Affected by GO-2024-3228 and 2 other vulnerabilities

GO-2024-3228: Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect') in github.com/coder/coder

GO-2025-3921: Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token in github.com/coder/coder

GO-2025-3938: Coder vulnerable to privilege escalation could lead to a cross workspace compromise in github.com/coder/coder

The highest tagged major version is v2.

awsidentity

package

v0.8.10 Latest Latest Go to latest Published: Aug 30, 2022 License: AGPL-3.0 Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/coder/coder

Links

Open Source Insights

Documentation ¶

Index ¶

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	All = []Region{Other, HongKong, Bahrain, CapeTown, Milan, China, GovCloud}
)

Functions ¶

This section is empty.

Types ¶

type Certificates ¶

type Certificates map[Region]string

Certificates hold public keys for various AWS regions. See:

type Identity ¶

type Identity struct {
	InstanceID string
	Region     Region
}

Identity represents a validated document and signature.

func Validate ¶

func Validate(signature, document string, certificates Certificates) (Identity, error)

Validate ensures the document was signed by an AWS public key. Regions that aren't provided in certificates will use defaults.

type Region ¶

type Region string

Region represents the AWS locations a public-key covers.

const (
	Other    Region = "other"
	HongKong Region = "hongkong"
	Bahrain  Region = "bahrain"
	CapeTown Region = "capetown"
	Milan    Region = "milan"
	China    Region = "china"
	GovCloud Region = "govcloud"
)

Source Files ¶

View all Source files

awsidentity.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL