Affected by GO-2024-3046 and 11 other vulnerabilities

GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos

GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos

GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos

GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos

GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos

GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos

GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos

GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos

GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos

GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos

s3

package

v0.21.0 Latest Latest Go to latest Published: Apr 9, 2024 License: MIT Imports: 13 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/usememos/memos

Links

Documentation ¶

Index ¶

Constants
type Client
- func NewClient(ctx context.Context, config *Config) (*Client, error)
- func (client *Client) PreSignLink(ctx context.Context, sourceLink string) (string, error)
- func (client *Client) UploadFile(ctx context.Context, filename string, fileType string, src io.Reader) (string, error)
type Config

Constants ¶

View Source

const LinkLifetime = 24 * time.Hour

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	Client *awss3.Client
	Config *Config
}

func NewClient ¶

func NewClient(ctx context.Context, config *Config) (*Client, error)

func (*Client) PreSignLink ¶ added in v0.19.1

func (client *Client) PreSignLink(ctx context.Context, sourceLink string) (string, error)

PreSignLink generates a pre-signed URL for the given sourceLink. If the link does not belong to the configured storage endpoint, it is returned as-is. If the link belongs to the storage, the function generates a pre-signed URL using the AWS S3 client.

func (*Client) UploadFile ¶

func (client *Client) UploadFile(ctx context.Context, filename string, fileType string, src io.Reader) (string, error)

type Config ¶

type Config struct {
	AccessKey string
	SecretKey string
	Bucket    string
	EndPoint  string
	Region    string
	URLPrefix string
	URLSuffix string
	PreSign   bool
}

Source Files ¶

View all Source files

s3.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL