GO-2024-3228: Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect') in github.com/coder/coder
The highest tagged major version isv2.
wsproxysdk
packageThis package is not in the latest version of its module.
Details
Validgo.mod file
The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
- Redistributable license
Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
- Tagged version
Modules with tagged versions give importers more predictable builds.
Stable versionWhen a project reaches major version v1 it is considered stable.
- Learn more about best practices
Repository
Links
Open Source Insights
Documentation¶
Index¶
- type AgentIsLegacyResponse
- type Client
- func (c *Client) AgentIsLegacy(ctx context.Context, agentID uuid.UUID) (AgentIsLegacyResponse, error)
- func (c *Client) DialCoordinator(ctx context.Context) (agpl.MultiAgentConn, error)
- func (c *Client) DialWorkspaceAgent(ctx context.Context, agentID uuid.UUID, ...) (agentConn *codersdk.WorkspaceAgentConn, err error)
- func (c *Client) IssueSignedAppToken(ctx context.Context, req workspaceapps.IssueTokenRequest) (IssueSignedAppTokenResponse, error)
- func (c *Client) IssueSignedAppTokenHTML(ctx context.Context, rw http.ResponseWriter, ...) (IssueSignedAppTokenResponse, bool)
- func (c *Client) RegisterWorkspaceProxy(ctx context.Context, req RegisterWorkspaceProxyRequest) (RegisterWorkspaceProxyResponse, error)
- func (c *Client) Request(ctx context.Context, method, path string, body interface{}, ...) (*http.Response, error)
- func (c *Client) RequestIgnoreRedirects(ctx context.Context, method, path string, body interface{}, ...) (*http.Response, error)
- func (c *Client) SessionToken() string
- func (c *Client) SetSessionToken(token string) error
- func (c *Client) WorkspaceProxyGoingAway(ctx context.Context) error
- type CoordinateMessage
- type CoordinateMessageType
- type CoordinateNodes
- type IssueSignedAppTokenResponse
- type RegisterWorkspaceProxyRequest
- type RegisterWorkspaceProxyResponse
Constants¶
This section is empty.
Variables¶
This section is empty.
Functions¶
This section is empty.
Types¶
typeAgentIsLegacyResponse¶added inv0.26.2
typeClient¶
Client is a HTTP client for a subset of Coder API routes that externalproxies need.
func (*Client)AgentIsLegacy¶added inv0.26.2
func (*Client)DialCoordinator¶added inv0.26.2
func (*Client)DialWorkspaceAgent¶
func (c *Client) DialWorkspaceAgent(ctxcontext.Context, agentIDuuid.UUID, options *codersdk.DialWorkspaceAgentOptions) (agentConn *codersdk.WorkspaceAgentConn, errerror)
DialWorkspaceAgent calls the underlying codersdk.Client's DialWorkspaceAgentmethod.
func (*Client)IssueSignedAppToken¶
func (c *Client) IssueSignedAppToken(ctxcontext.Context, reqworkspaceapps.IssueTokenRequest) (IssueSignedAppTokenResponse,error)
IssueSignedAppToken issues a new signed app token for the provided apprequest. The error page will be returned as JSON. For use in externalproxies, use IssueSignedAppTokenHTML instead.
func (*Client)IssueSignedAppTokenHTML¶
func (c *Client) IssueSignedAppTokenHTML(ctxcontext.Context, rwhttp.ResponseWriter, reqworkspaceapps.IssueTokenRequest) (IssueSignedAppTokenResponse,bool)
IssueSignedAppTokenHTML issues a new signed app token for the provided apprequest. The error page will be returned as HTML in most cases, and will bewritten directly to the provided http.ResponseWriter.
func (*Client)RegisterWorkspaceProxy¶
func (c *Client) RegisterWorkspaceProxy(ctxcontext.Context, reqRegisterWorkspaceProxyRequest) (RegisterWorkspaceProxyResponse,error)
func (*Client)Request¶
func (c *Client) Request(ctxcontext.Context, method, pathstring, body interface{}, opts ...codersdk.RequestOption) (*http.Response,error)
Request wraps the underlying codersdk.Client's Request method.
func (*Client)RequestIgnoreRedirects¶
func (c *Client) RequestIgnoreRedirects(ctxcontext.Context, method, pathstring, body interface{}, opts ...codersdk.RequestOption) (*http.Response,error)
RequestIgnoreRedirects wraps the underlying codersdk.Client's Request methodon the client that ignores redirects.
func (*Client)SessionToken¶
SessionToken returns the currently set token for the client.
func (*Client)SetSessionToken¶
SetSessionToken sets the session token for the client. An error is returnedif the session token is not in the correct format for external proxies.
typeCoordinateMessage¶added inv0.26.2
type CoordinateMessage struct {TypeCoordinateMessageType `json:"type"`AgentIDuuid.UUID `json:"agent_id"`Node *agpl.Node `json:"node"`}typeCoordinateMessageType¶added inv0.26.2
type CoordinateMessageTypeint
const (CoordinateMessageTypeSubscribeCoordinateMessageType = 1 +iotaCoordinateMessageTypeUnsubscribeCoordinateMessageTypeNodeUpdate)
typeCoordinateNodes¶added inv0.26.2
typeIssueSignedAppTokenResponse¶
type IssueSignedAppTokenResponse struct {// SignedTokenStr should be set as a cookie on the response.SignedTokenStrstring `json:"signed_token_str"`}typeRegisterWorkspaceProxyResponse¶
type RegisterWorkspaceProxyResponse struct {AppSecurityKeystring `json:"app_security_key"`}
Source Files