GO-2024-3228: Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect') in github.com/coder/coder
The highest tagged major version isv2.
audit
packageThis package is not in the latest version of its module.
Details
Validgo.mod file
The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
- Redistributable license
Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
- Tagged version
Modules with tagged versions give importers more predictable builds.
Stable versionWhen a project reaches major version v1 it is considered stable.
- Learn more about best practices
Repository
Links
Open Source Insights
Documentation¶
Index¶
Constants¶
const (// ActionIgnore ignores diffing for the field.ActionIgnore = "ignore"// ActionTrack includes the value in the diff if the value changed.ActionTrack = "track"// ActionSecret includes a zero value of the same type if the value changed.// It lets you indicate that a value changed, but without leaking its// contents.ActionSecret = "secret")
Variables¶
var AuditActionMap = map[string][]codersdk.AuditAction{"GitSSHKey": {codersdk.AuditActionCreate},"Template": {codersdk.AuditActionWrite,codersdk.AuditActionDelete},"TemplateVersion": {codersdk.AuditActionCreate,codersdk.AuditActionWrite},"User": {codersdk.AuditActionCreate,codersdk.AuditActionWrite,codersdk.AuditActionDelete},"Workspace": {codersdk.AuditActionCreate,codersdk.AuditActionWrite,codersdk.AuditActionDelete},"WorkspaceBuild": {codersdk.AuditActionStart,codersdk.AuditActionStop},"Group": {codersdk.AuditActionCreate,codersdk.AuditActionWrite,codersdk.AuditActionDelete},"APIKey": {codersdk.AuditActionLogin,codersdk.AuditActionLogout,codersdk.AuditActionRegister,codersdk.AuditActionCreate,codersdk.AuditActionDelete},"License": {codersdk.AuditActionCreate,codersdk.AuditActionDelete},}
This mapping creates a relationship between an Auditable Resourceand the Audit Actions we track for that resource.It is important to maintain this mapping when adding a new Auditable Resource to theAuditableResources map (below) as our documentation - generated in scripts/auditdocgen/main.go -depends upon it.
var AuditableResources = auditMap(auditableResourcesTypes)AuditableResources contains a definitive list of all auditable resources andwhich fields are auditable. All resource types must be valid audit.Auditabletypes.
Functions¶
Types¶
typeBackend¶
type Backend interface {// Decision determines the FilterDecisions that the backend tolerates.Decision()FilterDecision// Export sends an audit log to the backend.Export(ctxcontext.Context, alogdatabase.AuditLog)error}Backends can store or send audit logs to arbitrary locations.
typeFilter¶
Filters produce a FilterDecision for a given audit log.
var DefaultFilterFilter =FilterFunc(func(ctxcontext.Context, alogdatabase.AuditLog) (FilterDecision,error) {returnFilterDecisionStore |FilterDecisionExport,nil})
DefaultFilter is the default filter used when exporting audit logs. It allowsstorage and exporting for all audit logs.
typeFilterDecision¶
type FilterDecisionuint8
FilterDecision is a bitwise flag describing the actions a given filter allowsfor a given audit log.
const (// FilterDecisionDrop indicates that the audit log should be dropped. It// should not be stored or exported anywhere.FilterDecisionDropFilterDecision = 0// FilterDecisionStore indicates that the audit log should be allowed to be// stored in the Coder database.FilterDecisionStoreFilterDecision = 1 <<iota// FilterDecisionExport indicates that the audit log should be exported// externally of Coder.FilterDecisionExport)
typeFilterFunc¶
FilterFunc constructs a Filter from a simple function.
func (FilterFunc)Check¶
func (fFilterFunc) Check(ctxcontext.Context, alogdatabase.AuditLog) (FilterDecision,error)
Source Files
Directories