Affected by GO-2022-0783 and 4 other vulnerabilities

GO-2022-0783: JWT leak via Open Redirect in Programmatic access in github.com/pomerium/pomerium

GO-2022-0933: Incorrect handling of H2 GOAWAY + SETTINGS frames in github.com/pomerium/pomerium

GO-2023-1800: Pomerium vulnerable to Incorrect Authorization with specially crafted requests in github.com/pomerium/pomerium

GO-2024-2965: Pomerium exposed OAuth2 access and ID tokens in user info endpoint response in github.com/pomerium/pomerium

GO-2024-3179: Pomerium service account access token may grant unintended access to databroker API in github.com/pomerium/pomerium

urlutil

package

v0.3.0 Latest Latest Go to latest Published: Sep 1, 2019 License: Apache-2.0 Imports: 3 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/pomerium/pomerium

Links

Open Source Insights

Documentation ¶

Index ¶

func DeepCopy(u *url.URL) (*url.URL, error)
func ParseAndValidateURL(rawurl string) (*url.URL, error)
func StripPort(hostport string) string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DeepCopy ¶ added in v0.2.0

func DeepCopy(u *url.URL) (*url.URL, error)

func ParseAndValidateURL ¶ added in v0.1.0

func ParseAndValidateURL(rawurl string) (*url.URL, error)

ParseAndValidateURL wraps standard library's default url.Parse because it's much more lenient about what type of urls it accepts than pomerium.

func StripPort ¶

func StripPort(hostport string) string

StripPort returns a host, without any port number.

If Host is an IPv6 literal with a port number, Hostname returns the IPv6 literal without the square brackets. IPv6 literals may include a zone identifier.

Types ¶

This section is empty.

Source Files ¶

View all Source files

url.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL