GO-2022-1178: JWT leak in github.com/bradleyfalzon/ghinstallation
The highest tagged major version isv2.
ghinstallation
packagemoduleThis package is not in the latest version of its module.
Details
Validgo.mod file
The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
- Redistributable license
Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
- Tagged version
Modules with tagged versions give importers more predictable builds.
- Stable version
When a project reaches major version v1 it is considered stable.
- Learn more about best practices
Repository
Links
Open Source Insights
README¶
ghinstallation
ghinstallation providesTransport, which implementshttp.RoundTripper toprovide authentication as an installation for GitHub Apps.
This library is designed to provide automatic authentication forhttps://github.com/google/go-github or your own HTTP client.
Installation
Get the package:
go get -u github.com/bradleyfalzon/ghinstallationGitHub Example
import "github.com/bradleyfalzon/ghinstallation"func main() { // Shared transport to reuse TCP connections. tr := http.DefaultTransport // Wrap the shared transport for use with the app ID 1 authenticating with installation ID 99. itr, err := ghinstallation.NewKeyFromFile(tr, 1, 99, "2016-10-19.private-key.pem") if err != nil { log.Fatal(err) } // Use installation transport with github.com/google/go-github client := github.NewClient(&http.Client{Transport: itr})}GitHub Enterprise Example
For clients using GitHub Enterprise, set the base URL as follows:
import "github.com/bradleyfalzon/ghinstallation"const GitHubEnterpriseURL = "https://github.example.com/api/v3"func main() { // Shared transport to reuse TCP connections. tr := http.DefaultTransport // Wrap the shared transport for use with the app ID 1 authenticating with installation ID 99. itr, err := ghinstallation.NewKeyFromFile(tr, 1, 99, "2016-10-19.private-key.pem") if err != nil { log.Fatal(err) } itr.BaseURL = GitHubEnterpriseURL // Use installation transport with github.com/google/go-github client := github.NewEnterpriseClient(GitHubEnterpriseURL, GitHubEnterpriseURL, &http.Client{Transport: itr})}What is app ID and installation ID
app ID is the GitHub App ID.
You can check as following :
Settings > Developer > settings > GitHub App > About item
installation ID is a part of WebHook request.
You can get the number to check the request.
Settings > Developer > settings > GitHub Apps > Advanced > Payload in Requesttab
WebHook request... "installation": { "id": `installation ID` }License
Dependencies
Documentation¶
Index¶
- func GetReadWriter(i interface{}) (io.ReadWriter, error)
- type AppsTransport
- func NewAppsTransport(tr http.RoundTripper, appID int64, privateKey []byte) (*AppsTransport, error)
- func NewAppsTransportFromPrivateKey(tr http.RoundTripper, appID int64, key *rsa.PrivateKey) *AppsTransport
- func NewAppsTransportKeyFromFile(tr http.RoundTripper, appID int64, privateKeyFile string) (*AppsTransport, error)
- type Client
- type Transport
Constants¶
This section is empty.
Variables¶
This section is empty.
Functions¶
funcGetReadWriter¶added inv0.1.3
func GetReadWriter(i interface{}) (io.ReadWriter,error)GetReadWriter converts a body interface into an io.ReadWriter object.
Types¶
typeAppsTransport¶added inv0.1.2
type AppsTransport struct {BaseURLstring// BaseURL is the scheme and host for GitHub API, defaults tohttps://api.github.comClientClient// Client to use to refresh tokens, defaults to http.Client with provided transport// contains filtered or unexported fields}AppsTransport provides a http.RoundTripper by wrapping an existinghttp.RoundTripper and provides GitHub Apps authentication as aGitHub App.
Client can also be overwritten, and is useful to change to one whichprovides retry logic if you do experience retryable errors.
funcNewAppsTransport¶added inv0.1.2
func NewAppsTransport(trhttp.RoundTripper, appIDint64, privateKey []byte) (*AppsTransport,error)
NewAppsTransport returns a AppsTransport using private key. The key is parsedand if any errors occur the error is non-nil.
The provided tr http.RoundTripper should be shared between multipleinstallations to ensure reuse of underlying TCP connections.
The returned Transport's RoundTrip method is safe to be used concurrently.
funcNewAppsTransportFromPrivateKey¶added inv1.1.0
func NewAppsTransportFromPrivateKey(trhttp.RoundTripper, appIDint64, key *rsa.PrivateKey) *AppsTransport
NewAppsTransportFromPrivateKey returns an AppsTransport using a crypto/rsa.(*PrivateKey).
funcNewAppsTransportKeyFromFile¶added inv0.1.2
func NewAppsTransportKeyFromFile(trhttp.RoundTripper, appIDint64, privateKeyFilestring) (*AppsTransport,error)
NewAppsTransportKeyFromFile returns a AppsTransport using a private key from file.
typeClient¶
Client is a HTTP client which sends a http.Request and returns a http.Responseor an error.
typeTransport¶
type Transport struct {BaseURLstring// BaseURL is the scheme and host for GitHub API, defaults tohttps://api.github.comClientClient// Client to use to refresh tokens, defaults to http.Client with provided transportInstallationTokenOptions *github.InstallationTokenOptions// parameters restrict a token's access// contains filtered or unexported fields}Transport provides a http.RoundTripper by wrapping an existinghttp.RoundTripper and provides GitHub Apps authentication as aninstallation.
Client can also be overwritten, and is useful to change to one whichprovides retry logic if you do experience retryable errors.
funcNew¶
New returns an Transport using private key. The key is parsedand if any errors occur the error is non-nil.
The provided tr http.RoundTripper should be shared between multipleinstallations to ensure reuse of underlying TCP connections.
The returned Transport's RoundTrip method is safe to be used concurrently.
funcNewFromAppsTransport¶added inv1.1.0
func NewFromAppsTransport(atr *AppsTransport, installationIDint64) *Transport
NewFromAppsTransport returns a Transport using an existing *AppsTransport.
funcNewKeyFromFile¶
func NewKeyFromFile(trhttp.RoundTripper, appID, installationIDint64, privateKeyFilestring) (*Transport,error)
NewKeyFromFile returns a Transport using a private key from file.
func (*Transport)Permissions¶added inv0.1.3
func (t *Transport) Permissions() (github.InstallationPermissions,error)
Permissions returns a transport token's GitHub installation permissions.
func (*Transport)Repositories¶added inv0.1.3
func (t *Transport) Repositories() ([]github.Repository,error)
Repositories returns a transport token's GitHub repositories.
Source Files