Affected by GO-2022-0704 and 16 other vulnerabilities

GO-2022-0704: Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030) in github.com/goharbor/harbor

GO-2022-0785: "catalog's registry v2 api exposed on unauthenticated path in Harbor" in github.com/goharbor/harbor

GO-2022-0818: Missing Authorization in Harbor in github.com/goharbor/harbor

GO-2022-0853: SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor

GO-2022-0863: Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor

GO-2022-0865: Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor

GO-2022-0876: Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor

GO-2022-0883: SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor

GO-2023-2109: Harbor timing attack risk in github.com/goharbor/harbor

GO-2024-2915: Open Redirect URL in Harbor in github.com/goharbor/harbor

GO-2024-2916: SQL Injection in Harbor scan log API in github.com/goharbor/harbor

GO-2024-3013: Harbor fails to validate the user permissions when updating project configurations in github.com/goharbor/harbor

GO-2025-3825: Harbor repository description page has Cross-site Scripting vulnerability in github.com/goharbor/harbor

GO-2025-3826: Possible ORM Leak Vulnerability in the Harbor in github.com/goharbor/harbor

secret

package

v1.7.1 Latest Latest Go to latest Published: Jan 4, 2019 License: Apache-2.0 Imports: 3 Imported by: 203

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/goharbor/harbor

Links

Documentation ¶

Index ¶

Constants
func AddToRequest(req *http.Request, secret string) error
func FromRequest(req *http.Request) string
type Store
- func NewStore(secrets map[string]string) *Store
- func (s *Store) GetUsername(secret string) string
- func (s *Store) IsValid(secret string) bool

Constants ¶

View Source

const (
	// AdminserverUser is the name of adminserver user
	AdminserverUser = "harbor-adminserver"
	// JobserviceUser is the name of jobservice user
	JobserviceUser = "harbor-jobservice"
	// CoreUser is the name of ui user
	CoreUser = "harbor-core"
)

View Source

const HeaderPrefix = "Harbor-Secret "

HeaderPrefix is the prefix of the value of Authorization header. It has the space.

Variables ¶

This section is empty.

Functions ¶

func AddToRequest ¶ added in v1.5.0

func AddToRequest(req *http.Request, secret string) error

AddToRequest add the secret to request

func FromRequest ¶ added in v1.5.0

func FromRequest(req *http.Request) string

FromRequest tries to get Harbor Secret from request header. It will return empty string if the reqeust is nil.

Types ¶

type Store ¶

type Store struct {
	// contains filtered or unexported fields
}

Store the secrets and provides methods to validate secrets

func NewStore ¶

func NewStore(secrets map[string]string) *Store

NewStore ...

func (*Store) GetUsername ¶

func (s *Store) GetUsername(secret string) string

GetUsername returns the corresponding username of the secret

func (*Store) IsValid ¶

func (s *Store) IsValid(secret string) bool

IsValid returns whether the secret is valid

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL