GO-2023-1747: Hop-by-hop abuse to malform header mutator in github.com/ory/oathkeeper

helper

package

v0.35.0-alpha.1 Latest Latest Go to latest Published: Jan 13, 2020 License: Apache-2.0 Imports: 3 Imported by: 24

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ory/oathkeeper

Documentation ¶

Index ¶

Variables
func BearerTokenFromRequest(r *http.Request, tokenLocation *BearerTokenLocation) string
func DefaultBearerTokenFromRequest(r *http.Request) string
type BearerTokenLocation

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrForbidden = &herodot.DefaultError{
		ErrorField:  "Access credentials are not sufficient to access this resource",
		CodeField:   http.StatusForbidden,
		StatusField: http.StatusText(http.StatusForbidden),
	}
	ErrUnauthorized = &herodot.DefaultError{
		ErrorField:  "Access credentials are invalid",
		CodeField:   http.StatusUnauthorized,
		StatusField: http.StatusText(http.StatusUnauthorized),
	}
	ErrMatchesMoreThanOneRule = &herodot.DefaultError{
		ErrorField:  "Expected exactly one rule but found multiple rules",
		CodeField:   http.StatusInternalServerError,
		StatusField: http.StatusText(http.StatusInternalServerError),
	}
	ErrRuleFeatureDisabled = &herodot.DefaultError{
		ErrorField:  "The matched rule uses a feature which is not enabled in the server configuration",
		CodeField:   http.StatusInternalServerError,
		StatusField: http.StatusText(http.StatusInternalServerError),
	}
	ErrMatchesNoRule = &herodot.DefaultError{
		ErrorField:  "Requested url does not match any rules",
		CodeField:   http.StatusNotFound,
		StatusField: http.StatusText(http.StatusNotFound),
	}
	ErrResourceNotFound = &herodot.DefaultError{
		ErrorField:  "The requested resource could not be found",
		CodeField:   http.StatusNotFound,
		StatusField: http.StatusText(http.StatusNotFound),
	}
	ErrResourceConflict = &herodot.DefaultError{
		ErrorField:  "The request could not be completed due to a conflict with the current state of the target resource",
		CodeField:   http.StatusConflict,
		StatusField: http.StatusText(http.StatusConflict),
	}
	ErrBadRequest = &herodot.DefaultError{
		ErrorField:  "The request is malformed or contains invalid data",
		CodeField:   http.StatusBadRequest,
		StatusField: http.StatusText(http.StatusBadRequest),
	}
)

Functions ¶

func BearerTokenFromRequest ¶

func BearerTokenFromRequest(r *http.Request, tokenLocation *BearerTokenLocation) string

func DefaultBearerTokenFromRequest ¶ added in v0.39.0

func DefaultBearerTokenFromRequest(r *http.Request) string

Types ¶

type BearerTokenLocation ¶ added in v0.39.0

type BearerTokenLocation struct {
	Header         *string `json:"header"`
	QueryParameter *string `json:"query_parameter"`
	Cookie         *string `json:"cookie"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL