Affected by GO-2022-0413 and 3 other vulnerabilities

GO-2022-0413: Exposure of Sensitive Information in Pomerium in github.com/pomerium/pomerium

GO-2023-1800: Pomerium vulnerable to Incorrect Authorization with specially crafted requests in github.com/pomerium/pomerium

GO-2024-2965: Pomerium exposed OAuth2 access and ID tokens in user info endpoint response in github.com/pomerium/pomerium

GO-2024-3179: Pomerium service account access token may grant unintended access to databroker API in github.com/pomerium/pomerium

authorize

package

v0.16.1 Latest Latest Go to latest Published: Jan 19, 2022 License: Apache-2.0 Imports: 50 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Package authorize is a pomerium service that is responsible for determining if a given request should be authorized (AuthZ).

This section is empty.

This section is empty.

This section is empty.

type Authorize struct {
	// contains filtered or unexported fields
}

Authorize struct holds

func New(cfg *config.Config) (*Authorize, error)

New validates and creates a new Authorize service from a set of config options.

func (a *Authorize) Check(ctx context.Context, in *envoy_service_auth_v3.CheckRequest) (out *envoy_service_auth_v3.CheckResponse, err error)

Check implements the envoy auth server gRPC endpoint.

func (a *Authorize) OnConfigChange(ctx context.Context, cfg *config.Config)

OnConfigChange updates internal structures based on config.Options

func (a *Authorize) Run(ctx context.Context) error

Run runs the authorize service.

func (a *Authorize) WaitForInitialSync(ctx context.Context) error

WaitForInitialSync blocks until the initial sync is complete.

Path	Synopsis
evaluator Package evaluator contains rego evaluators for evaluating authorize policy.	Package evaluator contains rego evaluators for evaluating authorize policy.
opa Package opa implements the policy evaluator interface to make authorization decisions.	Package opa implements the policy evaluator interface to make authorization decisions.