sophie/nuke
1
0
Fork 0
Code Packages 1 Activity Actions
nuke/test
History
Xe Iaso 7ed1753fcc
fix(lib): close open redirect when in subrequest mode (#1222) 
* test(nginx-external-auth): bring up to code standards

Signed-off-by: Xe Iaso <me@xeiaso.net>

* fix(lib): close open redirect when in subrequest mode

Closes GHSA-cf57-c578-7jvv

Previously Anubis had an open redirect in subrequest auth mode due to an
insufficent fix in GHSA-jhjj-2g64-px7c. This patch adds additional
validation at several steps of the flow to prevent open redirects in
subrequest auth mode as well as implements automated testing to prevent
this from occuring in the future.

* docs: update CHANGELOG

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-10-29 16:07:31 -04:00
..
anubis_configs feat(config): add ability to customize HTTP status codes Anubis returns (#393) 2025-04-29 15:13:44 -04:00
caddy docs: add caddy docs (#423) 2025-05-02 19:15:05 +00:00
cmd fix(lib): enable multiple consecutive slash support (#1155) 2025-09-27 13:44:46 -04:00
default-config-macro feat: default config macro (#1186) 2025-10-13 11:33:16 -04:00
double_slash fix(lib): enable multiple consecutive slash support (#1155) 2025-09-27 13:44:46 -04:00
forced-language test: ensure FORCED_LANGUAGE works (#1083) 2025-09-05 22:07:17 +00:00
git-clone ci: fix tests (#1069) 2025-08-31 08:13:00 -04:00
git-push ci: fix tests (#1069) 2025-08-31 08:13:00 -04:00
healthcheck ci: fix tests (#1069) 2025-08-31 08:13:00 -04:00
i18n test: add automated Pale Moon tests (#903) 2025-07-25 11:42:08 -04:00
k8s Add check endpoint which can be used with nginx' auth_request function (#266) 2025-04-25 17:38:02 +00:00
lib ci: fix tests (#1069) 2025-08-31 08:13:00 -04:00
nginx-external-auth fix(lib): close open redirect when in subrequest mode (#1222) 2025-10-29 16:07:31 -04:00
palemoon ci: fix tests (#1069) 2025-08-31 08:13:00 -04:00
pki Add check endpoint which can be used with nginx' auth_request function (#266) 2025-04-25 17:38:02 +00:00
shared/www Add check endpoint which can be used with nginx' auth_request function (#266) 2025-04-25 17:38:02 +00:00
ssh-ci ci(ssh): don't print uname -av output (#1114) 2025-09-14 03:03:46 +00:00
unix-socket-xff feat(config): add ability to customize HTTP status codes Anubis returns (#393) 2025-04-29 15:13:44 -04:00
.gitignore feat: more elaborate XFF compute (#350) 2025-04-25 11:59:55 +00:00
go.mod build(deps): bump github.com/docker/docker in /test (#1130) 2025-09-16 16:22:28 -04:00
go.sum build(deps): bump github.com/docker/docker in /test (#1130) 2025-09-16 16:22:28 -04:00