cors.Options

func (*ViperProvider) MutatorCookieIsEnabled ¶

func (v *ViperProvider) MutatorCookieIsEnabled() bool

func (*ViperProvider) MutatorHeaderIsEnabled ¶

func (v *ViperProvider) MutatorHeaderIsEnabled() bool

func (*ViperProvider) MutatorIDTokenIsEnabled ¶

func (v *ViperProvider) MutatorIDTokenIsEnabled() bool

func (*ViperProvider) MutatorIDTokenIssuerURL ¶

func (v *ViperProvider) MutatorIDTokenIssuerURL() *url.URL

func (*ViperProvider) MutatorIDTokenJWKSURL ¶

func (v *ViperProvider) MutatorIDTokenJWKSURL() *url.URL

func (*ViperProvider) MutatorIDTokenTTL ¶

func (v *ViperProvider) MutatorIDTokenTTL() time.Duration

func (*ViperProvider) MutatorNoopIsEnabled ¶

func (v *ViperProvider) MutatorNoopIsEnabled() bool

func (*ViperProvider) ProxyIdleTimeout ¶

func (v *ViperProvider) ProxyIdleTimeout() time.Duration

func (*ViperProvider) ProxyReadTimeout ¶

func (v *ViperProvider) ProxyReadTimeout() time.Duration

func (*ViperProvider) ProxyServeAddress ¶

func (v *ViperProvider) ProxyServeAddress() string

func (*ViperProvider) ProxyWriteTimeout ¶

func (v *ViperProvider) ProxyWriteTimeout() time.Duration

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL