GO-2024-3228: Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect') in github.com/coder/coder
The highest tagged major version isv2.
coderd
packageThis package is not in the latest version of its module.
Details
Validgo.mod file
The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
- Redistributable license
Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
- Tagged version
Modules with tagged versions give importers more predictable builds.
Stable versionWhen a project reaches major version v1 it is considered stable.
- Learn more about best practices
Repository
Links
Open Source Insights
Documentation¶
Index¶
Constants¶
const (PubsubEventLicenses = "licenses")Variables¶
var DefaultSupportLinks = []codersdk.LinkConfig{{Name: "Documentation",Target: "https://coder.com/docs/coder-oss",Icon: "docs",},{Name: "Report a bug",Target: "https://github.com/coder/coder/issues/new?labels=needs+grooming&body={CODER_BUILD_INFO}",Icon: "bug",},{Name: "Join the Coder Discord",Target: "https://coder.com/chat?utm_source=coder&utm_medium=coder&utm_campaign=server-footer",Icon: "chat",},}Functions¶
This section is empty.
Types¶
typeAPI¶added inv0.9.0
type API struct {AGPL *coderd.API*Options// ProxyHealth checks the reachability of all workspace proxies.ProxyHealth *proxyhealth.ProxyHealth// contains filtered or unexported fields}funcNew¶added inv0.9.0
New constructs an Enterprise coderd API instance.This handler is designed to wrap the AGPL Coder code andlayer Enterprise functionality on top as much as possible.
typeOptions¶added inv0.9.0
type Options struct {*coderd.OptionsRBACboolAuditLoggingbool// Whether to block non-browser connections.BrowserOnlyboolSCIMAPIKey []byte// Used for high availability.DERPServerRelayAddressstringDERPServerRegionIDint// Used for user quiet hours schedules.DefaultQuietHoursSchedulestring// cron schedule, if empty user quiet hours schedules are disabledEntitlementsUpdateIntervaltime.DurationProxyHealthIntervaltime.DurationKeys map[string]ed25519.PublicKey}typeSCIMUser¶added inv0.9.0
type SCIMUser struct {Schemas []string `json:"schemas"`IDstring `json:"id"`UserNamestring `json:"userName"`Name struct {GivenNamestring `json:"givenName"`FamilyNamestring `json:"familyName"`} `json:"name"`Emails []struct {Primarybool `json:"primary"`Valuestring `json:"value" format:"email"`Typestring `json:"type"`Displaystring `json:"display"`} `json:"emails"`Activebool `json:"active"`Groups []interface{} `json:"groups"`Meta struct {ResourceTypestring `json:"resourceType"`} `json:"meta"`}We currently use our own struct instead of using the SCIM package. This wasdone mostly because the SCIM package was almost impossible to use. We onlyneed these fields, so it was much simpler to use our own struct. This wastested only with Okta.
Source Files
Directories