Affected by GO-2023-2012 and 2 other vulnerabilities

GO-2023-2012: lakeFS vulnerable to Arbitrary JavaScript Injection via Direct Link to HTML Files in github.com/treeverse/lakefs

GO-2023-2397: User with permission to write actions can impersonate another user when auth token is configured in environment variable in github.com/treeverse/lakefs

GO-2024-2581: User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository in github.com/treeverse/lakefs

acl

package

v0.101.0 Latest Latest Go to latest Published: May 21, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/treeverse/lakefs

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func ACLPolicyName(groupID string) string
func ACLToStatement(acl model.ACL) (model.Statements, error)
func IsACLPolicyName(policyName string) bool
func WriteGroupACL(ctx context.Context, svc auth.Service, groupName string, acl model.ACL, ...) error

Constants ¶

View Source

const (
	// ACLRead allows reading the specified repositories, as well as
	// managing own credentials.
	ACLRead model.ACLPermission = "Read"
	// ACLWrite allows reading and writing the specified repositories,
	// as well as managing own credentials.
	ACLWrite model.ACLPermission = "Write"
	// ACLSuper allows reading, writing, and all other actions on the
	// specified repositories, as well as managing own credentials.
	ACLSuper model.ACLPermission = "Super"
	// ACLAdmin allows all operations, including all reading, writing,
	// and all other actions on all repositories, and managing
	// authorization and credentials of all users.
	ACLAdmin model.ACLPermission = "Admin"
)

View Source

const (
	ACLAdminsGroup  = "Admins"
	ACLSupersGroup  = "Supers"
	ACLWritersGroup = "Writers"
	ACLReadersGroup = "Readers"
)

View Source

const ACLPolicyPrefix = "ACL(_-_)"

Variables ¶

View Source

var (
	ACLPermissions = []model.ACLPermission{ACLRead, ACLWrite, ACLSuper, ACLAdmin}

	ErrBadACLPermission = fmt.Errorf("%w: Bad ACL permission", model.ErrValidationError)
)

Functions ¶

func ACLPolicyName ¶

func ACLPolicyName(groupID string) string

ACLPolicyName returns the policy identifier for the ACL for groupID.

func ACLToStatement ¶

func ACLToStatement(acl model.ACL) (model.Statements, error)

func IsACLPolicyName ¶

func IsACLPolicyName(policyName string) bool

func WriteGroupACL ¶

func WriteGroupACL(ctx context.Context, svc auth.Service, groupName string, acl model.ACL, creationTime time.Time, warnIfCreate bool) error

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL