Affected by GO-2023-1520 and 13 other vulnerabilities

GO-2023-1520: JWT audience claim is not verified in github.com/argoproj/argo-cd

GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

GO-2025-3433: Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd

GO-2025-3720: Argo CD allows cross-site scripting on repositories page in github.com/argoproj/argo-cd

GO-2025-3993: Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload in github.com/argoproj/argo-cd

GO-2025-3994: Repository Credentials Race Condition Crashes Argo CD Server in github.com/argoproj/argo-cd

GO-2025-3996: argo-cd vulnerable unauthenticated DoS via malformed Gogs webhook payload in github.com/argoproj/argo-cd

The highest tagged major version is v3.

util

package

v2.3.9 Latest Latest Go to latest Published: Oct 5, 2022 License: Apache-2.0 Imports: 3 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/argoproj/argo-cd

Links

Open Source Insights

Documentation ¶

Index ¶

func MakeSignature(size int) ([]byte, error)
func Wait(timeout uint, f func(chan<- bool)) bool

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func MakeSignature ¶

func MakeSignature(size int) ([]byte, error)

MakeSignature generates a cryptographically-secure pseudo-random token, based on a given number of random bytes, for signing purposes.

func Wait ¶

func Wait(timeout uint, f func(chan<- bool)) bool

Wait takes a check interval and timeout and waits for a function to return `true`. Wait will return `true` on success and `false` on timeout. The passed function, in turn, should pass `true` (or anything, really) to the channel when it's done. Pass `0` as the timeout to run infinitely until completion.

Types ¶

This section is empty.

Source Files ¶

View all Source files

util.go

Directories ¶

Path	Synopsis
app
discovery
path
argo
diff
managedfields
normalizers Code generated by github.com/argoproj/argo-cd/hack/known_types.	Code generated by github.com/argoproj/argo-cd/hack/known_types.
assets
buffered_context
cache
appstate
cert Utility functions for managing HTTPS server certificates and SSH known host entries for ArgoCD	Utility functions for managing HTTPS server certificates and SSH known host entries for ArgoCD
cli
clusterauth
collections
config
crypto
db
mocks
dex
env
errors
exec
git
mocks
glob
gpg
grpc
hash
healthz
helm
mocks
http
io
files
path
jwt
ksonnet
kube
kustomize
localconfig
log
lua
notification
argocd
expression
expression/repo
expression/shared
expression/strings
expression/time
k8s
settings
oidc
password
profile
proxy
rand
rbac
resource
security
session
settings
stats
swagger
templates
test
text
label
tls
webhook

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL