Affected by GO-2023-2012 and 8 other vulnerabilities

GO-2023-2012: lakeFS vulnerable to Arbitrary JavaScript Injection via Direct Link to HTML Files in github.com/treeverse/lakefs

GO-2023-2397: User with permission to write actions can impersonate another user when auth token is configured in environment variable in github.com/treeverse/lakefs

GO-2023-2398: lakeFS logs S3 credentials in plain text in github.com/treeverse/lakefs

GO-2024-2581: User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository in github.com/treeverse/lakefs

GO-2024-3291: Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion in github.com/treeverse/lakefs

GO-2025-3479: lakeFS allows an authenticated user to cause a crash by exhausting server memory in github.com/treeverse/lakefs

GO-2025-4090: lakeFS affected by unauthenticated access to API usage metrics in github.com/treeverse/lakefs

GO-2026-4321: lakeFS is Missing Timestamp Validation in S3 Gateway Authentication in github.com/treeverse/lakefs

GO-2026-4494: lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access in github.com/treeverse/lakefs

uri

package

v0.97.999 Latest Latest Go to latest Published: Mar 29, 2023 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/treeverse/lakefs

Links

Open Source Insights

Documentation ¶

Constants ¶

View Source

const (
	LakeFSSchema          = "lakefs"
	LakeFSSchemaSeparator = "://"
	PathSeparator         = "/"
)

Variables ¶

View Source

var (
	ErrMalformedURI     = errors.New("malformed lakefs uri")
	ErrInvalidRepoURI   = errors.New("not a valid repo uri")
	ErrInvalidRefURI    = errors.New("not a valid ref uri")
	ErrInvalidBranchURI = errors.New("not a valid branch uri")
	ErrInvalidPathURI   = errors.New("not a valid path uri")
)

Functions ¶

func Equals ¶

func Equals(a, b *URI) bool

func IsValid ¶

func IsValid(str string) bool

Types ¶

type URI ¶

type URI struct {
	// Repository is the name of the repository being addressed
	Repository string
	// Ref represents the reference in the repository (commit, tag, branch, etc.)
	Ref string
	// Path is a path to an object (or prefix of such) in lakeFS. It *could* be null since there's a difference between
	// 	an empty path ("lakefs://repo/branch/", and no path at all e.g. "lakefs://repo/branch").
	// 	Since path is the only URI part that is allowed to be empty, it is represented as a pointer.
	Path *string
}

func Must ¶

func Must(u *URI, e error) *URI

func Parse ¶

func Parse(s string) (*URI, error)

func ParseWithBaseURI ¶ added in v0.40.0

func ParseWithBaseURI(s string, baseURI string) (*URI, error)

ParseWithBaseURI parse URI uses base URI as prefix when set and input doesn't start with lakeFS protocol

func (*URI) GetPath ¶ added in v0.40.0

func (u *URI) GetPath() string

func (*URI) IsBranch ¶ added in v0.63.0

func (u *URI) IsBranch() bool

func (*URI) IsFullyQualified ¶

func (u *URI) IsFullyQualified() bool

func (*URI) IsRef ¶

func (u *URI) IsRef() bool

func (*URI) IsRepository ¶

func (u *URI) IsRepository() bool

func (*URI) String ¶

func (u *URI) String() string

Source Files ¶

View all Source files

parser.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL